Rudy píše:Spusťte znovu OTL, a do dolního okna zkopírujte:
Pak klikněte na "Opravit".:files
C:\Windows\SysNative\qtplugin.exe
C:\Windows\SysWow64\0.7804226684580136.exe
C:\Windows\SysWow64\0.5191888499203189.exe
Toto jste provedl?
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Security tool
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Security tool
Toto jste provedl?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Security tool
Já dal před tím znovu Run Scan. Teď mám tady log z té opravy
========== FILES ==========
C:\Windows\SysNative\qtplugin.exe moved successfully.
C:\Windows\SysWow64\0.7804226684580136.exe moved successfully.
C:\Windows\SysWow64\0.5191888499203189.exe moved successfully.
OTL by OldTimer - Version 3.2.10.0 log created on 08192010_195216
========== FILES ==========
C:\Windows\SysNative\qtplugin.exe moved successfully.
C:\Windows\SysWow64\0.7804226684580136.exe moved successfully.
C:\Windows\SysWow64\0.5191888499203189.exe moved successfully.
OTL by OldTimer - Version 3.2.10.0 log created on 08192010_195216
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Security tool
OK, vše by mělo být smazané.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Security tool
Pořád se vir objevuje 
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Security tool
Konkrétně v kterých souborech?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Security tool
Ne konkrétně ne když zapnu počítač v normálním režimu ihned naskočí Security tool a začne mi všechny moje akce blokovat.
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Security tool
OK. Zkuste ještě jednou OTL s tímto skriptem:
:processes
explorer.exe
:files
C:\WINDOWS\Temp\wpv911257179558.exe
C:\DOCUME~1\ALLUSE~1\DATAAP~1\38877841
C:\WINDOWS\Temp\_ex-08.exe
C:\WINDOWS\system32\restorer32_a.exe
C:\Documents and Settings\Administrator\restorer32_a.exe
C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\zavupd32.exe
C:\Documents and Settings\All Users\Data aplikací\38877841
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"sysgif32"=-
"38877841"=-
"PromoReg"=-
"restorer32_a"=-
"Regedit32"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"restorer32_a"=-
:commands
[purity]
[emptytemp]
[resethosts]
[start explorer]
[Reboot]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Security tool
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File\Folder C:\WINDOWS\Temp\wpv911257179558.exe not found.
File\Folder C:\DOCUME~1\ALLUSE~1\DATAAP~1\38877841 not found.
File\Folder C:\WINDOWS\Temp\_ex-08.exe not found.
File\Folder C:\WINDOWS\system32\restorer32_a.exe not found.
File\Folder C:\Documents and Settings\Administrator\restorer32_a.exe not found.
File\Folder C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\zavupd32.exe not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\38877841 not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysgif32 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\38877841 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PromoReg not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\restorer32_a not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\restorer32_a not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Dolejsovi
->Temp folder emptied: 2679028 bytes
->Temporary Internet Files folder emptied: 11952594 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 262312608 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1454 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42494 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 264.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.10.0 log created on 08192010_222438
Files\Folders moved on Reboot...
C:\Users\Dolejsovi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File\Folder C:\WINDOWS\Temp\wpv911257179558.exe not found.
File\Folder C:\DOCUME~1\ALLUSE~1\DATAAP~1\38877841 not found.
File\Folder C:\WINDOWS\Temp\_ex-08.exe not found.
File\Folder C:\WINDOWS\system32\restorer32_a.exe not found.
File\Folder C:\Documents and Settings\Administrator\restorer32_a.exe not found.
File\Folder C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\zavupd32.exe not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\38877841 not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysgif32 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\38877841 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PromoReg not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\restorer32_a not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\restorer32_a not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Dolejsovi
->Temp folder emptied: 2679028 bytes
->Temporary Internet Files folder emptied: 11952594 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 262312608 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1454 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42494 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 264.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.10.0 log created on 08192010_222438
Files\Folders moved on Reboot...
C:\Users\Dolejsovi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Security tool
OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Security tool
Ne ne vše při starém.
Re: Security tool
Hezké dopoledne, záskok za kolegu 
.
Poprosím o nový log ze rsitu
.Poprosím o nový log ze rsitu
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Security tool
Dobrý den,tady je ten log
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File\Folder C:\WINDOWS\Temp\wpv911257179558.exe not found.
File\Folder C:\DOCUME~1\ALLUSE~1\DATAAP~1\38877841 not found.
File\Folder C:\WINDOWS\Temp\_ex-08.exe not found.
File\Folder C:\WINDOWS\system32\restorer32_a.exe not found.
File\Folder C:\Documents and Settings\Administrator\restorer32_a.exe not found.
File\Folder C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\zavupd32.exe not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\38877841 not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysgif32 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\38877841 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PromoReg not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\restorer32_a not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\restorer32_a not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Dolejsovi
->Temp folder emptied: 2679028 bytes
->Temporary Internet Files folder emptied: 11952594 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 262312608 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1454 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42494 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 264.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.10.0 log created on 08192010_222438
Files\Folders moved on Reboot...
C:\Users\Dolejsovi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File\Folder C:\WINDOWS\Temp\wpv911257179558.exe not found.
File\Folder C:\DOCUME~1\ALLUSE~1\DATAAP~1\38877841 not found.
File\Folder C:\WINDOWS\Temp\_ex-08.exe not found.
File\Folder C:\WINDOWS\system32\restorer32_a.exe not found.
File\Folder C:\Documents and Settings\Administrator\restorer32_a.exe not found.
File\Folder C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\zavupd32.exe not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\38877841 not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysgif32 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\38877841 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PromoReg not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\restorer32_a not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\restorer32_a not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Dolejsovi
->Temp folder emptied: 2679028 bytes
->Temporary Internet Files folder emptied: 11952594 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 262312608 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1454 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42494 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 264.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.10.0 log created on 08192010_222438
Files\Folders moved on Reboot...
C:\Users\Dolejsovi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Re: Security tool
to není log ze rsitu.Rsit jste určitě stahoval hned na začátku. Pokud ne, tak mi klikněte do podpisu na odkaz Rsit
. Podívám se, co tam ještě zůstává za breberku.Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Security tool
Logfile of random's system information tool 1.08 (written by random/random)
Run by Dolejsovi at 2010-08-20 09:19:13
Microsoft Windows 7 Home Premium
System drive C: has 112 GB (38%) free of 293 GB
Total RAM: 1977 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:19:14, on 20-Aug-10
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode with network support
Running processes:
C:\Users\Dolejsovi\Documents\Downloads\OTL.exe
C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Dolejsovi.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5i47j5v40o
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5i47j5v40o
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5i47j5v40o
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro prihlášení ke službe Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series] "C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Security Gateway] C:\Windows\system32\mslsgw.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [jsafesurf] C:\Windows\Help32\safesurf.exe
O4 - HKLM\..\Run: [download] "C:\Users\Dolejsovi\AppData\Roaming\download2\svcnost.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dolejsovi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [97642] "C:\Users\Dolejsovi\AppData\Local\97642.exe" 0 20
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Pridat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Pridat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12374 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Essentials\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
ctfmon.exe
"C:\Users\Dolejsovi\Documents\Downloads\OTL.exe"
"C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/ --channel=1864.00D8F000.693253886
"C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=cs --force-fieldtest=DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/ --channel=1864.00D8F480.586057261 --ignored=" --type=renderer "
"C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path=C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\5.0.375.126\gcswf32.dll --lang=cs --plugin-data-dir="C:\Users\Dolejsovi\AppData\Local\Google\Chrome\User Data\Default" --channel=1864.060751C0.1896120539
"C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_0/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/ --channel=1864.03D9B180.156475460
"C:\Users\Dolejsovi\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3746559321-3044178841-1834528131-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3746559321-3044178841-1834528131-1000UA.job
C:\Windows\tasks\Norton Security Scan for Dolejsovi.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2009-08-22 346736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll [2010-08-03 318960]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro prihlášení ke službe Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-22 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2010-08-03 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-22 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-01-10 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2009-08-22 346736]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2009-11-24 1536456]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-22 256112]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-05 186904]
"Acer ePower Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2009-08-06 828960]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2009-07-20 503864]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-08-12 165912]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-08-12 387608]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-08-12 365592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-14 1815848]
"lxctmon.exe"=C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe [2006-11-22 291760]
"EzPrint"=C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe [2006-11-22 82864]
"LXCTCATS"=rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCTtime.dll,RunDLLEntry []
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1446504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-08-22 39408]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"Google Update"=C:\Users\Dolejsovi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-07 135664]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"97642"=C:\Users\Dolejsovi\AppData\Local\97642.exe [2010-08-17 973312]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"=C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [2009-07-25 588648]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2009-08-18 825864]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Lexmark 5400 Series"=C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe [2006-11-22 304048]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-17 421888]
"Security Gateway"=C:\Windows\system32\mslsgw.exe []
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"NBAgent"=C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-03-26 1234216]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2010-07-21 141608]
"jsafesurf"=C:\Windows\Help32\safesurf.exe [2010-08-15 207872]
"download"=C:\Users\Dolejsovi\AppData\Roaming\download2\svcnost.exe [2010-08-17 46602]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-07-28 258560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\DOLEJS~1\AppData\Local\Temp\0.6414452954739305.exe"="C:\Users\DOLEJS~1\AppData\Local\Temp\0.6414452954739305.exe:*:Enabled:ldrsoft"
"C:\Users\Dolejsovi\AppData\Roaming\download2\svcnost.exe"="C:\Users\Dolejsovi\AppData\Roaming\download2\svcnost.exe:*:Enabled:ldrsoft"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-08-20 09:01:14 ----D---- C:\rsit
2010-08-19 21:40:08 ----SHD---- C:\found.000
2010-08-19 19:52:16 ----D---- C:\_OTL
2010-08-17 18:35:42 ----D---- C:\Users\Dolejsovi\AppData\Roaming\Malwarebytes
2010-08-17 18:35:32 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2010-08-17 18:35:31 ----D---- C:\ProgramData\Malwarebytes
2010-08-17 18:35:31 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-08-17 18:35:31 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-17 18:26:13 ----A---- C:\Windows\ntbtlog.txt
2010-08-17 18:12:20 ----D---- C:\Program Files\trend micro
2010-08-17 17:28:00 ----A---- C:\Windows\SYSWOW64\log.txt
2010-08-17 16:01:47 ----D---- C:\Users\Dolejsovi\AppData\Roaming\TuneUpMedia
2010-08-17 16:01:42 ----D---- C:\ProgramData\TuneUpMedia
2010-08-17 15:58:37 ----D---- C:\Users\Dolejsovi\AppData\Roaming\OpenCandy
2010-08-17 13:43:22 ----D---- C:\Users\Dolejsovi\AppData\Roaming\download2
2010-08-14 17:50:55 ----D---- C:\Users\Dolejsovi\AppData\Roaming\YoudaGames
2010-08-14 17:50:44 ----D---- C:\Windows\Help32
2010-08-14 17:50:40 ----D---- C:\Windows\SYSWOW64\weber
2010-08-14 17:50:36 ----D---- C:\Program Files (x86)\Youda Games
2010-08-12 13:36:23 ----A---- C:\Windows\SYSWOW64\schannel.dll
2010-08-12 13:36:23 ----A---- C:\Windows\system32\schannel.dll
2010-08-12 13:36:23 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-08-12 13:36:23 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-12 13:36:23 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-12 13:36:13 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-12 13:36:12 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-12 13:36:11 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2010-08-12 13:36:11 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2010-08-12 13:36:09 ----A---- C:\Windows\system32\mshtml.dll
2010-08-12 13:36:07 ----A---- C:\Windows\system32\ieframe.dll
2010-08-12 13:36:06 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-08-12 13:36:05 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-08-12 13:36:04 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-08-12 13:36:04 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-08-12 13:36:04 ----A---- C:\Windows\system32\wininet.dll
2010-08-12 13:36:04 ----A---- C:\Windows\system32\urlmon.dll
2010-08-12 13:36:03 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-08-12 13:36:03 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-08-12 13:36:03 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-08-12 13:36:03 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-08-12 13:36:03 ----A---- C:\Windows\system32\mstime.dll
2010-08-12 13:36:03 ----A---- C:\Windows\system32\ieui.dll
2010-08-12 13:36:03 ----A---- C:\Windows\system32\iepeers.dll
2010-08-12 13:36:03 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-12 13:36:02 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-08-12 13:36:02 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-08-12 13:36:02 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-08-12 13:36:02 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-12 13:36:02 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-12 13:36:02 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-12 13:35:11 ----A---- C:\Windows\SYSWOW64\iccvid.dll
2010-08-12 13:35:10 ----A---- C:\Windows\SYSWOW64\rtutils.dll
2010-08-12 13:35:10 ----A---- C:\Windows\system32\rtutils.dll
2010-08-12 13:35:09 ----A---- C:\Windows\system32\win32k.sys
2010-08-12 13:35:08 ----A---- C:\Windows\system32\msxml3.dll
2010-08-12 13:35:07 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2010-08-09 21:09:29 ----D---- C:\Program Files\iPod
2010-08-09 21:09:22 ----D---- C:\Program Files\iTunes
2010-08-08 15:40:31 ----D---- C:\Users\Dolejsovi\AppData\Roaming\Pro Cycling Manager 2010
2010-08-03 15:37:09 ----A---- C:\Windows\NeroDigital.ini
2010-08-03 15:34:06 ----D---- C:\Users\Dolejsovi\AppData\Roaming\Nero
2010-08-03 15:26:08 ----D---- C:\ProgramData\Nero
2010-08-03 15:25:21 ----D---- C:\Program Files (x86)\Nero
2010-08-03 13:51:45 ----A---- C:\Windows\system32\shell32.dll
2010-08-03 13:51:43 ----A---- C:\Windows\SYSWOW64\shell32.dll
2010-07-28 22:52:47 ----A---- C:\Windows\system32\drivers\appdrv01.sys
2010-07-28 22:52:47 ----A---- C:\Windows\system32\appdrvrem01.exe
2010-07-28 19:31:40 ----D---- C:\Program Files (x86)\Cyanide
2010-07-28 18:30:09 ----D---- C:\Users\Dolejsovi\AppData\Roaming\Ubisoft
2010-07-28 18:25:30 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2010-07-28 18:25:30 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-07-28 18:25:29 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2010-07-28 18:25:29 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-07-28 18:25:28 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2010-07-28 18:25:28 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-07-28 18:25:27 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2010-07-28 18:25:27 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2010-07-28 18:25:27 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-07-28 18:25:27 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-07-28 18:25:26 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-07-28 18:25:24 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-07-28 18:25:19 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2010-07-28 18:25:19 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-07-24 20:19:35 ----D---- C:\Users\Dolejsovi\AppData\Roaming\GHISLER
2010-07-24 20:19:35 ----D---- C:\totalcmd
2010-07-24 20:19:35 ----A---- C:\Windows\UC.PIF
2010-07-24 20:19:35 ----A---- C:\Windows\RAR.PIF
2010-07-24 20:19:35 ----A---- C:\Windows\PKZIP.PIF
2010-07-24 20:19:35 ----A---- C:\Windows\PKUNZIP.PIF
2010-07-24 20:19:35 ----A---- C:\Windows\NOCLOSE.PIF
2010-07-24 20:19:35 ----A---- C:\Windows\LHA.PIF
2010-07-24 20:19:35 ----A---- C:\Windows\ARJ.PIF
======List of files/folders modified in the last 1 months======
2010-08-19 22:26:34 ----D---- C:\Windows\Temp
2010-08-19 22:24:58 ----D---- C:\Windows\system32\drivers\etc
2010-08-19 21:26:56 ----RD---- C:\Program Files (x86)
2010-08-19 21:26:55 ----D---- C:\Windows\SysWOW64
2010-08-19 19:52:16 ----D---- C:\Windows\System32
2010-08-18 19:55:53 ----D---- C:\Windows\system32\config
2010-08-18 19:53:46 ----D---- C:\Program Files (x86)\GamesBar
2010-08-17 19:57:01 ----D---- C:\Windows\SYSWOW64\drivers
2010-08-17 18:35:31 ----HD---- C:\ProgramData
2010-08-17 18:35:31 ----D---- C:\Windows\system32\drivers
2010-08-17 18:26:13 ----D---- C:\Windows
2010-08-17 18:12:20 ----RD---- C:\Program Files
2010-08-17 17:48:19 ----SHD---- C:\System Volume Information
2010-08-17 17:33:13 ----D---- C:\Users\Dolejsovi\AppData\Roaming\uTorrent
2010-08-17 16:03:36 ----D---- C:\Users\Dolejsovi\AppData\Roaming\Mozilla
2010-08-17 16:02:16 ----D---- C:\Program Files (x86)\iTunes
2010-08-16 06:37:57 ----D---- C:\Windows\system
2010-08-14 11:12:43 ----D---- C:\Windows\Microsoft.NET
2010-08-14 11:12:31 ----RSD---- C:\Windows\assembly
2010-08-13 17:05:19 ----D---- C:\Windows\system32\catroot2
2010-08-13 07:42:15 ----D---- C:\Windows\winsxs
2010-08-13 07:40:26 ----D---- C:\Windows\SYSWOW64\migration
2010-08-13 07:40:26 ----D---- C:\Program Files\Internet Explorer
2010-08-13 07:40:26 ----D---- C:\Program Files (x86)\Internet Explorer
2010-08-13 07:40:25 ----D---- C:\Windows\system32\migration
2010-08-12 22:14:41 ----SHD---- C:\Windows\Installer
2010-08-12 22:14:38 ----D---- C:\ProgramData\Microsoft Help
2010-08-12 13:35:04 ----D---- C:\Windows\system32\catroot
2010-08-09 21:38:48 ----D---- C:\Windows\inf
2010-08-09 21:38:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-05 06:28:35 ----D---- C:\Windows\system32\wdi
2010-08-04 17:44:52 ----D---- C:\Windows\system32\Tasks
2010-08-04 08:10:49 ----D---- C:\Windows\system32\NDF
2010-08-03 20:52:33 ----A---- C:\Windows\system32\MRT.exe
2010-08-03 16:29:34 ----D---- C:\Windows\Prefetch
2010-08-03 15:25:29 ----D---- C:\Program Files (x86)\Common Files
2010-08-03 15:23:21 ----D---- C:\Program Files (x86)\The KMPlayer
2010-07-28 18:50:53 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-07-28 18:50:53 ----D---- C:\Program Files (x86)\Ubisoft
2010-07-28 18:30:09 ----D---- C:\ProgramData\Ubisoft
2010-07-28 18:02:39 ----D---- C:\ProgramData\DivX
2010-07-28 18:02:26 ----D---- C:\Program Files (x86)\DivX
2010-07-27 09:29:22 ----D---- C:\Program Files\Lx_cats
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-05 408600]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-07-16 1488384]
R3 DKbFltr;Dritek Keyboard Filter Driver (64-bit); C:\Windows\SysWOW64\Drivers\DKbFltr.sys [2009-03-26 25608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-05 18432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-07-14 273456]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-05 16896]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-27 834544]
S1 appdrv01;Application Driver (01); C:\Windows\System32\Drivers\appdrv01.sys [2010-07-28 3854000]
S1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 173984]
S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
S2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-11-16 47632]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladac portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Ovladac rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-07-01 98344]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2009-07-01 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-01 21160]
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2009-08-11 686080]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 33856]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-07-28 7345632]
S3 int15.sys;int15.sys; \??\C:\Windows\syswow64\OEM\Factory\int15.sys []
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 40832]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-05-14 5435904]
S3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2010-04-19 50688]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys []
S3 usbscan;Ovladac skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17424]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\Windows\System32\appdrvrem01.exe [2010-07-28 551896]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
S2 BcmSqlStartupSvc;Služba spouštení serveru SQL Server aplikace Business Contact Manager; C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
S2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-05-18 345376]
S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-18 864032]
S2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService; C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-19 136176]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-05 354840]
S2 IviRegMgr;IviRegMgr; C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
S2 lxct_device;lxct_device; C:\Windows\system32\lxctcoms.exe [2006-11-22 566192]
S2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-01-22 75064]
S2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2010-05-30 103736]
S2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
S2 RS_Service;Raw Socket Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]
S2 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-22 182768]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 654112]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1255736]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
-----------------EOF-----------------
Run by Dolejsovi at 2010-08-20 09:19:13
Microsoft Windows 7 Home Premium
System drive C: has 112 GB (38%) free of 293 GB
Total RAM: 1977 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:19:14, on 20-Aug-10
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode with network support
Running processes:
C:\Users\Dolejsovi\Documents\Downloads\OTL.exe
C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Dolejsovi.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5i47j5v40o
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5i47j5v40o
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5i47j5v40o
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro prihlášení ke službe Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series] "C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Security Gateway] C:\Windows\system32\mslsgw.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [jsafesurf] C:\Windows\Help32\safesurf.exe
O4 - HKLM\..\Run: [download] "C:\Users\Dolejsovi\AppData\Roaming\download2\svcnost.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dolejsovi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [97642] "C:\Users\Dolejsovi\AppData\Local\97642.exe" 0 20
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Pridat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Pridat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12374 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Essentials\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
ctfmon.exe
"C:\Users\Dolejsovi\Documents\Downloads\OTL.exe"
"C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/ --channel=1864.00D8F000.693253886
"C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=cs --force-fieldtest=DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/ --channel=1864.00D8F480.586057261 --ignored=" --type=renderer "
"C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path=C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\5.0.375.126\gcswf32.dll --lang=cs --plugin-data-dir="C:\Users\Dolejsovi\AppData\Local\Google\Chrome\User Data\Default" --channel=1864.060751C0.1896120539
"C:\Users\Dolejsovi\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_0/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/ --channel=1864.03D9B180.156475460
"C:\Users\Dolejsovi\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3746559321-3044178841-1834528131-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3746559321-3044178841-1834528131-1000UA.job
C:\Windows\tasks\Norton Security Scan for Dolejsovi.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2009-08-22 346736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll [2010-08-03 318960]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro prihlášení ke službe Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-22 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2010-08-03 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-22 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-01-10 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2009-08-22 346736]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2009-11-24 1536456]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-22 256112]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-05 186904]
"Acer ePower Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2009-08-06 828960]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2009-07-20 503864]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-08-12 165912]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-08-12 387608]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-08-12 365592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-14 1815848]
"lxctmon.exe"=C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe [2006-11-22 291760]
"EzPrint"=C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe [2006-11-22 82864]
"LXCTCATS"=rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCTtime.dll,RunDLLEntry []
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1446504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-08-22 39408]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"Google Update"=C:\Users\Dolejsovi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-07 135664]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"97642"=C:\Users\Dolejsovi\AppData\Local\97642.exe [2010-08-17 973312]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"=C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [2009-07-25 588648]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2009-08-18 825864]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Lexmark 5400 Series"=C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe [2006-11-22 304048]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-17 421888]
"Security Gateway"=C:\Windows\system32\mslsgw.exe []
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"NBAgent"=C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-03-26 1234216]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2010-07-21 141608]
"jsafesurf"=C:\Windows\Help32\safesurf.exe [2010-08-15 207872]
"download"=C:\Users\Dolejsovi\AppData\Roaming\download2\svcnost.exe [2010-08-17 46602]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-07-28 258560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\DOLEJS~1\AppData\Local\Temp\0.6414452954739305.exe"="C:\Users\DOLEJS~1\AppData\Local\Temp\0.6414452954739305.exe:*:Enabled:ldrsoft"
"C:\Users\Dolejsovi\AppData\Roaming\download2\svcnost.exe"="C:\Users\Dolejsovi\AppData\Roaming\download2\svcnost.exe:*:Enabled:ldrsoft"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-08-20 09:01:14 ----D---- C:\rsit
2010-08-19 21:40:08 ----SHD---- C:\found.000
2010-08-19 19:52:16 ----D---- C:\_OTL
2010-08-17 18:35:42 ----D---- C:\Users\Dolejsovi\AppData\Roaming\Malwarebytes
2010-08-17 18:35:32 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2010-08-17 18:35:31 ----D---- C:\ProgramData\Malwarebytes
2010-08-17 18:35:31 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-08-17 18:35:31 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-17 18:26:13 ----A---- C:\Windows\ntbtlog.txt
2010-08-17 18:12:20 ----D---- C:\Program Files\trend micro
2010-08-17 17:28:00 ----A---- C:\Windows\SYSWOW64\log.txt
2010-08-17 16:01:47 ----D---- C:\Users\Dolejsovi\AppData\Roaming\TuneUpMedia
2010-08-17 16:01:42 ----D---- C:\ProgramData\TuneUpMedia
2010-08-17 15:58:37 ----D---- C:\Users\Dolejsovi\AppData\Roaming\OpenCandy
2010-08-17 13:43:22 ----D---- C:\Users\Dolejsovi\AppData\Roaming\download2
2010-08-14 17:50:55 ----D---- C:\Users\Dolejsovi\AppData\Roaming\YoudaGames
2010-08-14 17:50:44 ----D---- C:\Windows\Help32
2010-08-14 17:50:40 ----D---- C:\Windows\SYSWOW64\weber
2010-08-14 17:50:36 ----D---- C:\Program Files (x86)\Youda Games
2010-08-12 13:36:23 ----A---- C:\Windows\SYSWOW64\schannel.dll
2010-08-12 13:36:23 ----A---- C:\Windows\system32\schannel.dll
2010-08-12 13:36:23 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-08-12 13:36:23 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-12 13:36:23 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-12 13:36:13 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-12 13:36:12 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-12 13:36:11 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2010-08-12 13:36:11 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2010-08-12 13:36:09 ----A---- C:\Windows\system32\mshtml.dll
2010-08-12 13:36:07 ----A---- C:\Windows\system32\ieframe.dll
2010-08-12 13:36:06 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-08-12 13:36:05 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-08-12 13:36:04 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-08-12 13:36:04 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-08-12 13:36:04 ----A---- C:\Windows\system32\wininet.dll
2010-08-12 13:36:04 ----A---- C:\Windows\system32\urlmon.dll
2010-08-12 13:36:03 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-08-12 13:36:03 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-08-12 13:36:03 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-08-12 13:36:03 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-08-12 13:36:03 ----A---- C:\Windows\system32\mstime.dll
2010-08-12 13:36:03 ----A---- C:\Windows\system32\ieui.dll
2010-08-12 13:36:03 ----A---- C:\Windows\system32\iepeers.dll
2010-08-12 13:36:03 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-12 13:36:02 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-08-12 13:36:02 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-08-12 13:36:02 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-08-12 13:36:02 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-12 13:36:02 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-12 13:36:02 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-12 13:35:11 ----A---- C:\Windows\SYSWOW64\iccvid.dll
2010-08-12 13:35:10 ----A---- C:\Windows\SYSWOW64\rtutils.dll
2010-08-12 13:35:10 ----A---- C:\Windows\system32\rtutils.dll
2010-08-12 13:35:09 ----A---- C:\Windows\system32\win32k.sys
2010-08-12 13:35:08 ----A---- C:\Windows\system32\msxml3.dll
2010-08-12 13:35:07 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2010-08-09 21:09:29 ----D---- C:\Program Files\iPod
2010-08-09 21:09:22 ----D---- C:\Program Files\iTunes
2010-08-08 15:40:31 ----D---- C:\Users\Dolejsovi\AppData\Roaming\Pro Cycling Manager 2010
2010-08-03 15:37:09 ----A---- C:\Windows\NeroDigital.ini
2010-08-03 15:34:06 ----D---- C:\Users\Dolejsovi\AppData\Roaming\Nero
2010-08-03 15:26:08 ----D---- C:\ProgramData\Nero
2010-08-03 15:25:21 ----D---- C:\Program Files (x86)\Nero
2010-08-03 13:51:45 ----A---- C:\Windows\system32\shell32.dll
2010-08-03 13:51:43 ----A---- C:\Windows\SYSWOW64\shell32.dll
2010-07-28 22:52:47 ----A---- C:\Windows\system32\drivers\appdrv01.sys
2010-07-28 22:52:47 ----A---- C:\Windows\system32\appdrvrem01.exe
2010-07-28 19:31:40 ----D---- C:\Program Files (x86)\Cyanide
2010-07-28 18:30:09 ----D---- C:\Users\Dolejsovi\AppData\Roaming\Ubisoft
2010-07-28 18:25:30 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2010-07-28 18:25:30 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-07-28 18:25:29 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2010-07-28 18:25:29 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-07-28 18:25:28 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2010-07-28 18:25:28 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-07-28 18:25:27 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2010-07-28 18:25:27 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2010-07-28 18:25:27 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-07-28 18:25:27 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-07-28 18:25:26 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-07-28 18:25:24 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-07-28 18:25:19 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2010-07-28 18:25:19 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-07-24 20:19:35 ----D---- C:\Users\Dolejsovi\AppData\Roaming\GHISLER
2010-07-24 20:19:35 ----D---- C:\totalcmd
2010-07-24 20:19:35 ----A---- C:\Windows\UC.PIF
2010-07-24 20:19:35 ----A---- C:\Windows\RAR.PIF
2010-07-24 20:19:35 ----A---- C:\Windows\PKZIP.PIF
2010-07-24 20:19:35 ----A---- C:\Windows\PKUNZIP.PIF
2010-07-24 20:19:35 ----A---- C:\Windows\NOCLOSE.PIF
2010-07-24 20:19:35 ----A---- C:\Windows\LHA.PIF
2010-07-24 20:19:35 ----A---- C:\Windows\ARJ.PIF
======List of files/folders modified in the last 1 months======
2010-08-19 22:26:34 ----D---- C:\Windows\Temp
2010-08-19 22:24:58 ----D---- C:\Windows\system32\drivers\etc
2010-08-19 21:26:56 ----RD---- C:\Program Files (x86)
2010-08-19 21:26:55 ----D---- C:\Windows\SysWOW64
2010-08-19 19:52:16 ----D---- C:\Windows\System32
2010-08-18 19:55:53 ----D---- C:\Windows\system32\config
2010-08-18 19:53:46 ----D---- C:\Program Files (x86)\GamesBar
2010-08-17 19:57:01 ----D---- C:\Windows\SYSWOW64\drivers
2010-08-17 18:35:31 ----HD---- C:\ProgramData
2010-08-17 18:35:31 ----D---- C:\Windows\system32\drivers
2010-08-17 18:26:13 ----D---- C:\Windows
2010-08-17 18:12:20 ----RD---- C:\Program Files
2010-08-17 17:48:19 ----SHD---- C:\System Volume Information
2010-08-17 17:33:13 ----D---- C:\Users\Dolejsovi\AppData\Roaming\uTorrent
2010-08-17 16:03:36 ----D---- C:\Users\Dolejsovi\AppData\Roaming\Mozilla
2010-08-17 16:02:16 ----D---- C:\Program Files (x86)\iTunes
2010-08-16 06:37:57 ----D---- C:\Windows\system
2010-08-14 11:12:43 ----D---- C:\Windows\Microsoft.NET
2010-08-14 11:12:31 ----RSD---- C:\Windows\assembly
2010-08-13 17:05:19 ----D---- C:\Windows\system32\catroot2
2010-08-13 07:42:15 ----D---- C:\Windows\winsxs
2010-08-13 07:40:26 ----D---- C:\Windows\SYSWOW64\migration
2010-08-13 07:40:26 ----D---- C:\Program Files\Internet Explorer
2010-08-13 07:40:26 ----D---- C:\Program Files (x86)\Internet Explorer
2010-08-13 07:40:25 ----D---- C:\Windows\system32\migration
2010-08-12 22:14:41 ----SHD---- C:\Windows\Installer
2010-08-12 22:14:38 ----D---- C:\ProgramData\Microsoft Help
2010-08-12 13:35:04 ----D---- C:\Windows\system32\catroot
2010-08-09 21:38:48 ----D---- C:\Windows\inf
2010-08-09 21:38:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-05 06:28:35 ----D---- C:\Windows\system32\wdi
2010-08-04 17:44:52 ----D---- C:\Windows\system32\Tasks
2010-08-04 08:10:49 ----D---- C:\Windows\system32\NDF
2010-08-03 20:52:33 ----A---- C:\Windows\system32\MRT.exe
2010-08-03 16:29:34 ----D---- C:\Windows\Prefetch
2010-08-03 15:25:29 ----D---- C:\Program Files (x86)\Common Files
2010-08-03 15:23:21 ----D---- C:\Program Files (x86)\The KMPlayer
2010-07-28 18:50:53 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-07-28 18:50:53 ----D---- C:\Program Files (x86)\Ubisoft
2010-07-28 18:30:09 ----D---- C:\ProgramData\Ubisoft
2010-07-28 18:02:39 ----D---- C:\ProgramData\DivX
2010-07-28 18:02:26 ----D---- C:\Program Files (x86)\DivX
2010-07-27 09:29:22 ----D---- C:\Program Files\Lx_cats
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-05 408600]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-07-16 1488384]
R3 DKbFltr;Dritek Keyboard Filter Driver (64-bit); C:\Windows\SysWOW64\Drivers\DKbFltr.sys [2009-03-26 25608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-05 18432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-07-14 273456]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-05 16896]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-27 834544]
S1 appdrv01;Application Driver (01); C:\Windows\System32\Drivers\appdrv01.sys [2010-07-28 3854000]
S1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 173984]
S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
S2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-11-16 47632]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladac portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Ovladac rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-07-01 98344]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2009-07-01 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-01 21160]
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2009-08-11 686080]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 33856]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-07-28 7345632]
S3 int15.sys;int15.sys; \??\C:\Windows\syswow64\OEM\Factory\int15.sys []
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 40832]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-05-14 5435904]
S3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2010-04-19 50688]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys []
S3 usbscan;Ovladac skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17424]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\Windows\System32\appdrvrem01.exe [2010-07-28 551896]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
S2 BcmSqlStartupSvc;Služba spouštení serveru SQL Server aplikace Business Contact Manager; C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
S2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-05-18 345376]
S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-18 864032]
S2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService; C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-19 136176]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-05 354840]
S2 IviRegMgr;IviRegMgr; C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
S2 lxct_device;lxct_device; C:\Windows\system32\lxctcoms.exe [2006-11-22 566192]
S2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-01-22 75064]
S2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2010-05-30 103736]
S2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
S2 RS_Service;Raw Socket Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]
S2 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-22 182768]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 654112]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1255736]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
-----------------EOF-----------------
Re: Security tool
Dejte soubor otestovat na http://www.virustotal.comC:\Windows\Help32\safesurf.exe
C:\Windows\system32\mslsgw.exe
-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače
A pak tu mršku zabijeme
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?