Systém se hroutí, prosím o radu

Zpráva

notasss · #16 Příspěvek od **notasss** » 15 pro 2010 17:11

Podíval jsem se dovnitř a VHK je to spouštěcí soubor Volume hotkey - programu na ovládání hlasitosti klávesovou zkratkou, který jsem mimochodem smazal už před měsícem.
Takovýchto věcí tam bude jistě hodně, nevíte jestli existuje nějaký způsob, jak se podívat, kdy byl naspoledy soubor "využit" ( buď přímo spuště, nebo se stal prostředníkem ke spuštění jiného programu)? Jsem si jistý, že mám na disku soubory, které nebyly dlouhá léta použity, zbytky, které bych teoreticky mohl smazat, jenže nevím jestli nejsou něčeho součástí. Podle datumu to určit nelze, protože například u dynamických knihoven, i když jsou používány, tak se datum jejich poslední změny nemění. A já bych si nerad rozhasil ještě něco dalšího.

#17 Příspěvek od **motji** » 15 pro 2010 17:15

Jdeme na to

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

KillAll::

Driver::
bxuipgp

Collect::
C:\Documents and Settings\Fl\Data aplikací\jkgbkhjkv.bat
c:\windows\Jjehib.exe
c:\windows\system32\drivers\bxuipgp.sys
c:\documents and settings\Fl\Data aplikací\ohydy.exe

File::
c:\windows\system32\_sshnas21.dll_.vir

DDS::
uStart Page = hxxp://qip.ru/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie

Firefox::
FF - ProfilePath - c:\documents and settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

No máte tam chaos hlavně v antivirech, odvirujeme a dáme to do pořádku

notasss · #18 Příspěvek od **notasss** » 15 pro 2010 17:30

Udělal jsem to podle návodu, ale ten texťák nejde v combofix otevřít. Píše to "instalace se nezdařila". Co teď?

notasss · #19 Příspěvek od **notasss** » 15 pro 2010 17:44

Nemusí být u toho driveru přípona?

#20 Příspěvek od **motji** » 15 pro 2010 18:44

u driveru ne, ale nemáte špatně uložený skript?

notasss · #21 Příspěvek od **notasss** » 15 pro 2010 19:24

ComboFix 10-12-14.07 - Fl 5-XII-2010 19:06:40.2.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.789 [GMT 1:00]
Spuštěný z: c:\documents and settings\Fl\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Fl\Plocha\CFScript.txt.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FILE ::
"c:\windows\system32\_sshnas21.dll_.vir"

file zipped: c:\documents and settings\Fl\Data aplikací\jkgbkhjkv.bat
file zipped: c:\documents and settings\Fl\Data aplikací\ohydy.exe
file zipped: c:\windows\Jjehib.exe
file zipped: c:\windows\system32\drivers\bxuipgp.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Jjehib.exe
c:\windows\system32\_sshnas21.dll_.vir
c:\windows\system32\drivers\bxuipgp.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BXUIPGP
-------\Service_bxuipgp

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-15 do 2010-12-15 )))))))))))))))))))))))))))))))
.

2010-12-15 14:38 . 2010-12-15 14:38 -------- d-----w- c:\documents and settings\Fl\Local Settings\Data aplikací\ESET
2010-12-15 13:44 . 2010-12-15 13:44 -------- d-----w- C:\VritualRoot
2010-12-15 13:43 . 2010-12-15 18:02 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-12-15 13:32 . 2010-12-15 13:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo Downloader
2010-12-15 13:13 . 2010-12-15 13:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2010-12-15 13:06 . 2010-12-15 13:06 -------- d-----w- c:\windows\system32\cs-CZ
2010-12-15 13:01 . 2010-12-15 13:02 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.1
2010-12-15 12:48 . 2010-12-15 15:30 -------- d-----w- c:\program files\trend micro
2010-12-15 12:48 . 2010-12-15 12:49 -------- d-----w- C:\rsit
2010-12-15 12:30 . 2010-12-15 12:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2010-12-15 11:00 . 2010-12-15 11:25 -------- d-----w- c:\program files\QIP
2010-12-15 08:29 . 2010-12-15 08:29 -------- d-----w- c:\documents and settings\Fl\Data aplikací\IObit
2010-12-15 08:25 . 2010-12-15 08:25 -------- d-----w- c:\program files\ESET
2010-12-15 08:25 . 2010-12-15 08:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2010-12-15 08:19 . 2010-12-15 08:19 -------- d-----w- c:\program files\AutocompletePro
2010-12-15 08:19 . 2010-12-15 08:19 -------- d-----w- c:\program files\FLVTube Player
2010-12-15 08:11 . 2010-12-15 08:11 -------- d-----w- c:\program files\CCleaner
2010-12-15 08:05 . 2010-12-15 08:05 -------- d-----w- c:\program files\VS Revo Group
2010-12-15 07:28 . 2010-12-15 07:28 -------- d-----w- c:\documents and settings\Fl\Local Settings\Data aplikací\JockerSoft
2010-12-15 07:25 . 2010-12-15 07:25 -------- d-----w- c:\windows\Speeditup Free
2010-12-15 07:00 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-15 07:00 . 2010-12-15 18:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-15 07:00 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 06:58 . 2010-12-15 06:58 -------- d-----w- C:\avrescue
2010-12-15 06:37 . 2010-12-15 06:37 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Mozilla
2010-12-15 06:33 . 2010-12-15 06:33 376832 ----a-w- c:\windows\Jjehia.exe
2010-12-15 06:33 . 2010-12-15 07:06 -------- d-----w- c:\documents and settings\Fl\Data aplikací\updates
2010-12-15 04:40 . 2010-12-15 04:39 90112 --sha-r- c:\documents and settings\Fl\Data aplikací\ohydy.exe
2010-12-15 03:30 . 2010-12-15 04:27 -------- d-----w- c:\documents and settings\Fl\Data aplikací\Systweak
2010-12-15 03:28 . 2010-12-15 06:33 -------- d-----w- c:\program files\Advanced System Optimizer 3
2010-12-15 02:14 . 2010-12-15 06:00 -------- d-----w- c:\program files\NetScream
2010-12-15 02:13 . 2010-12-15 02:13 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-12-13 14:27 . 2010-12-13 14:27 -------- d-----w- c:\program files\ToniArts
2010-12-13 14:25 . 2004-07-15 23:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2010-12-13 14:25 . 2004-07-15 23:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2010-12-13 14:25 . 2004-07-15 23:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2010-12-13 14:25 . 2004-07-15 23:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2010-12-13 14:25 . 2004-07-15 23:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2010-12-13 14:25 . 2010-12-13 14:25 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2010-12-13 14:25 . 2010-12-13 14:25 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2010-12-08 09:34 . 2010-12-15 09:42 -------- d-----w- c:\program files\QIP Infium
2010-12-07 07:41 . 2010-12-07 07:41 174 ----a-w- c:\documents and settings\Fl\Data aplikací\jkgbkhjkv.bat
2010-12-04 21:54 . 2010-12-04 21:54 -------- d-----w- c:\program files\kdisk.co.kr
2010-12-02 07:01 . 2010-12-02 07:02 -------- d-----w- c:\documents and settings\Fl\Data aplikací\Desktop Sidebar
2010-12-02 06:58 . 2010-12-02 06:58 -------- d-----w- c:\program files\Desktop Sidebar
2010-11-29 02:07 . 2010-11-29 02:07 -------- d-----w- c:\program files\Microsoft Virtual PC
2010-11-21 21:49 . 2010-12-15 00:59 356 ----a-w- c:\windows\VHK.bat
2010-11-18 09:09 . 2010-11-18 09:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Apple
2010-11-16 08:09 . 2010-11-16 08:09 -------- d-----w- c:\documents and settings\Fl\Data aplikací\Apple Computer
2010-11-16 08:03 . 2010-11-22 17:31 -------- d-----w- c:\program files\QuickTime
2010-11-16 08:02 . 2010-11-16 08:02 -------- d-----w- c:\program files\Common Files\Apple
2010-11-16 08:02 . 2010-11-16 08:02 -------- d-----w- c:\documents and settings\Fl\Local Settings\Data aplikací\Apple
2010-11-16 08:02 . 2010-11-16 08:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
2010-11-16 08:02 . 2010-11-16 08:02 -------- d-----w- c:\documents and settings\Fl\Local Settings\Data aplikací\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-15 06:22 . 2010-11-04 17:33 165232 ---ha-w- c:\documents and settings\Fl\Data aplikací\Microsoft\Virtual PC\VPCKeyboard.dll
2010-10-08 20:42 . 2010-10-08 20:42 102400 ----a-r- c:\documents and settings\Fl\Data aplikací\Microsoft\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
2010-09-22 08:51 . 2010-09-22 08:51 122880 ----a-w- c:\windows\system32\NVCOSMB.DLL
2010-09-22 08:51 . 2007-02-14 15:27 453152 ----a-w- c:\windows\system32\nvusmb.exe
2010-09-22 08:51 . 2006-04-14 19:09 54784 ----a-w- c:\windows\system32\drivers\NVENETFD.sys
2010-09-22 08:51 . 2006-04-14 19:07 200704 ----a-w- c:\windows\system32\fdco1ins.dll
2010-09-22 08:51 . 2006-04-14 19:07 200704 ----a-w- c:\windows\system32\fdco1.dll
2010-09-22 08:51 . 2010-09-22 08:51 282624 ----a-w- c:\windows\system32\yk51x86.dll
2010-09-22 08:51 . 2007-02-14 15:34 39424 ----a-w- c:\windows\system32\drivers\amdk8.sys
2010-07-03 10:16 . 2010-09-09 15:29 375296 ----a-w- c:\program files\checkDisk.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-12-15_14.53.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-15 18:14 . 2010-12-15 18:14 16384 c:\windows\temp\Perflib_Perfdata_44c.dat
+ 2001-10-25 14:00 . 2010-12-15 18:07 83734 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2010-12-15 18:07 97578 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2010-12-15 18:07 493190 c:\windows\system32\perfh009.dat
+ 2001-10-25 14:00 . 2010-12-15 18:07 488084 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-26 328056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"SmartGuardian"="c:\program files\ITE\Smart Guardian\ITESmart.exe" [2003-09-30 180224]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UpdateService\isuspm.exe" [2004-04-17 196608]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-09 2029456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Fl\Nabˇdka Start\Programy\Po spuçtŘnˇ\AutorunsDisabled
Winamp.lnk - c:\program files\Winamp\winamp.exe [2010-6-28 1592672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-17 13:49 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 14:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\kdisk.co.kr\\KDisk(fast2)\\KdiskDown.exe"=
"c:\\Program Files\\kdisk.co.kr\\KDisk(fast2)\\NetAccelerator.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14-II-2007 16:56 639224]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [09-IV-2010 01:25 15464]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [09-IV-2010 01:25 225344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [09-IV-2010 01:25 25240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29-VII-2010 12:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [03-VIII-2010 12:28 95896]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23-IV-2007 12:03 82200]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [19-II-2010 17:00 148744]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [04-XI-2010 17:15 810144]
R2 NetAccelerator;NetAccelerator_Service;c:\program files\kdisk.co.kr\KDisk(fast2)\NetAccelerator.exe [21-X-2010 09:36 147968]
R3 iteio;iteio;c:\windows\system32\drivers\iteio.sys [14-II-2007 16:44 3680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-III-2010 12:16 130384]
S2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\drivers\SCRCAMHRDRV.sys [07-XI-2010 03:59 234800]
S3 ADASPROT;SYSTWEAKASO;\??\c:\program files\Advanced System Optimizer 3\adasprot32.sys --> c:\program files\Advanced System Optimizer 3\adasprot32.sys [?]
S3 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18-VII-2010 00:11 135336]
S3 cpnmouse;cpnmouse;c:\windows\system32\drivers\cpnmouse.sys [23-III-2009 19:13 5162]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21-VI-2007 16:21 30720]
S3 wip0202;Wippien Network Adapter;c:\windows\system32\drivers\wip0202.sys [13-XII-2009 05:23 23904]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-III-2010 12:16 753504]
S4 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 14:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-12-15 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-08-04 08:32]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Subscribe in Desktop Sidebar - c:\program files\Desktop Sidebar\sbhelp.dll/menuhandler.html
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: atdhe.net
Trusted Zone: atdhe.net\www
Trusted Zone: gamedesire.com\www
Trusted Zone: kb.cz
Trusted Zone: mifa.cz\www
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz\www
Trusted Zone: upc.cz\www
Trusted Zone: upcmoviequiz.com\www
FF - ProfilePath - c:\documents and settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\
FF - prefs.js: browser.startup.homepage - google.cz
FF - prefs.js: network.proxy.ftp - 155.246.12.163
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 155.246.12.163
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 129.82.12.188
FF - prefs.js: network.proxy.http_port - 3124
FF - prefs.js: network.proxy.socks - 155.246.12.163
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 155.246.12.163
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Auto Copy: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F} - %profile%\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
FF - Ext: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - %profile%\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Ext: ToolbarButtons: {03B08592-E5B4-45ff-A0BE-C1D975458688} - %profile%\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: AutocompletePro - Your handy search suggestions tool: support@predictad.com - %profile%\extensions\support@predictad.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-15 19:16
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

[HKEY_LOCAL_MACHINE\software\Xanthic\{290A6A8A-0F70-FC9A-A343-BE3AB91B8116}*_]
"fr"="078F597A455045"
"lr"="078F517F445142"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1160)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'lsass.exe'(1216)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'explorer.exe'(3464)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\program files\NVIDIA Corporation\nView\NVWRSCS.DLL
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NetLimiter 2 Pro\nlsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Exstora\Exstora.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\NetLimiter 2 Pro\NLClient.exe
.
**************************************************************************
.
Celkový čas: 2010-12-15 19:22:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-15 18:22
ComboFix2.txt 2010-12-15 15:00

Před spuštěním: 709 844 992
Po spuštění: 697 573 376

- - End Of File - - 2F2CBECBD76C5D98041426275242F201

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 5214

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

15-XII-2010 18:59:57
malware výsledky

Typ kontroly: Úplný test (C:\|D:\|E:\|)
Testované objekty: 227385
Uplynulý čas: 1 hodin, 26 minut, 11 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 11

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\Fl\local settings\Temp\609.exe (Backdoor.Bot) -> No action taken.
c:\documents and settings\Fl\local settings\Temp\931586.exe (Backdoor.Bot) -> No action taken.
c:\documents and settings\Fl\local settings\temporary internet files\Content.IE5\3D561K6M\binet[1].pf (Backdoor.Bot) -> No action taken.
c:\program files\checkdisk.exe (Trojan.Dropper.PGen) -> No action taken.
c:\program files\comodo\comodo internet security\quarantine\vsbntlo.exe (Backdoor.Bot) -> No action taken.
c:\system volume information\_restore{87f53f35-fa4c-48c4-ad4e-246f76911e4e}\RP1417\A0190828.exe (Backdoor.Bot) -> No action taken.
c:\system volume information\_restore{87f53f35-fa4c-48c4-ad4e-246f76911e4e}\RP1422\A0191314.exe (Backdoor.Bot) -> No action taken.
c:\system volume information\_restore{87f53f35-fa4c-48c4-ad4e-246f76911e4e}\RP1423\A0191536.exe (Backdoor.Bot) -> No action taken.
c:\system volume information\_restore{87f53f35-fa4c-48c4-ad4e-246f76911e4e}\RP1424\A0191538.exe (Backdoor.Bot) -> No action taken.
c:\documents and settings\Fl\data aplikací\ohydy.exe (Worm.Palevo) -> No action taken.
c:\documents and settings\Fl\local settings\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken.

#22 Příspěvek od **motji** » 15 pro 2010 19:49

V mbamu vše smažte.

Otestujte na www.virustotal.com
c:\windows\system32\drivers\sfi.dat

notasss · #23 Příspěvek od **notasss** » 15 pro 2010 19:56

c:\windows\system32\drivers\sfi.dat nic nenašlo...

notasss · #24 Příspěvek od **notasss** » 15 pro 2010 20:14

Ještě bych měl dotaz, než to dokončíme a rozloučíme se

. Mám Tu na disku Frameworks, a zabírají 600MB, není to trochu moc? Mám je tam nainstalovaný od verze 2.0 až do 4.0 , stalo by se něco, kdybych verzi 2 a 3 smazal a nechal tam jenom 4ku? A druhá věc, v Program Files mám složku PostgreSQL, která zabírá 1GB, tu tam taky musím mít?

#25 Příspěvek od **motji** » 15 pro 2010 20:19

Popravdě s těmi Framework nevím, já bych nechala asi všechny.
A s tím PostgreSQL jste mě taky dostal, využíváte ten program?

A teď zas chvilku já

.
Máte moc antivirů
V: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

Eset máte placený? Pokud ano, ponechejte Nod, comodo firewall a ostatní odinstalujte.
Až to budete mít, uděláte mi log z OTL a pak se ještě chvilku budu ptát

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

notasss · #26 Příspěvek od **notasss** » 15 pro 2010 21:18

OTL Extras logfile created on: 15-XII-2010 20:41:35 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = c:\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: dd-MMM-yyyy

1 022,00 Mb Total Physical Memory | 465,00 Mb Available Physical Memory | 45,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 0,99 Gb Free Space | 5,06% Space Free | Partition Type: NTFS
Drive D: | 9,76 Gb Total Space | 0,13 Gb Free Space | 1,33% Space Free | Partition Type: FAT32
Drive E: | 119,74 Gb Total Space | 3,44 Gb Free Space | 2,87% Space Free | Partition Type: NTFS

Computer Name: flint | User Name: Fl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-842925246-1177238915-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JpegResamplerDir] -- Reg Error: Key error.
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\kdisk.co.kr\KDisk(fast2)\KdiskDown.exe" = C:\Program Files\kdisk.co.kr\KDisk(fast2)\KdiskDown.exe:*:Enabled:KdiskDown.exe -- ((주)웹플러스)
"C:\Program Files\kdisk.co.kr\KDisk(fast2)\NetAccelerator.exe" = C:\Program Files\kdisk.co.kr\KDisk(fast2)\NetAccelerator.exe:*:Enabled:NetAccelerator.exe -- (ebase)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}" = Microsoft XNA Framework Redistributable 1.0 Refresh
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A389F44-8E35-49C8-9359-839A2B7550F5}" = Desktop Sidebar
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{56A36E76-B35F-4453-B899-9B2190A7B500}" = MySQL Server 5.0
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6C28B15F-B09D-407E-BE92-AC928E1CE4E2}_is1" = Kodek 0.16 CZ
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A31A5DFC-3439-48FC-99BB-5174168AE471}" = COMODO livePCsupport
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.1 - Czech
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CCF6C317-6428-4407-B52F-DD11B266EDC4}" = Visual C++ 8.0 Runtime Setup Package
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AutocompletePro3_is1" = AutocompletePro
"CCleaner" = CCleaner
"Comodo HopSurf Toolbar" = Comodo HopSurf
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"Exstora" = Exstora 1.4
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"FLVTube Player" = FLVTube Player
"Fraps" = Fraps (remove only)
"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker
"Glary Utilities_is1" = Glary Utilities 2.28.0.1011
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"IrfanView" = IrfanView (remove only)
"jv16 PowerTools 2010" = jv16 PowerTools 2010
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaInfo" = MediaInfo 0.7.34
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla ActiveX Control v1.7.1" = Mozilla ActiveX Control v1.7.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mp3tag" = Mp3tag v2.39
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NetLimiter 2 Pro" = NetLimiter 2 Pro (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.90
"Smart Guardian" = Smart Guardian
"STDU Viewer_is1" = STDU Viewer version 1.4.13.0
"SystemRequirementsLab" = System Requirements Lab
"TDP x-Ray" = TDP x-Ray
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"Unlocker" = Unlocker 1.9.0
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-842925246-1177238915-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"QIP Infium" = QIP Infium 3.0.9040
"QipGuard" = QIP Internet Guardian
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15-XII-2010 09:46:37 | Computer Name = flint | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 15-XII-2010 09:46:37 | Computer Name = flint | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 15-XII-2010 09:46:37 | Computer Name = flint | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 15-XII-2010 09:46:37 | Computer Name = flint | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 15-XII-2010 09:46:37 | Computer Name = flint | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 15-XII-2010 10:46:44 | Computer Name = flint | Source = Application Error | ID = 1000
Description = Chybující aplikace avgnt.exe, verze 10.0.13.17, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x0189aa60.

Error - 15-XII-2010 10:47:37 | Computer Name = flint | Source = Application Error | ID = 1000
Description = Chybující aplikace nlclient.exe, verze 1.0.14.1, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x00b1aa60.

Error - 15-XII-2010 14:01:30 | Computer Name = flint | Source = Application Error | ID = 1000
Description = Chybující aplikace , verze 0.0.0.0, chybující modul unknown, verze
0.0.0.0, adresa chyby 0x00000000.

Error - 15-XII-2010 14:01:31 | Computer Name = flint | Source = Application Error | ID = 1000
Description = Chybující aplikace , verze 0.0.0.0, chybující modul unknown, verze
0.0.0.0, adresa chyby 0x00000000.

Error - 15-XII-2010 15:24:52 | Computer Name = flint | Source = Application Error | ID = 1000
Description = Chybující aplikace plugin-container.exe, verze 1.9.2.3989, chybující
modul ntdll.dll, verze 5.1.2600.3520, adresa chyby 0x0000100b.

[ NetLimiter Events ]
Error - 04-V-2007 08:28:58 | Computer Name = flint | Source = NetLimiter 2 | ID = 1000
Description = NetLimiter trial expired.

Error - 05-V-2007 08:11:04 | Computer Name = flint | Source = NetLimiter 2 | ID = 1000
Description = NetLimiter trial expired.

Error - 06-V-2007 06:32:15 | Computer Name = flint | Source = NetLimiter 2 | ID = 1000
Description = NetLimiter trial expired.

Error - 29-IV-2009 11:52:31 | Computer Name = flint | Source = NetLimiter 2 | ID = 1000
Description = Listen on tcp failed: 1721

[ System Events ]
Error - 15-XII-2010 10:53:28 | Computer Name = flint | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: i2omgmt Imapi

Error - 15-XII-2010 14:03:57 | Computer Name = flint | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 15-XII-2010 14:04:53 | Computer Name = flint | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: AmdK8 avgio avipbb cmdGuard ehdrv Fips i2omgmt Imapi ssmdrv vmm

Error - 15-XII-2010 14:06:35 | Computer Name = flint | Source = Service Control Manager | ID = 7034
Description = Služba COMODO livePCsupport Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.

Error - 15-XII-2010 14:11:22 | Computer Name = flint | Source = PlugPlayManager | ID = 11
Description = Zařízení Root\LEGACY_BXUIPGP\0000 se již v systému nenachází, přestože
nebylo nejdříve připraveno k odebrání.

Error - 15-XII-2010 14:12:39 | Computer Name = flint | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 15-XII-2010 14:15:02 | Computer Name = flint | Source = Service Control Manager | ID = 7000
Description = Služba ScreenCamera HR neuspěla při spuštění v důsledku následující
chyby: %%1058

Error - 15-XII-2010 14:15:07 | Computer Name = flint | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: i2omgmt Imapi

Error - 15-XII-2010 14:15:41 | Computer Name = flint | Source = Service Control Manager | ID = 7011
Description = Vypršel časový limit (30000 milisekund) čekání na odezvu transakce
služby nvsvc.

Error - 15-XII-2010 14:17:01 | Computer Name = flint | Source = Service Control Manager | ID = 7031
Description = Služba Avira AntiVir Guard byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

< End of report >

notasss · #27 Příspěvek od **notasss** » 15 pro 2010 21:19

OTL logfile created on: 15-XII-2010 20:41:33 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = c:\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: dd-MMM-yyyy

1 022,00 Mb Total Physical Memory | 465,00 Mb Available Physical Memory | 45,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 0,99 Gb Free Space | 5,06% Space Free | Partition Type: NTFS
Drive D: | 9,76 Gb Total Space | 0,13 Gb Free Space | 1,33% Space Free | Partition Type: FAT32
Drive E: | 119,74 Gb Total Space | 3,44 Gb Free Space | 2,87% Space Free | Partition Type: NTFS

Computer Name: flint | User Name: Fl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010-12-15 20:32:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- c:\Downloads\OTL.exe
PRC - [2010-12-11 09:01:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-10-25 15:46:38 | 005,892,560 | ---- | M] () -- C:\Program Files\QIP Infium\infium.exe
PRC - [2010-10-25 15:46:36 | 000,190,928 | ---- | M] () -- C:\Documents and Settings\Fl\Data aplikací\QipGuard\QipGuard.exe
PRC - [2010-10-21 09:36:42 | 000,147,968 | ---- | M] (ebase) -- C:\Program Files\kdisk.co.kr\KDisk(fast2)\NetAccelerator.exe
PRC - [2010-10-19 08:26:20 | 003,139,000 | ---- | M] (VS Revo Group) -- C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
PRC - [2010-08-07 23:30:09 | 003,480,312 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\wincmd2\TOTALCMD.EXE
PRC - [2010-04-09 01:26:14 | 001,769,216 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010-04-09 01:26:02 | 002,029,456 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010-02-19 17:00:24 | 000,148,744 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
PRC - [2007-05-03 14:33:08 | 000,211,968 | ---- | M] (Exstora.com) -- C:\Program Files\Exstora\Exstora.exe
PRC - [2007-04-23 12:04:52 | 000,159,744 | ---- | M] (Locktime Software) -- C:\Program Files\NetLimiter 2 Pro\NLClient.exe
PRC - [2007-03-21 19:57:56 | 000,516,096 | ---- | M] (Locktime Software) -- C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
PRC - [2004-08-17 14:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-09-30 18:01:32 | 000,180,224 | ---- | M] (ITE Tech. Inc.) -- C:\Program Files\ITE\Smart Guardian\ITESmart.exe

========== Modules (SafeList) ==========

MOD - [2010-12-15 20:32:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- c:\Downloads\OTL.exe
MOD - [2010-07-09 15:24:26 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2010-07-07 22:54:56 | 000,293,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\nView\NVWRSCS.dll
MOD - [2010-07-07 22:52:42 | 002,307,688 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2010-04-09 01:26:12 | 000,277,240 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2006-08-25 16:51:20 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010-10-21 09:36:42 | 000,147,968 | ---- | M] (ebase) [Auto | Running] -- C:\Program Files\kdisk.co.kr\kdisk(fast2)\NetAccelerator.exe -- (NetAccelerator)
SRV - [2010-04-09 01:26:14 | 001,769,216 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010-03-18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010-03-18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-19 17:00:24 | 000,148,744 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS)
SRV - [2009-09-08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Disabled | Stopped] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2007-03-26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007-03-21 19:57:56 | 000,516,096 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Program Files\NetLimiter 2 Pro\nlsvc.exe -- (nlsvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir)
DRV - File not found [Kernel | Disabled | Running] -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv)
DRV - File not found [File_System | Disabled | Running] -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Advanced System Optimizer 3\adasprot32.sys -- (ADASPROT)
DRV - [2010-09-22 09:51:58 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2010-07-09 23:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010-04-09 01:25:48 | 000,086,800 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010-04-09 01:25:46 | 000,225,344 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010-04-09 01:25:46 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010-04-09 01:25:44 | 000,015,464 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2010-03-01 11:51:44 | 000,234,800 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SCRCAMHRDRV.sys -- (SCRCAMHRDRV)
DRV - [2010-02-11 13:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010-02-03 13:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007-06-27 15:23:30 | 000,023,904 | ---- | M] (Wippien Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wip0202.sys -- (wip0202)
DRV - [2007-06-21 16:21:58 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901_2gm.sys -- (tap0901_2gm)
DRV - [2007-04-23 12:03:04 | 000,082,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nltdi.sys -- (nltdi)
DRV - [2007-02-18 00:15:34 | 000,232,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2007-02-14 16:56:25 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007-01-29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2006-04-14 20:09:06 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005-07-26 07:01:56 | 000,415,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2005-07-26 06:58:30 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2004-08-19 07:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004-08-03 22:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004-08-03 21:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2003-11-28 13:04:20 | 000,005,162 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cpnmouse.sys -- (cpnmouse)
DRV - [2002-09-16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001-10-25 15:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001-10-25 15:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [1999-08-30 19:49:56 | 000,003,680 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iteio.sys -- (iteio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-842925246-1177238915-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-842925246-1177238915-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-842925246-1177238915-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://google.icq.com
IE - HKU\S-1-5-21-842925246-1177238915-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-842925246-1177238915-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
IE - HKU\S-1-5-21-842925246-1177238915-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-842925246-1177238915-725345543-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-842925246-1177238915-725345543-1003\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Fl\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-842925246-1177238915-725345543-1003\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - Reg Error: Value error. File not found
IE - HKU\S-1-5-21-842925246-1177238915-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Hunt TB Customized Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.selectedEngine: "QIP Search"
FF - prefs.js..browser.startup.homepage: "google.cz"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:1.0.1
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4
FF - prefs.js..extensions.enabledItems: {03B08592-E5B4-45ff-A0BE-C1D975458688}:0.6.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: QipCounter@qip.ru:1.0
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="
FF - prefs.js..network.proxy.ftp: "155.246.12.163"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "155.246.12.163"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "129.82.12.188"
FF - prefs.js..network.proxy.http_port: 3124
FF - prefs.js..network.proxy.socks: "155.246.12.163"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "155.246.12.163"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\{1DA0528B-1DD8-4167-BFAF-E0EF94939F93}: C:\Program Files\Comodo\HopSurfToolbar\hopsurfext_ff3_5 [2010-12-15 14:34:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-12-15 20:29:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-15 07:10:22 | 000,000,000 | ---D | M]

[2009-10-03 06:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Extensions
[2009-01-11 04:31:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2010-12-15 09:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\1amgq6zk.flint\extensions
[2010-08-03 22:06:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\1amgq6zk.flint\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-12-15 09:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\1amgq6zk.flint\extensions\support@predictad.com
[2010-12-15 20:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\extensions
[2010-07-23 07:58:29 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2010-07-20 02:13:54 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2010-09-04 07:31:11 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010-08-18 19:10:48 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2010-07-20 02:13:52 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2010-08-19 14:44:13 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010-07-20 02:13:54 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010-10-15 21:29:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010-02-05 08:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}-trash
[2010-11-04 19:07:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-11-12 06:03:14 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010-08-18 17:44:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\extensions\{f8454bbe-519f-4004-85c1-12d1b31988fc}
[2010-08-03 20:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\extensions\cssreloader@kenneth.io
[2010-12-15 20:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\extensions\QipCounter@qip.ru
[2010-11-12 06:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\extensions\smarterwiki@wikiatic.com
[2009-02-22 19:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\extensions\splitpannel@max.max
[2010-12-15 09:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\extensions\support@predictad.com
[2010-10-15 21:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\extensions\videosurf_enhanced@videosurf.com
[2010-07-20 01:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\extensions\vimperator@mozdev.org
[2010-06-08 10:37:24 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\searchplugins\conduit.xml
[2010-12-10 12:55:15 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\searchplugins\icqplugin-1.xml
[2010-02-03 13:37:50 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\searchplugins\icqplugin.xml
[2010-12-15 20:29:27 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\searchplugins\qip-search.xml
[2009-10-03 06:14:02 | 000,001,370 | ---- | M] () -- C:\Documents and Settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\searchplugins\winampsearch.xml
[2010-12-15 20:30:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-08-03 20:28:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009-07-17 09:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010-02-15 10:59:20 | 000,931,328 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPBOARDS.dll
[2010-02-15 10:57:12 | 000,681,464 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPBREAKOUT.dll
[2010-02-15 10:59:14 | 000,873,976 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPCARDS.dll
[2010-08-03 20:27:24 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009-11-16 16:23:30 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
[2009-08-31 13:10:16 | 000,591,352 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPROULETTE.dll
[2009-08-31 13:11:40 | 000,620,016 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPSOCCER.dll
[2009-08-31 13:10:10 | 000,509,432 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPSOLITAIRE.dll
[2010-06-28 22:40:10 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010-02-11 23:11:32 | 000,001,425 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Cetrumcz_igeared.xml
[2010-09-17 05:21:08 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010-09-17 05:21:08 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010-09-17 05:21:08 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010-09-17 05:21:08 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010-09-17 05:21:08 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010-12-15 19:16:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O2 - BHO: (QipLI Class) - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Documents and Settings\Fl\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll (TODO: <Company name>)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Fl\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - No CLSID value found.
O3 - HKLM\..\Toolbar: (HopSurf toolbar) - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\COMODO\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O3 - HKU\S-1-5-21-842925246-1177238915-725345543-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-842925246-1177238915-725345543-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-842925246-1177238915-725345543-1003\..\Toolbar\WebBrowser: (no name) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe (ITE Tech. Inc.)
O4 - HKU\S-1-5-21-842925246-1177238915-725345543-1003..\Run: [QIP Internet Guardian] C:\Documents and Settings\Fl\Data aplikací\QipGuard\QipGuard.exe ()
O4 - HKU\S-1-5-21-842925246-1177238915-725345543-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\AutorunsDisabled [2010-07-02 07:27:21 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Fl\Nabídka Start\Programy\Po spuštění\AutorunsDisabled [2010-07-18 02:14:30 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-1177238915-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-1177238915-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-842925246-1177238915-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-842925246-1177238915-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-842925246-1177238915-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Subscribe in Desktop Sidebar - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\COMODO\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-842925246-1177238915-725345543-1003\..Trusted Domains: atdhe.net ([]* in Důvěryhodné servery)
O15 - HKU\S-1-5-21-842925246-1177238915-725345543-1003\..Trusted Domains: atdhe.net ([www] http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-842925246-1177238915-725345543-1003\..Trusted Domains: gamedesire.com ([www] * in Důvěryhodné servery)
O15 - HKU\S-1-5-21-842925246-1177238915-725345543-1003\..Trusted Domains: gamedesire.com ([www] http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-842925246-1177238915-725345543-1003\..Trusted Domains: kb.cz ([]* in Důvěryhodné servery)
O15 - HKU\S-1-5-21-842925246-1177238915-725345543-1003\..Trusted Domains: mifa.cz ([www] http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-842925246-1177238915-725345543-1003\..Trusted Domains: mojebanka.cz ([]* in Důvěryhodné servery)
O15 - HKU\S-1-5-21-842925246-1177238915-725345543-1003\..Trusted Domains: mojebanka.cz ([www] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-842925246-1177238915-725345543-1003\..Trusted Domains: upc.cz ([www] http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-842925246-1177238915-725345543-1003\..Trusted Domains: upcmoviequiz.com ([www] http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-842925246-1177238915-725345543-1003\..Trusted Domains: upcmoviequiz.com ([www] https in Důvěryhodné servery)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Fl/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Fl\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fl\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-02-14 16:14:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative32) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.a3d - C:\WINDOWS\System32\a3d.dll (Aureal Semiconductor)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa - C:\WINDOWS\System32\divxa32.acm (build Pinky.cz)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3radius - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.ogg - C:\WINDOWS\System32\ogg.dll ()
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: msacm.vorbisenc - C:\WINDOWS\System32\vorbisenc.dll ()
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.div4 - C:\WINDOWS\System32\divxc32f.dll (Pinky.cz)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56590025235628032)

========== Files/Folders - Created Within 30 Days ==========

[2010-12-15 20:36:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010-12-15 20:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fl\Data aplikací\QipGuard
[2010-12-15 20:01:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-12-15 19:11:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010-12-15 15:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fl\Local Settings\Data aplikací\ESET
[2010-12-15 15:37:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-12-15 15:31:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-12-15 15:31:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-12-15 15:31:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-12-15 15:31:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-12-15 15:30:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-12-15 15:28:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-12-15 14:44:28 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2010-12-15 14:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Comodo Downloader
[2010-12-15 14:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2010-12-15 14:06:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cs-CZ
[2010-12-15 14:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla ActiveX Control v1.7.1
[2010-12-15 13:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010-12-15 13:48:28 | 000,000,000 | ---D | C] -- C:\rsit
[2010-12-15 13:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2010-12-15 12:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Google
[2010-12-15 12:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\QIP
[2010-12-15 09:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fl\Data aplikací\IObit
[2010-12-15 09:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\AutocompletePro
[2010-12-15 09:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\FLVTube Player
[2010-12-15 09:15:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fl\Recent
[2010-12-15 09:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010-12-15 09:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010-12-15 08:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fl\Local Settings\Data aplikací\JockerSoft
[2010-12-15 08:25:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Speeditup Free
[2010-12-15 08:00:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-12-15 08:00:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-12-15 08:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-12-15 07:58:57 | 000,000,000 | ---D | C] -- C:\avrescue
[2010-12-15 07:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Mozilla
[2010-12-15 07:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\Mozilla
[2010-12-15 07:33:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fl\Data aplikací\updates
[2010-12-15 04:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fl\Data aplikací\Systweak
[2010-12-15 04:28:03 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Optimizer 3
[2010-12-15 04:07:05 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010-12-15 03:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\NetScream
[2010-12-15 03:13:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010-12-13 15:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\ToniArts
[2010-12-08 10:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\QIP Infium
[2010-12-04 22:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\kdisk.co.kr
[2010-12-02 08:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fl\Data aplikací\Desktop Sidebar
[2010-12-02 07:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Desktop Sidebar
[2010-11-29 03:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fl\Dokumenty\My Virtual Machines
[2010-11-29 03:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Virtual PC
[2010-11-18 10:09:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Apple
[2010-11-16 09:09:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fl\Data aplikací\Apple Computer
[2010-11-16 09:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010-11-16 09:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010-11-16 09:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fl\Local Settings\Data aplikací\Apple
[2010-11-16 09:02:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Apple
[2010-11-16 09:02:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fl\Local Settings\Data aplikací\Apple Computer
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-12-15 20:53:58 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010-12-15 20:04:04 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\wugcpivq.sys
[2010-12-15 19:22:56 | 000,006,939 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010-12-15 19:16:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-12-15 19:15:44 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010-12-15 19:14:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-12-15 19:07:50 | 000,493,190 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-12-15 19:07:50 | 000,083,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-12-15 19:07:49 | 000,488,084 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010-12-15 19:07:49 | 000,097,578 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010-12-15 18:59:57 | 000,002,216 | ---- | M] () -- C:\malware výsledky
[2010-12-15 17:31:52 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010-12-15 16:33:38 | 000,000,098 | ---- | M] () -- C:\WINDOWS\ScreenHunter.INI
[2010-12-15 15:37:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010-12-15 15:19:50 | 003,990,715 | R--- | M] () -- C:\Documents and Settings\Fl\Plocha\ComboFix.exe
[2010-12-15 14:39:07 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\COMODO Internet Security.lnk
[2010-12-15 14:10:40 | 000,200,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-12-15 13:41:05 | 000,187,161 | ---- | M] () -- C:\chyba2.JPG
[2010-12-15 13:39:11 | 000,251,069 | ---- | M] () -- C:\chyba1.JPG
[2010-12-15 09:48:00 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2010-12-15 09:05:27 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Fl\Plocha\Revo Uninstaller.lnk
[2010-12-15 07:33:47 | 000,376,832 | ---- | M] () -- C:\WINDOWS\Jjehia.exe
[2010-12-15 06:56:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Fl\Data aplikací\.googlewebacchosts
[2010-12-15 04:19:59 | 000,000,289 | ---- | M] () -- C:\Documents and Settings\Fl\Dokumenty\ResHacker.ini
[2010-12-15 03:36:22 | 000,019,555 | -H-- | M] () -- C:\treeinfo.wc
[2010-12-15 03:31:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-12-15 03:21:47 | 000,000,568 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010-12-15 01:59:40 | 000,000,356 | ---- | M] () -- C:\WINDOWS\VHK.bat
[2010-12-11 09:17:27 | 000,186,199 | ---- | M] () -- C:\kudy_kudy_cesticka.wmv
[2010-12-10 21:14:31 | 000,101,376 | ---- | M] () -- C:\Documents and Settings\Fl\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-12-09 16:47:33 | 000,368,640 | ---- | M] () -- C:\bombic.xls
[2010-12-07 08:49:53 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Fl\Data aplikací\start
[2010-12-07 08:45:52 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Fl\Data aplikací\completescan
[2010-12-07 08:42:10 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Fl\Data aplikací\install
[2010-12-07 08:41:28 | 000,000,174 | ---- | M] () -- C:\Documents and Settings\Fl\Data aplikací\jkgbkhjkv.bat
[2010-11-29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-11-29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-11-29 09:54:51 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010-11-29 09:54:51 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010-11-29 09:53:20 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010-11-29 09:49:44 | 000,000,011 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010-11-22 12:08:17 | 056,139,161 | ---- | M] () -- C:\414afb07d78f1d2d5b1f7f677fcbda9a.wmv
[2010-11-17 05:03:46 | 002,344,879 | ---- | M] () -- C:\01-Pij_C3_A1novka.mp3
[2010-11-17 02:29:33 | 000,013,723 | ---- | M] () -- C:\ZNPTisicileti-02-Forte_a_piana.avi.torrent
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-12-15 20:04:04 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\wugcpivq.sys
[2010-12-15 18:59:57 | 000,002,216 | ---- | C] () -- C:\malware výsledky
[2010-12-15 17:31:52 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010-12-15 15:37:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010-12-15 15:37:25 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2010-12-15 15:31:16 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-12-15 15:31:15 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-12-15 15:31:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-12-15 15:31:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-12-15 15:31:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-12-15 15:18:03 | 003,990,715 | R--- | C] () -- C:\Documents and Settings\Fl\Plocha\ComboFix.exe
[2010-12-15 14:43:40 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010-12-15 14:39:07 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\COMODO Internet Security.lnk
[2010-12-15 13:41:04 | 000,187,161 | ---- | C] () -- C:\chyba2.JPG
[2010-12-15 13:39:11 | 000,251,069 | ---- | C] () -- C:\chyba1.JPG
[2010-12-15 09:48:00 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2010-12-15 09:05:27 | 000,000,935 | ---- | C] () -- C:\Documents and Settings\Fl\Plocha\Revo Uninstaller.lnk
[2010-12-15 07:33:58 | 000,376,832 | ---- | C] () -- C:\WINDOWS\Jjehia.exe
[2010-12-15 04:19:27 | 000,000,289 | ---- | C] () -- C:\Documents and Settings\Fl\Dokumenty\ResHacker.ini
[2010-12-15 03:29:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Fl\Data aplikací\.googlewebacchosts
[2010-12-15 03:19:12 | 000,000,568 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010-12-11 09:17:13 | 000,186,199 | ---- | C] () -- C:\kudy_kudy_cesticka.wmv
[2010-12-07 08:49:53 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Fl\Data aplikací\start
[2010-12-07 08:45:52 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Fl\Data aplikací\completescan
[2010-12-07 08:42:10 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Fl\Data aplikací\install
[2010-12-07 08:41:28 | 000,000,174 | ---- | C] () -- C:\Documents and Settings\Fl\Data aplikací\jkgbkhjkv.bat
[2010-11-22 12:07:02 | 056,139,161 | ---- | C] () -- C:\414afb07d78f1d2d5b1f7f677fcbda9a.wmv
[2010-11-21 22:49:12 | 000,000,356 | ---- | C] () -- C:\WINDOWS\VHK.bat
[2010-11-17 05:03:43 | 002,344,879 | ---- | C] () -- C:\01-Pij_C3_A1novka.mp3
[2010-11-17 02:29:33 | 000,013,723 | ---- | C] () -- C:\ZNPTisicileti-02-Forte_a_piana.avi.torrent
[2010-09-23 20:27:28 | 000,000,098 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2010-09-23 07:43:36 | 000,004,990 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\mtbjfghn.xbe
[2010-09-23 07:30:51 | 000,101,936 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010-09-09 17:56:44 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Fl\Data aplikací\Sys6925.Config Collection.sys
[2010-09-09 16:29:57 | 000,000,341 | ---- | C] () -- C:\Program Files\translate_info.txt
[2010-08-16 08:53:33 | 000,001,348 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2010-08-13 19:21:15 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\itevio.dll
[2010-08-03 23:07:12 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-08-03 23:07:08 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-08-03 23:07:07 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-08-03 23:07:05 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-08-03 15:51:26 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Player.INI
[2010-07-22 23:40:16 | 000,000,278 | ---- | C] () -- C:\WINDOWS\ImageInc.ini
[2010-07-19 15:27:26 | 000,001,275 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010-06-23 18:49:14 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Fl\Local Settings\Data aplikací\machpro.dat
[2009-12-27 03:01:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009-05-22 20:59:33 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\Fl\Local Settings\Data aplikací\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009-05-13 17:06:02 | 000,000,525 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2009-04-03 06:28:33 | 000,000,386 | ---- | C] () -- C:\WINDOWS\XLMSoft.ini
[2009-03-31 17:53:21 | 000,000,131 | ---- | C] () -- C:\WINDOWS\CRC.INI
[2009-03-30 18:52:32 | 000,005,085 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\nrqarzkn.tdg
[2009-02-27 23:54:08 | 000,000,042 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2009-02-27 23:53:37 | 000,000,015 | ---- | C] () -- C:\WINDOWS\Powerplayer.ini
[2008-12-29 09:53:16 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2008-11-08 12:35:07 | 000,101,376 | ---- | C] () -- C:\Documents and Settings\Fl\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-06-19 08:00:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\WTRDCTM.INI
[2008-06-19 08:00:01 | 000,002,753 | ---- | C] () -- C:\WINDOWS\UN32P.INI
[2008-06-19 07:59:03 | 000,001,678 | ---- | C] () -- C:\WINDOWS\MAILTRAN.INI
[2008-06-19 07:59:02 | 000,002,509 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2008-06-19 07:58:56 | 000,001,849 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2008-06-19 07:58:55 | 000,004,808 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2008-03-17 23:17:58 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008-03-13 11:46:08 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2008-03-13 11:46:08 | 000,035,328 | ---- | C] () -- C:\WINDOWS\cygz.dll
[2007-12-03 14:57:19 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2007-12-03 14:56:08 | 000,000,126 | ---- | C] () -- C:\WINDOWS\_delis43.ini
[2007-11-26 16:50:39 | 000,012,216 | ---- | C] () -- C:\WINDOWS\Trefik_Nast1.INI
[2007-11-26 16:49:49 | 000,013,518 | ---- | C] () -- C:\WINDOWS\Trefik_Nast.INI
[2007-07-22 11:03:55 | 000,000,310 | ---- | C] () -- C:\WINDOWS\SSC.INI
[2007-07-19 07:27:15 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007-05-06 18:34:29 | 000,002,466 | ---- | C] () -- C:\WINDOWS\elwave70.ini
[2007-04-27 16:38:51 | 000,000,089 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\.zreglib
[2007-04-11 00:36:54 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007-02-22 16:17:50 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pn.ini
[2007-02-22 16:17:50 | 000,000,051 | ---- | C] () -- C:\WINDOWS\pr.ini
[2007-02-15 11:09:49 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-02-15 11:02:03 | 000,000,266 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2007-02-15 10:59:10 | 000,000,140 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007-02-15 10:50:25 | 000,006,939 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007-02-14 16:56:25 | 000,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007-02-14 16:44:53 | 000,003,680 | R--- | C] () -- C:\WINDOWS\System32\drivers\iteio.sys
[2007-02-14 16:42:57 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006-03-16 05:44:09 | 000,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2006-01-08 15:53:24 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\hash2.dll
[2005-03-30 11:29:16 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\msvos.dll
[2003-07-16 13:09:32 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002-10-06 20:42:58 | 000,105,472 | ---- | C] () -- C:\WINDOWS\System32\oggds.dll
[2002-10-05 01:04:26 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002-10-05 01:04:26 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002-10-05 01:04:18 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002-06-06 01:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2002-05-17 22:18:30 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002-03-13 14:46:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

notasss · #28 Příspěvek od **notasss** » 15 pro 2010 21:20

[2009-03-02 17:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.flint\Data aplikací\Opera
[2010-07-18 00:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010-02-04 21:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Azureus
[2010-08-09 11:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2007-12-18 22:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2010-12-15 10:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IObit
[2009-11-20 04:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LangSoft
[2007-04-06 08:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Locktime
[2010-12-15 13:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2008-11-19 13:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Drivers HeadQuarters
[2009-12-13 09:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Drivers HeadQuarters Inc
[2010-12-15 10:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2009-03-04 01:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PPLive
[2009-02-27 23:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PPLiveVA
[2010-07-15 05:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Propellerhead Software
[2010-12-15 10:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\RapidSolution
[2007-02-15 10:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\ACD Systems
[2010-08-03 00:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Anvil Studio
[2010-04-28 20:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\AnvSoft
[2010-07-23 00:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Auslogics
[2010-07-08 09:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\avidemux
[2010-08-28 01:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Azureus
[2010-09-23 07:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Carambis
[2010-12-02 08:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Desktop Sidebar
[2010-08-12 02:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\DNA
[2009-05-22 20:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\DonationCoder
[2010-09-22 06:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\DVDVideoSoft
[2009-05-12 21:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\eBookPro6
[2010-07-30 21:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\EFSoftware
[2009-04-29 16:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\F-Secure
[2007-11-22 06:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\FDRLab
[2010-07-23 10:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\FileZilla
[2009-01-12 22:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Flock
[2009-12-10 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\GanymedeNet
[2010-09-23 07:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\GetRightToGo
[2010-08-12 02:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\GlarySoft
[2009-08-25 02:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\gtc
[2007-07-30 16:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\gtk-2.0
[2007-02-15 22:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\ICQLite
[2010-12-15 09:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\IObit
[2009-04-29 16:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\ispnews
[2008-04-20 13:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Jpeg Resampler
[2009-11-20 04:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\LangSoft
[2009-02-07 08:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Leadertech
[2007-04-20 21:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\LEGO Company
[2007-04-06 08:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Locktime
[2007-04-26 14:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Mc & RENOX
[2009-11-24 13:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Microgaming
[2008-12-17 09:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\MMToolz
[2010-10-11 07:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Moyea
[2007-12-29 15:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Mp3tag
[2007-12-18 22:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Nokia
[2007-02-15 10:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Opera
[2008-04-01 11:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Orbit
[2007-12-18 22:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\PC Suite
[2008-12-28 00:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\PDM
[2009-04-29 16:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\PEX
[2007-06-23 18:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Pexeso
[2009-02-27 23:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\PPLiveVA
[2009-02-28 22:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\PPMate
[2009-02-27 23:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\ppstream
[2010-07-15 05:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Propellerhead Software
[2007-03-30 16:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\PSC
[2010-08-18 19:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\QIP
[2010-12-15 20:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\QipGuard
[2009-02-17 16:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\RayV
[2010-09-22 06:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\ScreenCapturePrint
[2007-12-13 02:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\SlySoft
[2010-12-15 05:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Systweak
[2009-05-16 15:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Thunderbird
[2010-08-18 19:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\TS3Client
[2010-12-15 13:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Uniblue
[2010-12-15 08:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\updates
[2010-12-15 19:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\uTorrent
[2009-06-07 16:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\VitySoft
[2010-01-04 05:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Wippien
[2008-03-10 22:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\zbusoft
[2010-12-15 19:15:44 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"uTorrent" = "C:\Program Files\uTorrent\uTorrent.exe" -- [2010-09-26 03:40:51 | 000,328,056 | ---- | M] (BitTorrent, Inc.)
"QIP Internet Guardian" = C:\Documents and Settings\Fl\Data aplikací\QipGuard\QipGuard.exe -- [2010-10-25 15:46:36 | 000,190,928 | ---- | M] ()
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
"HotkeyP" = E:\Programy\Hotkey - Klávesové zkratky\HotkeyP.exe 0 -- [2008-07-15 17:33:02 | 000,065,536 | ---- | M] ()
"uTorrent" = "C:\Program Files\uTorrent\uTorrent.exe" -- [2010-09-26 03:40:51 | 000,328,056 | ---- | M] (BitTorrent, Inc.)

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2007-02-15 10:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\ACD Systems
[2010-07-18 00:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Adobe
[2010-08-03 00:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Anvil Studio
[2010-04-28 20:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\AnvSoft
[2010-11-16 09:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Apple Computer
[2010-07-23 00:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Auslogics
[2010-07-08 09:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\avidemux
[2010-08-28 01:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Azureus
[2010-09-23 07:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Carambis
[2010-12-15 14:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Comodo
[2010-12-02 08:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Desktop Sidebar
[2010-08-12 02:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\DNA
[2009-05-22 20:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\DonationCoder
[2010-09-22 06:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\DVDVideoSoft
[2009-05-12 21:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\eBookPro6
[2010-07-30 21:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\EFSoftware
[2009-04-29 16:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\F-Secure
[2010-08-25 00:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\FastStone
[2007-11-22 06:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\FDRLab
[2010-07-23 10:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\FileZilla
[2009-01-12 22:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Flock
[2009-12-10 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\GanymedeNet
[2010-09-23 07:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\GetRightToGo
[2010-08-12 02:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\GlarySoft
[2010-07-20 22:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Google
[2009-08-25 02:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\gtc
[2007-07-30 16:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\gtk-2.0
[2009-01-29 12:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Hamachi
[2007-10-08 01:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Help
[2007-02-15 22:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\ICQLite
[2007-02-14 16:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Identities
[2010-12-15 09:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\IObit
[2009-04-29 16:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\ispnews
[2007-10-04 17:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Joost
[2008-04-20 13:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Jpeg Resampler
[2009-11-20 04:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\LangSoft
[2009-02-07 08:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Leadertech
[2007-04-20 21:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\LEGO Company
[2007-04-06 08:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Locktime
[2007-02-15 12:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Macromedia
[2009-04-29 17:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Malwarebytes
[2007-04-26 14:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Mc & RENOX
[2010-12-15 09:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Media Player Classic
[2009-11-24 13:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Microgaming
[2010-11-04 18:33:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Fl\Data aplikací\Microsoft
[2010-08-13 13:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\mIRC
[2008-12-17 09:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\MMToolz
[2010-10-11 07:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Moyea
[2009-05-16 15:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Mozilla
[2007-12-29 15:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Mp3tag
[2007-12-18 22:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Nokia
[2007-02-15 10:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Opera
[2008-04-01 11:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Orbit
[2007-12-18 22:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\PC Suite
[2008-12-28 00:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\PDM
[2009-04-29 16:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\PEX
[2007-06-23 18:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Pexeso
[2009-02-27 23:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\PPLiveVA
[2009-02-28 22:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\PPMate
[2009-02-27 23:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\ppstream
[2010-07-15 05:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Propellerhead Software
[2007-03-30 16:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\PSC
[2010-08-18 19:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\QIP
[2010-12-15 20:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\QipGuard
[2009-02-17 16:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\RayV
[2007-07-30 13:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Real
[2010-09-22 06:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\ScreenCapturePrint
[2010-09-29 04:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Skype
[2010-09-29 04:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\skypePM
[2007-12-13 02:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\SlySoft
[2007-02-16 09:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Sun
[2010-12-15 05:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Systweak
[2009-05-16 15:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Talkback
[2009-05-16 15:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Thunderbird
[2010-08-18 19:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\TS3Client
[2010-12-15 13:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Uniblue
[2010-12-15 08:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\updates
[2010-12-15 19:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\uTorrent
[2009-06-07 16:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\VitySoft
[2009-03-03 18:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\vlc
[2010-12-15 09:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Winamp
[2009-01-08 03:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\WinRAR
[2010-01-04 05:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\Wippien
[2008-03-10 22:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fl\Data aplikací\zbusoft

< %APPDATA%\*.exe /s >
[2008-07-21 09:49:17 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Fl\Data aplikací\GanymedeNet\Online Games\Common\ielauncher.exe
[2007-02-15 10:53:53 | 000,018,718 | R--- | M] () -- C:\Documents and Settings\Fl\Data aplikací\Microsoft\Installer\{8315396A-5EA1-419D-BEC4-978284BDF556}\NewShortcut1_8315396A5EA1419DBEC4978284BDF556.exe
[2010-10-08 21:42:57 | 000,102,400 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Fl\Data aplikací\Microsoft\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
[2010-10-25 15:46:36 | 000,190,928 | ---- | M] () -- C:\Documents and Settings\Fl\Data aplikací\QipGuard\QipGuard.exe

< MD5 for: AGP440.SYS >
[2004-08-17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004-08-17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CDROM.SYS >
[2004-08-17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004-08-03 21:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004-08-17 14:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2004-08-17 14:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004-08-17 14:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2004-08-17 14:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004-08-17 14:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004-08-17 14:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004-08-17 14:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2004-08-17 14:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2004-08-17 14:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2004-08-17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004-08-03 21:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2004-08-17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2001-10-25 15:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004-08-17 14:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2004-08-17 14:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004-08-17 14:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2004-08-03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2004-08-03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004-08-03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009-02-06 19:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009-02-06 19:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004-08-17 14:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004-08-17 14:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004-08-17 14:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004-08-17 14:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004-08-17 14:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004-08-17 14:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004-08-17 14:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004-08-17 14:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2004-08-17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2004-08-17 14:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004-08-17 14:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004-08-17 14:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008-06-20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008-06-20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008-06-20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008-06-20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008-06-20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008-06-20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006-04-20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004-08-17 14:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004-08-17 14:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004-08-17 14:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004-08-17 14:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004-08-17 14:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004-08-17 14:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004-08-17 14:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2004-08-17 14:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004-08-17 14:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010-04-16 16:38:07 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010-04-16 16:38:07 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2007-02-14 16:56:25 | 000,639,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2007-02-14 16:38:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007-02-14 16:38:23 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007-02-14 16:38:23 | 000,462,848 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2010-04-16 16:38:07 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010-04-16 16:38:07 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >
[2010-12-15 20:04:04 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\wugcpivq.sys

< %systemroot%\system32\*.* /3 >
[2010-12-15 14:10:40 | 000,200,936 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2010-12-15 19:07:49 | 000,097,578 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2010-12-15 19:07:50 | 000,083,734 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010-12-15 19:07:49 | 000,488,084 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2010-12-15 19:07:50 | 000,493,190 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010-12-15 19:07:47 | 001,179,918 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010-12-15 03:31:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl

========== Files - Unicode (All) ==========
[2010-12-15 20:30:00 | 000,000,000 | ---D | M](C:\Documents and Settings\Fl\Data aplikac?) -- C:\Documents and Settings\Fl\Data aplikac�
[2010-12-15 20:30:00 | 000,000,000 | ---D | C](C:\Documents and Settings\Fl\Data aplikac?) -- C:\Documents and Settings\Fl\Data aplikac�

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مايكروسوفت

< End of report >

#29 Příspěvek od **motji** » 15 pro 2010 22:18

Něco pomažeme, ale budu se chvilku ptát.
Který antivir sjet si tedy nechal? Zbytek smažu.

Tyto programy používáte, znáte, nebo složky smazat?
C:\VritualRoot
C:\Documents and Settings\Fl\Local Settings\Data aplikací\JockerSoft
C:\WINDOWS\Speeditup Free
C:\avrescue
C:\Documents and Settings\Fl\Data aplikací\.googlewebacchosts
C:\Documents and Settings\Fl\Dokumenty\ResHacker.ini

notasss · #30 Příspěvek od **notasss** » 15 pro 2010 22:20

Myslím že nepoužívám ani jedno, a nechal jsem si jenom comodo.

VIRY.CZ

Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu