VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

facebook vir

https://forum.viry.cz:443/viewtopic.php?t=113319

Stránka 2 z 3

Re: facebook vir

Napsal: 19 črc 2011 19:50
od dorf
Zdravím, vidím tu moderátora online, a tak bych potřeboval napsat odpověď, kterou dostal uživatel na odkazu, http://www.viry.cz/forum/viewtopic.php? ... 94&start=0
protože mám absolutně stejný problém.

Re: facebook vir

Napsal: 19 črc 2011 19:51
od Caroprd111
dorf

Zdravím,
založte si prosím své vlastní téma, zde by to bylo nepřehledné.

Re: facebook vir

Napsal: 19 črc 2011 20:08
od misel111
tak já už nevím v nouzovém režimu jsem byl vše jsem spustil jak jste říkal ale po znovu restartování na mě opět žádný LAG nevyskočil

není třeba při zapnutí OTL a vložení skriptu není třeba ještě neco začkrtnout, při vypínání počítače mi odpočítává čas 1:00 a mam vše vypnout a vydím jak se tam vypisujou takový ty asi Lagy co potřebujete a po zapnutí pc to nemůžu nikde najít
tak já opravdu nevím

PS. přinejhorším budu muset pc odvést nějakému odborníkovi na opravu no :(

Re: facebook vir

Napsal: 19 črc 2011 20:10
od misel111
tak já už nevím v nouzovém režimu jsem byl vše jsem spustil jak jste říkal ale po znovu restartování na mě opět žádný LAG nevyskočil

není třeba při zapnutí OTL a vložení skriptu není třeba ještě neco začkrtnout, při vypínání počítače mi odpočítává čas 1:00 a mam vše vypnout a vydím jak se tam vypisujou takový ty asi Lagy co potřebujete a po zapnutí pc to nemůžu nikde najít
tak já opravdu nevím

PS. přinejhorším budu muset pc odvést nějakému odborníkovi na opravu no

Re: facebook vir

Napsal: 19 črc 2011 20:14
od Caroprd111
Obrázek Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229
  • Podle návodu v odkazu nainstalujte, poté dejte Rychlý sken.
  • Nic nemažte :!: MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
  • Log vložte sem.

Re: facebook vir

Napsal: 19 črc 2011 20:57
od misel111
trvalo to strašně dlouho, vše jsem dělal podle postupu, počítač jsem restartoval, celkem to tam našlo 6 infikovaných objektů ty jsem vymazal jak bylo napsano a log jsem taky uložil ale tedka nemůžu zase nikde najít ten LOG abych vám ho sem poslal

PS: ale zkusil jsem, zapnout facebook a ten se najednou otevřel :) :) :)

Re: facebook vir

Napsal: 19 črc 2011 20:58
od misel111
už jsem to asi našel jestli je to ono

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7204

Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106

19.7.2011 21:40:43
mbam-log-2011-07-19 (21-40-24).txt

Typ kontroly: Rychlý test
Testované objekty: 143411
Uplynulý čas: 13 minut, 57 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 2
Infikované hodnoty v registru: 2
Infikované datové položky v registru: 1
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\YA.T00LBAR (Spyware.Graball) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS (Malware.Trace) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} (Trojan.Downloader) -> Value: {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} (Trojan.Downloader) -> Value: {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} -> No action taken.

Infikované datové položky v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\WINDOWS\application data\wiaserva.log (Malware.Trace) -> No action taken.
c:\WINDOWS\SYSTEM32\mt_32.dll (Trojan.Agent) -> No action taken.

:D

Re: facebook vir

Napsal: 19 črc 2011 20:59
od Caroprd111
Obrázek Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu
  • Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys 
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys 
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys 
nvrd32.sys 
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop

C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X 
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav 
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe


HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5
  • Klikněte na tlačítko Run scan
  • Po dokončení, sem vložte logy OTL.Txt a Extras.txt

Re: facebook vir

Napsal: 19 črc 2011 21:06
od misel111
už se na tom pracuje
děkuji

Re: facebook vir

Napsal: 19 črc 2011 21:09
od Caroprd111
Zatím nemáte zač. :)

Re: facebook vir

Napsal: 19 črc 2011 21:11
od misel111
prosím vás je řešení tohoto problému ještě na dlouho zítra musím brzo stávat tak že bych zbytek dokončil zítra . Jestli bude zde na foru zítra třeba po 20:00 nebo dřív. Tak by jsme se mohli zde setkat a dokončit to zda by vám to nevadilo ???? jestli ono tak to dokončím dnes

Re: facebook vir

Napsal: 19 črc 2011 21:13
od Caroprd111
To se nedá říct, je možné, že to bude za hodinu, ale je také možné, že za 5. Není problém, já tu budu i zítra skoro celý den. :)

Re: facebook vir

Napsal: 19 črc 2011 21:15
od misel111
ok
když tu budete tak to není problém, dokončím to zítra

ještě jednou děkuji za obětavost, to se jen tak nevidí a za váš čas . Zítra na shledanou :)

Re: facebook vir

Napsal: 19 črc 2011 21:25
od misel111
tak jsem to dokončil ještě dneska ....... jak mám dále pokračovat prosím vás ???


EXTRAS.TXT

OTL Extras logfile created on: 19.7.2011 22:04:59 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\deda\Plocha
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000405 | Country: Czech Republic | Language: csy | Date Format: d.M.yyyy

255,48 Mb Total Physical Memory | 90,69 Mb Available Physical Memory | 35,50% Memory free
618,94 Mb Paging File | 332,35 Mb Available in Paging File | 53,70% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,36 Gb Total Space | 2,82 Gb Free Space | 30,11% Space Free | Partition Type: FAT32

Computer Name: U7K3J6 | User Name: deda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{023EC958-023C-42D1-B2A4-E9E4BEF599FC}" = SweetIM for Messenger 2.6
"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200F584F-848D-4B6B-B1A1-C74D735F18A4}" = InstallRTC
"{266C7330-C0F4-49E5-8F20-A56F9F822875}" = SweetIM Toolbar for Internet Explorer 3.3
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{519556CC-4382-4B35-80F5-DD8E9460EEAC}" = OpenOffice.org 2.3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{85B1BEF2-2357-4C27-ABBE-15A1AE3AF78D}" = HP Deskjet 5700
"{90280405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional s aplikací FrontPage
"{AC76BA86-7AD7-1029-7646-CE0000000001}" = Adobe Reader 6.0 CE
"{B81023A5-71ED-46EB-BE3B-9F974D1155F1}" = HP Software Update
"{BDC96E64-A010-4341-A072-47EFDBD6CFBA}" = Stronghold Crusader Demo
"{DF7DBA84-0A55-11D6-A0A6-6A7573736972}" = Polar ProTrainer
"{EDF89039-4925-43DC-8268-2800CF0A0AA1}" = Stronghold Crusader Multiplayer Demo
"{F07C011F-82D0-42CE-B2A6-28CD4BF385E2}" = Belkin 802.11g Wireless Card
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"avast!" = avast! Antivirus
"BabylonToolbar" = Babylon toolbar
"CCleaner" = CCleaner
"Czech Soccer Manager 2002 FE" = Czech Soccer Manager 2002 FE
"GameSpy Arcade" = GameSpy Arcade
"Hidden and Dangerous" = Hidden and Dangerous
"InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}" = CorelDRAW Graphics Suite 11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MoleInvasion" = MoleInvasion (remove only)
"MotoGP2_is1" = MotoGP2
"Opera 11.11.2109" = Opera 11.11
"PokerStars.net" = PokerStars.net
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Totalcmd" = Total Commander (Remove or Repair)
"Windows" = Odinstalace systému Windows XP

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 20.9.2009 15:49:31 | Computer Name = U7K3J6 | Source = avast! | ID = 33554522
Description =

Error - 31.8.2010 11:00:44 | Computer Name = U7K3J6 | Source = avast! | ID = 33554522
Description =

Error - 31.8.2010 11:00:44 | Computer Name = U7K3J6 | Source = avast! | ID = 33554522
Description =

Error - 31.8.2010 11:00:45 | Computer Name = U7K3J6 | Source = avast! | ID = 33554522
Description =

Error - 31.8.2010 11:00:45 | Computer Name = U7K3J6 | Source = avast! | ID = 33554522
Description =

Error - 31.8.2010 11:00:45 | Computer Name = U7K3J6 | Source = avast! | ID = 33554522
Description =

Error - 31.8.2010 11:00:47 | Computer Name = U7K3J6 | Source = avast! | ID = 33554522
Description =

Error - 31.8.2010 11:00:47 | Computer Name = U7K3J6 | Source = avast! | ID = 33554522
Description =

Error - 31.8.2010 11:00:47 | Computer Name = U7K3J6 | Source = avast! | ID = 33554522
Description =

Error - 31.8.2010 11:00:47 | Computer Name = U7K3J6 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 19.7.2011 14:32:52 | Computer Name = U7K3J6 | Source = Perflib | ID = 1015
Description = Časový limit čekání na shromáždění dat výkonu funkcí PerfProc v C:\WINDOWS\system32\perfproc.dll
knihovně vypršel. Potíže jsou pravděpodobně s rozšiřitelným čítačem nebo službou,
od které shromažďuje data, nebo byl systém při obdržení volání velice zaneprázdněn.

Error - 19.7.2011 14:51:26 | Computer Name = U7K3J6 | Source = EventSystem | ID = 4609
Description = Systém událostí modelu COM+ zjistil při vnitřním zpracovávání chybný
návratový kód. Hodnota HRESULT byla 8007043C z řádku 44 v d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.Obraťte
se na služby odborné pomoci společnosti Microsoft a informujte je o této chyb

Error - 19.7.2011 14:51:26 | Computer Name = U7K3J6 | Source = VSS | ID = 8193
Description = Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance
došlo k neočekávané chybě. hr= 0x80040206.

Error - 19.7.2011 14:54:00 | Computer Name = U7K3J6 | Source = Perflib | ID = 2002
Description = Procedura Open služby MSDTC v knihovně DLL C:\WINDOWS\system32\msdtcuiu.DLL
trvala déle, než čas určený pro čekání. Pravděpodobně došlo k potížím s tímto rozšířeným
čítačem nebo se službou, od níž získává čítač data, nebo byl systém při obdržení
volání velice zaneprázdněn.

Error - 19.7.2011 14:54:26 | Computer Name = U7K3J6 | Source = Perflib | ID = 1015
Description = Časový limit čekání na shromáždění dat výkonu funkcí TapiSrv v C:\WINDOWS\system32\tapiperf.dll
knihovně vypršel. Potíže jsou pravděpodobně s rozšiřitelným čítačem nebo službou,
od které shromažďuje data, nebo byl systém při obdržení volání velice zaneprázdněn.

Error - 19.7.2011 14:54:41 | Computer Name = U7K3J6 | Source = Perflib | ID = 2002
Description = Procedura Open služby WmiApRpl v knihovně DLL C:\WINDOWS\System32\wbem\wmiaprpl.dll
trvala déle, než čas určený pro čekání. Pravděpodobně došlo k potížím s tímto rozšířeným
čítačem nebo se službou, od níž získává čítač data, nebo byl systém při obdržení
volání velice zaneprázdněn.

Error - 19.7.2011 14:55:20 | Computer Name = U7K3J6 | Source = Perflib | ID = 1015
Description = Časový limit čekání na shromáždění dat výkonu funkcí PerfProc v C:\WINDOWS\system32\perfproc.dll
knihovně vypršel. Potíže jsou pravděpodobně s rozšiřitelným čítačem nebo službou,
od které shromažďuje data, nebo byl systém při obdržení volání velice zaneprázdněn.

Error - 19.7.2011 15:00:52 | Computer Name = U7K3J6 | Source = Perflib | ID = 2002
Description = Procedura Open služby WmiApRpl v knihovně DLL C:\WINDOWS\System32\wbem\wmiaprpl.dll
trvala déle, než čas určený pro čekání. Pravděpodobně došlo k potížím s tímto rozšířeným
čítačem nebo se službou, od níž získává čítač data, nebo byl systém při obdržení
volání velice zaneprázdněn.

Error - 19.7.2011 15:01:19 | Computer Name = U7K3J6 | Source = Perflib | ID = 1015
Description = Časový limit čekání na shromáždění dat výkonu funkcí PerfProc v C:\WINDOWS\system32\perfproc.dll
knihovně vypršel. Potíže jsou pravděpodobně s rozšiřitelným čítačem nebo službou,
od které shromažďuje data, nebo byl systém při obdržení volání velice zaneprázdněn.

Error - 19.7.2011 15:45:54 | Computer Name = U7K3J6 | Source = Perflib | ID = 1015
Description = Časový limit čekání na shromáždění dat výkonu funkcí PerfProc v C:\WINDOWS\system32\perfproc.dll
knihovně vypršel. Potíže jsou pravděpodobně s rozšiřitelným čítačem nebo službou,
od které shromažďuje data, nebo byl systém při obdržení volání velice zaneprázdněn.

[ System Events ]
Error - 19.7.2011 14:51:22 | Computer Name = U7K3J6 | Source = ACPI | ID = 327684
Description = AMLI: Systém ACPI BIOS se pokouší o čtení z nesprávné adresy V/V portu
(0x71), která se nachází v chráněném rozsahu adres 0x70 - 0x71. Následkem toho
může dojít k nestabilitě systému. Obraťte se na prodejce systému s žádostí o odbornou
pomoc.

Error - 19.7.2011 14:51:26 | Computer Name = U7K3J6 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 19.7.2011 14:51:50 | Computer Name = U7K3J6 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 19.7.2011 14:52:06 | Computer Name = U7K3J6 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 19.7.2011 14:53:44 | Computer Name = U7K3J6 | Source = ACPI | ID = 327685
Description = AMLI: Systém ACPI BIOS se pokouší o zápis na nesprávnou adresu V/V
portu (0x70), která se nachází v chráněném rozsahu adres 0x70 - 0x71. Následkem
toho může dojít k nestabilitě systému. Obraťte se na prodejce systému s žádostí
o odbornou pomoc.

Error - 19.7.2011 14:53:44 | Computer Name = U7K3J6 | Source = ACPI | ID = 327684
Description = AMLI: Systém ACPI BIOS se pokouší o čtení z nesprávné adresy V/V portu
(0x71), která se nachází v chráněném rozsahu adres 0x70 - 0x71. Následkem toho
může dojít k nestabilitě systému. Obraťte se na prodejce systému s žádostí o odbornou
pomoc.

Error - 19.7.2011 15:00:55 | Computer Name = U7K3J6 | Source = ACPI | ID = 327685
Description = AMLI: Systém ACPI BIOS se pokouší o zápis na nesprávnou adresu V/V
portu (0x70), která se nachází v chráněném rozsahu adres 0x70 - 0x71. Následkem
toho může dojít k nestabilitě systému. Obraťte se na prodejce systému s žádostí
o odbornou pomoc.

Error - 19.7.2011 15:00:55 | Computer Name = U7K3J6 | Source = ACPI | ID = 327684
Description = AMLI: Systém ACPI BIOS se pokouší o čtení z nesprávné adresy V/V portu
(0x71), která se nachází v chráněném rozsahu adres 0x70 - 0x71. Následkem toho
může dojít k nestabilitě systému. Obraťte se na prodejce systému s žádostí o odbornou
pomoc.

Error - 19.7.2011 15:45:33 | Computer Name = U7K3J6 | Source = ACPI | ID = 327685
Description = AMLI: Systém ACPI BIOS se pokouší o zápis na nesprávnou adresu V/V
portu (0x70), která se nachází v chráněném rozsahu adres 0x70 - 0x71. Následkem
toho může dojít k nestabilitě systému. Obraťte se na prodejce systému s žádostí
o odbornou pomoc.

Error - 19.7.2011 15:45:33 | Computer Name = U7K3J6 | Source = ACPI | ID = 327684
Description = AMLI: Systém ACPI BIOS se pokouší o čtení z nesprávné adresy V/V portu
(0x71), která se nachází v chráněném rozsahu adres 0x70 - 0x71. Následkem toho
může dojít k nestabilitě systému. Obraťte se na prodejce systému s žádostí o odbornou
pomoc.


< End of report >

Re: facebook vir

Napsal: 19 črc 2011 21:26
od misel111
OTL.TXT

OTL logfile created on: 19.7.2011 22:04:59 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\deda\Plocha
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000405 | Country: Czech Republic | Language: csy | Date Format: d.M.yyyy

255,48 Mb Total Physical Memory | 90,69 Mb Available Physical Memory | 35,50% Memory free
618,94 Mb Paging File | 332,35 Mb Available in Paging File | 53,70% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,36 Gb Total Space | 2,82 Gb Free Space | 30,11% Space Free | Partition Type: FAT32

Computer Name: U7K3J6 | User Name: deda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.07.19 20:16:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deda\Plocha\OTL.exe
PRC - [2011.06.22 18:29:14 | 000,941,936 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009.03.05 19:36:00 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
PRC - [2007.09.11 17:51:14 | 002,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
PRC - [2007.09.11 17:51:14 | 002,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
PRC - [2005.11.18 12:29:44 | 001,523,712 | ---- | M] (Belkin) -- C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\Belkinwcui.exe
PRC - [2005.06.20 19:47:32 | 001,004,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.03.04 16:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2004.02.18 19:55:28 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe


========== Modules (SafeList) ==========

MOD - [2011.07.19 20:16:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deda\Plocha\OTL.exe
MOD - [2009.03.05 19:35:32 | 000,023,864 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll
MOD - [2006.08.25 17:54:04 | 000,925,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1891_x-ww_7d3bbc01\comctl32.dll
MOD - [2006.07.11 18:35:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\SweetIM\Messenger\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2005.06.20 19:48:28 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\mspmspsv.dll -- (WmdmPmSp)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (txblwx)
DRV - [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009.02.05 22:06:10 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2005.08.26 13:39:08 | 000,352,768 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt61.sys -- (RT61)
DRV - [2005.07.07 15:26:04 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2003.07.24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\DNINDIS5.SYS -- (DNINDIS5)
DRV - [2002.09.20 17:43:42 | 000,607,104 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmnt.sys -- (ltmodem5)
DRV - [2002.08.29 01:32:44 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2002.08.28 23:00:54 | 000,137,088 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\essm2e.sys -- (Maestro) ESS Maestro2E Audio Driver (WDM)
DRV - [2001.10.24 12:04:44 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smcirda.sys -- (SMCIRDA)
DRV - [2001.10.24 11:46:00 | 000,289,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\atimpab.sys -- (atimpab)
DRV - [2001.08.17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 21:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss ... ffID=17981

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = http://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)


[2008.08.19 20:43:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.03.10 18:33:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.12.19 16:52:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.12.19 16:50:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.10 19:40:14 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2011.07.19 20:58:16 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (&Rádio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [QuickTime Task] File not found
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [ICQ] File not found
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Belkin Wireless Utility.lnk = C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\deda\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O15 - HKCU\..Trusted Domains: ([]msn in Tento počítač)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/webplayer/stag ... taller.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Win32 Classes Reg Error: Key error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM32\msdxm.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\ldr.exe) - File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\deda\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\deda\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.07.23 08:51:38 | 000,000,133 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - C:\WINDOWS\SYSTEM32\mspmspsv.dll (Microsoft Corporation)

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\IAC25_32.AX (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\LHACM.ACM (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.IV50 - C:\WINDOWS\System32\IR50_32.DLL (Intel Corporation)
Drivers32: VIDC.VDOM - vdowave.drv File not found
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011.07.19 21:18:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Application Data\Malwarebytes
[2011.07.19 21:18:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.07.19 21:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.07.19 21:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.07.19 21:17:48 | 000,019,288 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.07.19 21:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.19 21:15:39 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\deda\Plocha\mbam-setup.exe
[2011.07.19 20:51:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011.07.19 20:26:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.07.19 20:16:46 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\deda\Plocha\OTL.exe
[2011.07.19 19:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.07.19 19:03:53 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17799.exe
[2011.07.19 19:03:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.07.19 19:03:14 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17705.exe
[2011.07.19 18:59:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\deda\Recent
[2011.07.19 18:51:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2011.07.19 18:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2011.07.19 17:45:21 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.07.19 17:45:19 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.07.19 17:45:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.07.19 17:45:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.07.18 21:59:28 | 000,000,000 | -HSD | C] -- C:\FOUND.050
[2011.07.18 19:44:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\av_ico
[2011.06.22 18:30:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Application Data\Opera
[2011.06.22 18:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deda\Local Settings\Data aplikací\Opera
[2011.06.22 18:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011.06.22 18:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deda\Local Settings\Data aplikací\Google

========== Files - Modified Within 30 Days ==========

[2011.07.19 22:06:28 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.07.19 21:45:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.07.19 21:45:06 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.19 21:42:14 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\dpvrws.sys
[2011.07.19 21:15:58 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\deda\Plocha\mbam-setup.exe
[2011.07.19 20:52:00 | 000,000,200 | ---- | M] () -- C:\boot.ini
[2011.07.19 20:32:28 | 000,000,180 | ---- | M] () -- C:\WINDOWS\info1
[2011.07.19 20:16:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deda\Plocha\OTL.exe
[2011.07.19 20:00:58 | 000,138,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.07.19 19:03:34 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17799.exe
[2011.07.19 19:03:04 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17705.exe
[2011.07.18 22:04:28 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
[2011.07.18 19:48:54 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
[2011.07.18 19:48:54 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
[2011.07.18 19:48:52 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
[2011.07.18 19:47:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok
[2011.07.18 19:42:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.07.17 03:24:22 | 004,636,907 | ---- | M] () -- C:\WINDOWS\geoiplist
[2011.06.22 18:29:46 | 000,001,396 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Opera.lnk

========== Files Created - No Company Name ==========

[2011.07.19 22:06:26 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.07.19 21:42:12 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\dpvrws.sys
[2011.07.19 20:53:12 | 267,964,416 | -HS- | C] () -- C:\hiberfil.sys
[2011.07.18 22:04:29 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist
[2011.07.18 22:04:27 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar
[2011.07.18 19:48:52 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
[2011.07.18 19:48:51 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
[2011.07.18 19:48:50 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
[2011.07.18 19:47:05 | 000,000,180 | ---- | C] () -- C:\WINDOWS\info1
[2011.07.18 19:46:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
[2011.06.22 18:29:45 | 000,001,402 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Opera.lnk
[2011.06.22 18:29:39 | 000,001,396 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Opera.lnk
[2008.10.30 18:38:41 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\BelkinHWStatus.dll
[2008.10.30 18:38:41 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008.10.30 18:38:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\blkwcd.dll
[2008.10.30 18:38:40 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\BelkinwcuiDLL.dll
[2008.10.30 18:38:40 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\CrashRpt.dll
[2008.08.19 20:45:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006.11.22 08:30:55 | 000,000,020 | ---- | C] () -- C:\WINDOWS\level.ini
[2006.11.21 17:38:18 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006.11.21 15:24:23 | 000,000,084 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005.11.13 13:01:10 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\deda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.09.08 22:10:26 | 000,011,859 | ---- | C] () -- C:\WINDOWS\hpdj5700.ini
[2005.07.23 10:12:44 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.07.23 09:52:53 | 000,000,933 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2005.07.23 09:42:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005.07.23 09:34:56 | 000,012,327 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2005.07.23 09:34:56 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2005.07.23 09:34:56 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2005.07.23 09:34:56 | 000,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2005.07.23 09:34:56 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2005.07.23 09:34:56 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2005.07.23 09:34:56 | 000,000,120 | ---- | C] () -- C:\WINDOWS\protocol.ini
[2005.07.23 09:34:56 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2005.07.23 09:34:56 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2005.07.23 09:34:56 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005.07.23 09:34:56 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2005.07.23 09:34:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2005.07.23 09:28:30 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005.07.23 09:20:43 | 000,004,443 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.07.23 09:19:24 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005.07.23 09:08:06 | 000,304,712 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2005.07.23 09:08:06 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2005.07.23 09:08:06 | 000,043,698 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2005.07.23 09:08:06 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2005.07.23 09:05:25 | 000,004,573 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005.07.23 09:05:24 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005.07.23 09:04:55 | 000,305,652 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005.07.23 09:04:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005.07.23 09:04:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005.07.23 09:04:54 | 000,038,094 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005.07.23 09:04:47 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005.07.23 09:04:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005.07.23 09:04:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005.07.23 09:03:49 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005.07.23 09:03:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005.07.23 09:02:52 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005.07.23 09:02:13 | 000,001,740 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2005.07.23 08:50:15 | 000,151,584 | RH-- | C] () -- C:\WINDOWS\HWINFO.DAT
[2005.07.23 08:49:33 | 000,011,253 | -H-- | C] () -- C:\Program Files\folder.htt
[2004.03.17 15:12:48 | 000,000,362 | ---- | C] () -- C:\WINDOWS\hpfins_s04_main.dat
[2004.03.17 15:11:51 | 000,005,428 | ---- | C] () -- C:\WINDOWS\hpfmdl_s04_main.dat
[1980.01.01 00:00:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[1980.01.01 00:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[1980.01.01 00:00:00 | 000,018,987 | ---- | C] () -- C:\WINDOWS\SETVER.EXE

========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\System32\ctfmon.exe -- [2005.06.20 19:47:02 | 000,013,312 | ---- | M] (Microsoft Corporation)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2004.11.15 16:18:50 | 001,670,144 | ---- | M] (Microsoft Corporation)
"ICQ" = ~"C:\Program Files\ICQ6.5\ICQ.exe" silent

< >


< MD5 for: AGP440.SYS >
[2004.08.04 07:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\agp440.sys
[2001.08.17 21:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\SYSTEM32\DRIVERS\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2005.06.20 19:50:10 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2005.06.20 19:50:10 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004.08.04 06:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2005.06.20 19:46:48 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=82CD2AA659D68781D29BA87421BE0E40 -- C:\WINDOWS\SYSTEM32\autochk.exe
[2005.06.20 19:46:48 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=82CD2AA659D68781D29BA87421BE0E40 -- C:\WINDOWS\SYSTEM32\dllcache\autochk.exe
[2004.08.17 23:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\autochk.exe

< MD5 for: CDROM.SYS >
[2005.06.20 19:50:10 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2005.06.20 19:50:10 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=6506E033AD04CFEC9EE56DBEFD1083DD -- C:\WINDOWS\SYSTEM32\DRIVERS\cdrom.sys
[2004.08.04 06:59:52 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2005.06.20 19:47:00 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\WINDOWS\SYSTEM32\cryptsvc.dll
[2005.06.20 21:47:00 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\WINDOWS\SYSTEM32\dllcache\cryptsvc.dll
[2004.08.17 23:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2004.08.17 23:49:22 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=490E6E57E54FAF5F23F658EA188405A1 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\csrss.exe
[2005.06.20 19:47:02 | 000,004,096 | ---- | M] (Microsoft Corporation) MD5=E5C52921CC7B099CEA19C53E31F4AB0E -- C:\WINDOWS\SYSTEM32\csrss.exe
[2005.06.20 21:47:02 | 000,004,096 | ---- | M] (Microsoft Corporation) MD5=E5C52921CC7B099CEA19C53E31F4AB0E -- C:\WINDOWS\SYSTEM32\dllcache\csrss.exe

< MD5 for: EVENTLOG.DLL >
[2004.08.17 23:49:06 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\eventlog.dll
[2005.06.20 21:47:32 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\WINDOWS\SYSTEM32\dllcache\eventlog.dll
[2005.06.20 19:47:32 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\WINDOWS\SYSTEM32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2005.06.20 19:47:32 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\WINDOWS\explorer.exe
[2005.06.20 19:47:32 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\WINDOWS\SYSTEM32\dllcache\explorer.exe
[2004.08.17 23:49:22 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\explorer.exe

< MD5 for: FASTFAT.SYS >
[2004.08.04 07:14:16 | 000,143,360 | ---- | M] (Microsoft Corporation) MD5=3117F595E9615E04F05A54FC15A03B20 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\fastfat.sys
[2005.06.20 19:47:32 | 000,145,152 | ---- | M] (Microsoft Corporation) MD5=E4A3A8F3E60B542A747B10E86FAA5DAD -- C:\WINDOWS\SYSTEM32\dllcache\fastfat.sys
[2005.06.20 19:47:32 | 000,145,152 | ---- | M] (Microsoft Corporation) MD5=E4A3A8F3E60B542A747B10E86FAA5DAD -- C:\WINDOWS\SYSTEM32\DRIVERS\fastfat.sys

< MD5 for: HAL.DLL >
[2005.06.20 19:50:10 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2005.06.20 19:50:10 | 000,077,440 | ---- | M] (Microsoft Corporation) MD5=09C4C15D18A7133C91C3EF3C4600D256 -- C:\WINDOWS\SYSTEM32\hal.dll
[2004.08.04 06:59:20 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=C321C95318495909A0066FB0EDC97287 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.04 07:00:12 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\changer.sys

< MD5 for: ISAPNP.SYS >
[2005.06.20 19:47:26 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\isapnp.sys

< MD5 for: LSASS.EXE >
[2005.06.20 21:48:02 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=32F7074BAC9A5F899CCA9C046C9FA6EB -- C:\WINDOWS\SYSTEM32\dllcache\lsass.exe
[2005.06.20 19:48:02 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=32F7074BAC9A5F899CCA9C046C9FA6EB -- C:\WINDOWS\SYSTEM32\lsass.exe
[2004.08.17 23:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\lsass.exe

< MD5 for: NDIS.SYS >
[2005.06.20 19:48:34 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\SYSTEM32\dllcache\ndis.sys
[2005.06.20 19:48:34 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys
[2004.08.04 07:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.17 23:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\netlogon.dll
[2005.06.20 21:48:36 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CF03E300B5CEEFFEFBE6F67532BD0EF1 -- C:\WINDOWS\SYSTEM32\dllcache\netlogon.dll
[2005.06.20 19:48:36 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CF03E300B5CEEFFEFBE6F67532BD0EF1 -- C:\WINDOWS\SYSTEM32\netlogon.dll

< MD5 for: NTFS.SYS >
[2004.08.04 07:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\ntfs.sys
[2005.06.20 19:48:44 | 000,561,920 | ---- | M] (Microsoft Corporation) MD5=E3AE9C79498210A5F39FE5A9AD62BC55 -- C:\WINDOWS\SYSTEM32\dllcache\ntfs.sys
[2005.06.20 19:48:44 | 000,561,920 | ---- | M] (Microsoft Corporation) MD5=E3AE9C79498210A5F39FE5A9AD62BC55 -- C:\WINDOWS\SYSTEM32\DRIVERS\ntfs.sys

< MD5 for: SCECLI.DLL >
[2004.08.17 23:49:16 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\scecli.dll
[2005.06.20 21:49:10 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B2666CAB5E8C8A741D63F18D551A47FB -- C:\WINDOWS\SYSTEM32\dllcache\scecli.dll
[2005.06.20 19:49:10 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B2666CAB5E8C8A741D63F18D551A47FB -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: SERVICES.EXE >
[2004.08.17 23:49:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=6E401E61F952FBBF708AFBECEFAFAE81 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\services.exe
[2005.06.20 21:49:14 | 000,101,376 | ---- | M] (Microsoft Corporation) MD5=F4D2C4AF666E0224E961AA744A1B47E3 -- C:\WINDOWS\SYSTEM32\dllcache\services.exe
[2005.06.20 19:49:14 | 000,101,376 | ---- | M] (Microsoft Corporation) MD5=F4D2C4AF666E0224E961AA744A1B47E3 -- C:\WINDOWS\SYSTEM32\services.exe

< MD5 for: SMSS.EXE >
[2004.08.17 23:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\smss.exe
[2005.06.20 21:49:20 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7763D73255AD4046FA999D42EAF22C26 -- C:\WINDOWS\SYSTEM32\dllcache\smss.exe
[2005.06.20 19:49:20 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7763D73255AD4046FA999D42EAF22C26 -- C:\WINDOWS\SYSTEM32\smss.exe

< MD5 for: SPOOLSV.EXE >
[2004.08.17 23:49:28 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=21B6FAA88044A41640E03EBB68BE93E8 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\spoolsv.exe
[2005.06.11 01:55:46 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=6B4BF97957A0B8795811975D4BF1ACFE -- C:\WINDOWS\SoftwareDistribution\Download\a25ecfc361977be77521d4ce0798cbae\sp1qfe\spoolsv.exe
[2005.06.11 02:17:14 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\SoftwareDistribution\Download\a25ecfc361977be77521d4ce0798cbae\sp2qfe\spoolsv.exe
[2005.06.11 01:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\SoftwareDistribution\Download\a25ecfc361977be77521d4ce0798cbae\sp2gdr\spoolsv.exe
[2005.06.20 19:49:22 | 000,051,200 | ---- | M] (Microsoft Corporation) MD5=FBD651B9CF8F5297F86961843D6F1BAB -- C:\WINDOWS\SYSTEM32\dllcache\spoolsv.exe
[2005.06.20 19:49:22 | 000,051,200 | ---- | M] (Microsoft Corporation) MD5=FBD651B9CF8F5297F86961843D6F1BAB -- C:\WINDOWS\SYSTEM32\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2011.07.18 19:47:06 | 000,340,480 | ---- | M] () MD5=1733B4BD3F88618E348977328B384762 -- C:\_OTL\MovedFiles\07192011_205742\C_WINDOWS\update.5.0\svchost.exe
[2011.07.18 19:21:54 | 001,150,976 | -H-- | M] () MD5=263BCC68E573D1DC4E9DB4BC5C13E9F0 -- C:\_OTL\MovedFiles\07192011_205742\C_WINDOWS\update.1\svchost.exe
[2011.07.18 19:21:54 | 001,150,976 | -H-- | M] () MD5=263BCC68E573D1DC4E9DB4BC5C13E9F0 -- C:\_OTL\MovedFiles\07192011_205742\C_WINDOWS\update.tray-7-0\svchost.exe
[2011.07.18 19:21:54 | 001,150,976 | -H-- | M] () MD5=263BCC68E573D1DC4E9DB4BC5C13E9F0 -- C:\_OTL\MovedFiles\07192011_205742\C_WINDOWS\update.tray-7-0-lnk\svchost.exe
[2005.06.20 21:49:28 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\SYSTEM32\dllcache\svchost.exe
[2005.06.20 19:49:28 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\SYSTEM32\svchost.exe
[2004.08.17 23:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\svchost.exe
[2011.07.18 19:49:50 | 000,483,328 | ---- | M] () MD5=EFB19E06A994F184B781A3C948E77E6E -- C:\_OTL\MovedFiles\07192011_205742\C_WINDOWS\update.2\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\SoftwareDistribution\Download\8b3f0b76a887dad5988d39ddc24cfa31\sp2gdr\tcpip.sys
[2005.06.20 19:49:30 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2005.06.20 19:49:30 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\WINDOWS\SYSTEM32\dllcache\tcpip.sys
[2005.06.20 19:49:30 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys
[2004.08.04 07:14:40 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\tcpip.sys
[2006.04.20 14:18:36 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\SoftwareDistribution\Download\8b3f0b76a887dad5988d39ddc24cfa31\sp2qfe\tcpip.sys
[2006.04.20 13:38:44 | 000,340,480 | ---- | M] (Microsoft Corporation) MD5=B8158E2A6112C0A5CA67BC158FC70218 -- C:\WINDOWS\SoftwareDistribution\Download\8b3f0b76a887dad5988d39ddc24cfa31\sp1qfe\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004.08.17 23:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\userinit.exe
[2005.06.20 19:49:40 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B26871B5CE92F9D95AE6E62119799EB9 -- C:\WINDOWS\SYSTEM32\dllcache\userinit.exe
[2005.06.20 19:49:40 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B26871B5CE92F9D95AE6E62119799EB9 -- C:\WINDOWS\SYSTEM32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 23:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\winlogon.exe
[2005.06.20 21:49:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=FF8857D1AF59071F172C0FAD0FD33E87 -- C:\WINDOWS\SYSTEM32\dllcache\winlogon.exe
[2005.06.20 19:49:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=FF8857D1AF59071F172C0FAD0FD33E87 -- C:\WINDOWS\SYSTEM32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 23:49:20 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\ws2_32.dll
[2006.05.19 14:40:46 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=3F8C60A9CBE3BA6B163E51A4D4397090 -- C:\WINDOWS\SoftwareDistribution\Download\d56643730cd61a949deb31f31a59ee33\sp1qfe\ws2_32.dll
[2005.06.20 21:49:58 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\SYSTEM32\dllcache\ws2_32.dll
[2005.06.20 19:49:58 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\SYSTEM32\ws2_32.dll
[2006.08.16 14:16:16 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=D23E4E91AB6A1D922F6F1BFE81F56589 -- C:\WINDOWS\SoftwareDistribution\Download\e0a3e32e53e04030557391d585cb6960\sp1qfe\ws2_32.dll

< >

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >

< %systemroot%\system32\drivers\*.sys /5 >
[2011.07.19 21:42:14 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\dpvrws.sys

< %systemroot%\system32\drivers\*.sys /X >
[2005.06.20 19:47:38 | 003,440,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\gm.dls
[2005.06.20 19:47:38 | 000,000,646 | ---- | M] () -- C:\WINDOWS\system32\drivers\gmreadme.txt
[2007.12.19 17:22:58 | 000,016,941 | ---- | M] () -- C:\WINDOWS\system32\drivers\fwdrv.err

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /5 >
[2011.07.18 19:42:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2011.07.19 19:03:04 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CF17705.exe
[2011.07.19 19:03:34 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CF17799.exe
[2011.07.19 20:00:58 | 000,138,848 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2011.07.19 17:44:00 | 000,003,766 | ---- | M] () -- C:\WINDOWS\system32\jupdate-1.6.0_26-b03.log

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\config\*.sav >
[2005.07.23 09:18:44 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2005.07.23 09:18:44 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005.07.23 09:18:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[21 C:\WINDOWS\Application Data\ICQLite\Bartcache\391479392\Temp\*.tmp files -> C:\WINDOWS\Application Data\ICQLite\Bartcache\391479392\Temp\*.tmp -> ]
[1 C:\WINDOWS\Application Data\Microsoft\Office\*.tmp files -> C:\WINDOWS\Application Data\Microsoft\Office\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >
[2005.07.23 09:20:16 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\desktop.ini

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >
[2011.07.19 21:23:34 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Data Aplikací\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2010.09.06 18:05:44 | 000,351,544 | ---- | M] (SweetIM Technologies, Ltd.) -- C:\Documents and Settings\All Users\Data Aplikací\SweetIM\Messenger\update\sweetimsetup.exe

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< %APPDATA%\*. >
[2005.07.23 09:34:52 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Identities
[2005.07.23 09:34:52 | 000,000,000 | --SD | M] -- C:\WINDOWS\Application Data\Microsoft
[2005.07.23 10:03:06 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Sun
[2005.07.23 10:20:52 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\MSN6
[2005.07.31 19:35:42 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Help
[2006.05.04 14:32:08 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Corel
[2007.05.28 18:14:28 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Macromedia
[2007.05.28 19:02:32 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\ICQLite
[2007.05.28 19:12:18 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Skype
[2007.06.03 13:00:42 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Adobe
[2007.06.04 19:35:56 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\ICQ Toolbar
[2007.06.07 08:57:00 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\AdobeUM
[2008.01.17 14:56:08 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Leadertech
[2008.01.28 16:26:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Lavasoft
[2008.02.17 16:48:48 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\InstallShield
[2008.08.19 20:44:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Mozilla
[2008.12.10 18:24:30 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\ICQ
[2009.07.18 16:56:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Microsoft Games
[2009.10.05 21:02:30 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\MoleInvasion
[2010.01.12 20:03:26 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\OpenOffice.org2
[2011.05.14 17:56:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\BabylonToolbar
[2011.06.22 18:30:52 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Opera
[2011.07.19 21:18:26 | 000,000,000 | ---D | M] -- C:\WINDOWS\Application Data\Malwarebytes

< %APPDATA%\*.* >
[2005.07.23 09:20:14 | 000,000,062 | -HS- | M] () -- C:\WINDOWS\Application Data\desktop.ini
[2011.01.17 16:09:58 | 000,027,312 | ---- | M] () -- C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT

< %APPDATA%\*.exe /s >
[2008.02.18 18:45:48 | 001,523,040 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2010.01.12 19:53:50 | 002,359,296 | R--- | M] (OpenOffice.org) -- C:\WINDOWS\Application Data\Microsoft\Installer\{519556CC-4382-4B35-80F5-DD8E9460EEAC}\soffice.exe
[2005.07.23 10:18:14 | 000,018,718 | R--- | M] () -- C:\WINDOWS\Application Data\Microsoft\Installer\{532EFE70-19BC-4F0F-8F50-D5F15C243133}\NewShortcut1_8315396A5EA1419DBEC4978284BDF556.exe

< %SYSTEMDRIVE%\*.exe >

< >

< >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-04-28 10:18:08

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"StateIndex" = 0
"FilesNotToBackupFilterCorrected" = 1

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout = 30
default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS = "Microsoft Windows XP Professional" /fastdetect

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.07.19 22:06:28 | 000,000,512 | ---- | M] () MD5=3C8D9E6F4A99CE61386259AA4487425C -- C:\PhysicalMBR.bin

< End of report >
Všechny časy jsou v UTC+01:00
Stránka 2 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz