VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

trojský kůň

https://forum.viry.cz:443/viewtopic.php?t=122962

Stránka 2 z 2

Re: trojský kůň

Napsal: 14 črc 2012 22:40
od Zoe25
Tady je ještě poslední log z toho scanu:

OTL logfile created on: 14.7.2012 23:11:40 - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Sandra\Desktop\staĹľeno
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

1013,31 Mb Total Physical Memory | 81,85 Mb Available Physical Memory | 8,08% Memory free
2,24 Gb Paging File | 1,06 Gb Available in Paging File | 47,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140,92 Gb Total Space | 14,45 Gb Free Space | 10,25% Space Free | Partition Type: NTFS
Drive D: | 8,13 Gb Total Space | 1,76 Gb Free Space | 21,69% Space Free | Partition Type: NTFS

Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.07.14 15:20:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\staĹľeno\OTL.exe
PRC - [2012.07.10 10:31:10 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012.07.10 10:31:02 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012.06.15 00:17:36 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.02.23 13:02:22 | 002,420,400 | ---- | M] (NETGATE Technologies s.r.o.) -- C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
PRC - [2012.01.24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011.11.28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011.11.23 03:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2011.10.12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011.09.08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011.08.15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.16 20:11:26 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2008.10.16 20:11:26 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2008.10.16 19:23:30 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2008.10.16 19:15:38 | 000,344,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008.07.07 09:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2007.03.29 02:45:34 | 000,270,431 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012.07.10 10:31:10 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012.07.10 10:31:02 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012.06.15 00:17:55 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2007.02.22 10:50:42 | 000,245,760 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2012.07.12 13:32:53 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.10 10:31:10 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.02.23 13:02:22 | 002,420,400 | ---- | M] (NETGATE Technologies s.r.o.) [Auto | Running] -- C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe -- (SpyEmrgSrv)
SRV - [2011.11.23 03:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011.10.12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.03.18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009.10.27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.10.16 19:30:28 | 000,634,880 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008.10.16 19:24:24 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008.10.16 19:23:30 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008.07.07 09:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.03.29 02:45:38 | 000,118,877 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007.03.29 02:45:34 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007.01.09 23:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011.10.07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011.10.04 07:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.09.13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.08.08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.07.11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.07.11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.07.11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011.07.11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.05.23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011.04.21 11:31:42 | 000,020,056 | ---- | M] (NETGATE Technologies s.r.o.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\spyemrg_access.sys -- (SpyEmrgAccess)
DRV - [2011.04.21 11:31:36 | 000,016,216 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\spyemrg_guard.sys -- (SpyEmrgGuard)
DRV - [2011.04.21 11:31:30 | 000,014,168 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\spyemrg.sys -- (SpyEmrg)
DRV - [2011.02.20 14:06:21 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2009.10.06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.10.06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.10.06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.10.06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.06.09 17:16:42 | 003,482,240 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.12.30 13:49:36 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.09.25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007.02.22 18:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007.02.07 23:15:14 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.30 19:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006.11.28 18:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.16 11:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.16 06:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.16 04:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006.06.28 18:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {95289393-33EA-4F8D-B952-483415B9C955}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... earchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Sandra\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\..\SearchScopes,DefaultScope = {95289393-33EA-4F8D-B952-483415B9C955}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... 952EF0606F
IE - HKCU\..\SearchScopes\{55FAF0F2-44D4-425f-B5F5-6B275B621EAB}: "URL" = http://search.burn4free-toolbar.com/sea ... arch-field
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.ph ... &ch_id=osd
IE - HKCU\..\SearchScopes\{65D0841D-5B4C-4C52-855D-B30D3A419F0F}: "URL" = http://www.webhledani.cz/results.aspx?i ... earchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... 1I7GGLL_en
IE - HKCU\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B8C0 ... 2011-12-28 20:43:35&v=9.0.0.23&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/search?query={searchTerms}&from=IE
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = http://www.icq.com/search/results.php?q ... &ch_id=osd
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://www.webhledani.cz/results.aspx?i ... earchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.03
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... r=1.4.7&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.08.11 15:21:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.04.05 09:58:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2012.02.01 10:20:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.02.01 10:20:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.10 10:31:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.14 20:40:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.27 12:15:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.08.11 15:21:26 | 000,000,000 | ---D | M]

[2009.07.04 21:03:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\Mozilla\Extensions
[2012.07.04 06:29:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\extensions
[2011.03.30 11:16:38 | 000,000,000 | ---D | M] (WebTran) -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
[2012.06.27 21:45:52 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.10.09 17:24:57 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\extensions\personas@christopher.beard
[2010.09.17 20:37:47 | 000,002,384 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\askcom.xml
[2012.07.09 22:09:30 | 000,000,950 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin-1.xml
[2012.06.27 12:21:19 | 000,000,950 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin-10.xml
[2009.07.24 08:51:35 | 000,000,950 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin-2.xml
[2009.08.05 18:47:02 | 000,000,950 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin-3.xml
[2010.12.12 16:27:03 | 000,000,961 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin-4.xml
[2010.12.29 16:51:58 | 000,000,961 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin-5.xml
[2011.03.24 18:48:57 | 000,000,961 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin-6.xml
[2011.04.30 09:27:36 | 000,000,961 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin-7.xml
[2011.05.02 10:06:00 | 000,000,961 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin-8.xml
[2012.06.27 12:18:09 | 000,000,950 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin-9.xml
[2012.03.19 20:09:28 | 000,000,168 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin.gif
[2012.03.19 20:09:28 | 000,000,618 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin.src
[2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin.xml
[2012.06.27 12:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.03.20 20:18:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.10 10:31:01 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.15 02:05:40 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.06.15 02:05:40 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.06.15 02:05:40 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.06.15 02:05:41 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.06.15 02:05:41 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2012.07.14 22:53:42 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (IE Toolbar)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Sandra\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 7705098219 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D397078-D39D-4699-93C7-15D8C45D702E}: DhcpNameServer = 194.228.2.61 194.228.41.113
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D397078-D39D-4699-93C7-15D8C45D702E}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F65C9C6-74BA-41CE-927B-79616BFA11A0}: DhcpNameServer = 172.16.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.04.19 21:20:31 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 7 Days ==========

[2012.07.14 22:53:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.14 21:26:48 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\temp
[2012.07.14 21:08:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.07.14 20:17:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.07.14 20:17:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.07.14 20:17:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.07.14 20:16:14 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.07.14 19:55:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.14 19:55:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.07.14 18:59:28 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sandra\Desktop\tdsskiller.exe
[2012.07.14 18:22:36 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\XueTr
[2012.07.14 12:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.07.14 12:58:50 | 000,000,000 | ---D | C] -- C:\rsit
[2012.07.12 08:59:11 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Spy Emergency
[2012.07.12 08:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Emergency
[2012.07.12 08:59:03 | 000,020,056 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\System32\drivers\spyemrg_access.sys
[2012.07.12 08:59:03 | 000,016,216 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\System32\drivers\spyemrg_guard.sys
[2012.07.12 08:59:02 | 000,014,168 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\System32\drivers\spyemrg.sys
[2012.07.12 08:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NETGATE
[2012.07.12 08:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\NETGATE
[2012.07.10 17:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

========== Files - Modified Within 7 Days ==========

[2036.02.07 08:28:16 | 001,474,560 | ---- | M] () -- C:\Users\Sandra\Arnes Boot Record.img
[2012.07.14 23:32:34 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.14 23:03:39 | 101,479,373 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.07.14 22:58:12 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.14 22:57:30 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.14 22:57:30 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.14 22:57:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.14 22:57:17 | 1061,236,736 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.14 22:53:42 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.07.14 22:45:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.14 22:01:01 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.14 22:01:01 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.14 18:59:37 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sandra\Desktop\tdsskiller.exe
[2012.07.14 18:18:55 | 003,822,594 | ---- | M] () -- C:\Users\Sandra\Desktop\XueTr.zip
[2012.07.14 18:06:27 | 000,008,530 | ---- | M] () -- C:\Users\Sandra\Desktop\Extras.rar
[2012.07.14 18:06:21 | 000,146,509 | ---- | M] () -- C:\Users\Sandra\Desktop\OTL.rar
[2012.07.14 15:52:47 | 000,124,416 | ---- | M] () -- C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.14 15:35:15 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.07.12 13:32:49 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.12 13:32:49 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.12 08:59:30 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Spy Emergency.lnk

========== Files Created - No Company Name ==========

[2036.02.07 08:28:16 | 001,474,560 | ---- | C] () -- C:\Users\Sandra\Arnes Boot Record.img
[2012.07.14 20:17:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.14 20:17:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.14 20:17:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.14 20:17:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.14 20:17:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.14 18:18:41 | 003,822,594 | ---- | C] () -- C:\Users\Sandra\Desktop\XueTr.zip
[2012.07.14 18:06:27 | 000,008,530 | ---- | C] () -- C:\Users\Sandra\Desktop\Extras.rar
[2012.07.14 18:06:20 | 000,146,509 | ---- | C] () -- C:\Users\Sandra\Desktop\OTL.rar
[2012.07.14 15:35:15 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.07.12 08:59:30 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\Spy Emergency.lnk
[2012.04.07 21:34:33 | 000,002,048 | -HS- | C] () -- C:\Users\Sandra\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
[2011.03.30 11:15:57 | 000,000,034 | ---- | C] () -- C:\Windows\WTRDCTM.INI
[2009.04.04 09:07:52 | 000,000,000 | ---- | C] () -- C:\Users\Sandra\.gtk-bookmarks
[2009.03.26 19:14:21 | 000,014,340 | ---- | C] () -- C:\Users\Sandra\AppData\Local\slot1.mm1
[2008.12.24 22:15:32 | 000,434,067 | ---- | C] () -- C:\Users\Sandra\AppData\Roaming\NMM-MetaData.db
[2008.12.04 20:29:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.11.29 20:38:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.04.06 15:42:43 | 000,000,000 | ---- | C] () -- C:\Users\Sandra\AppData\Local\prvlcl.dat
[2007.10.10 21:17:08 | 000,026,340 | ---- | C] () -- C:\Users\Sandra\AppData\Roaming\UserTile.png
[2007.08.29 17:35:54 | 000,124,416 | ---- | C] () -- C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2011.05.15 16:17:12 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\.bittorrent
[2007.12.30 13:22:34 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Ashampoo
[2008.12.23 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Ashampoo Photo Commander 5
[2009.01.25 17:57:14 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Ashtons. Family Resort
[2010.10.20 16:58:24 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Aveyond 3
[2011.10.25 23:20:09 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\AVG2012
[2009.11.07 12:03:11 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\AVG9
[2010.10.10 10:12:20 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\blg
[2010.02.26 21:17:18 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Boomzap
[2010.10.29 20:28:59 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Brawsome
[2009.11.13 22:05:23 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Broad Intelligence
[2009.11.14 19:00:34 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\BSplayer
[2007.08.31 12:19:12 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\BSplayer Pro
[2008.11.30 18:31:10 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Canneverbe_Limited
[2009.06.30 11:51:00 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\cerasus.media
[2011.02.20 14:08:01 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\DAEMON Tools Lite
[2007.10.13 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\DeepBurner
[2009.01.25 13:40:29 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Fabulous Finds
[2008.02.01 21:37:25 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\FileZilla
[2008.01.01 17:36:24 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\GHISLER
[2009.12.16 19:45:16 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\GTM_Bodie
[2012.06.18 16:30:30 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\ICQ
[2008.02.23 17:54:29 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\ICQ Toolbar
[2010.06.25 15:38:51 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\LaJangada
[2012.06.17 21:15:51 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\LangSoft
[2009.01.01 15:24:32 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Magus
[2010.10.09 20:13:18 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Merscom
[2008.02.01 21:53:35 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Micropro
[2008.01.02 23:27:03 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\muvee Technologies
[2011.05.22 19:33:22 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\My Games
[2009.11.13 22:46:31 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Nokia
[2010.07.11 20:56:10 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Paige Harper and the Tome of Mystery
[2010.12.24 21:04:51 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\PC Suite
[2008.09.09 11:11:49 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Restorer
[2012.07.14 08:44:34 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Spy Emergency
[2010.09.08 16:36:39 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\V-Games
[2010.11.07 14:42:42 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Valusoft
[2007.10.05 13:56:49 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Vso
[2011.05.22 19:36:19 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\WildTangent
[2009.01.07 17:57:05 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\XnView
[2012.07.14 22:56:11 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Re: trojský kůň

Napsal: 15 črc 2012 12:40
od Zoe25
Tak jsem tu :oops:

Re: trojský kůň

Napsal: 15 črc 2012 13:37
od Zoe25
Tak snad hotovo.. :) co dál?

Re: trojský kůň

Napsal: 15 črc 2012 14:32
od Zoe25
Ty složky se mi bohužel nedaří nějak zararovat, píše mi to, že to nejde..a pak teda přesně nevím, jak a kam udělat ten upload? :oops:

Re: trojský kůň

Napsal: 15 črc 2012 14:44
od Zoe25
Combofix/Uinstall taky nějak nemužu najít..ptz když to vepíši do startu, tak mi to nic nenašlo..tak asi budu pokračovat dal :D njn to jsem si asi dala průhledný nick :D proč se ptáš? :)

Re: trojský kůň

Napsal: 15 črc 2012 14:51
od Zoe25
Tak ani s mezerníkem to nenašlo...

Re: trojský kůň

Napsal: 15 črc 2012 15:07
od Zoe25
S písmenkem i bez písmenka CF prostě zmizel :D jo ještě se mi včera na ploše objevily dvě ikony desktop.ini a jsou takové nevýrazné..ty se dají někam přeunout nebo tak?

Re: trojský kůň

Napsal: 15 črc 2012 15:13
od Zoe25
No to on už tam nebyl ještě než jsem ten TCleaner použila :D ještě teda udělám tu defragmentaci...

Re: trojský kůň

Napsal: 15 črc 2012 15:40
od Zoe25
Defragmentace hotová..tak to už je asi vše?

Re: trojský kůň

Napsal: 15 črc 2012 16:12
od Zoe25
Tak zatím asi všechno funguje tak jak má..kdyby ne,tak to já bych hned psala..:)

Tady je ten log z MbrScanu (jestli jsi myslel tohle?):

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows Vista Service Pack 2 (32 bit)
PROCESSOR      : x86 Family 6 Model 14 Stepping 12, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/07/15 (ISO 8601) at 17:08:14
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST9160821AS (3.BHD)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	149.1 Go  [Fixed] ==> Unknown MBR Code

MBR_MD5   : 58073066DBEBD02729237966891250F0
MBR_SHA1  : 718A7FC943F57028D298C9F6E82D1A9F1BD14C6B

Device\Harddisk0\Partition1	140.9 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	8.13 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x92EA4000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_msahci.sys => Invisible on the disk
ADDRESS : 0x92EAF000
SIZE    : 40.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions : /NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 FF BE 00 02 8E D7 BC 00 7A BB A0 07 8B CE 8E   3.¾...×¼.z»...Î.
0x00000010   DB 8E C3 F3 A4 EA 72 00 A0 07 10 00 01 00 00 7A   Û.Ãó¤êr........z
0x00000020   00 00 00 00 00 00 00 00 00 00 07 66 8B 55 08 B4   ...........f.U.´
0x00000030   42 C6 06 1F 00 7C 32 C0 66 89 16 22 00 BE 1A 00   BÆ...|2Àf..".¾..
0x00000040   B2 80 CD 13 0F 82 C2 00 81 3E FE 03 55 AA C3 AC   ².Í...Â..>þ.UªÃ¬
0x00000050   0A C0 74 FA B4 0E BB 07 00 CD 10 EB F2 B8 12 5F   .Àtú´.»..Í.ëò¸._
0x00000060   66 BA 51 50 48 5F CD 15 73 02 33 DB 80 E3 01 0A   fºQPH_Í.s.3Û.ã..
0x00000070   DB C3 8B E9 8B D9 C6 06 2A 00 0C BF EE 01 B9 04   ÛÃ.é.ÙÆ.*..¿î.¹.
0x00000080   00 38 6D 04 74 39 E8 A2 FF 75 21 66 B8 52 45 43   .8m.t9è¢.u!f¸REC
0x00000090   4F 66 39 06 03 02 74 0C 66 39 06 F0 03 75 0D C6   Of9...t.f9.ð.u.Æ
0x000000A0   06 2A 00 07 8B DF C6 45 04 0C EB 13 8A 45 04 3C   .*...ßÆE..ë..E.<
0x000000B0   07 74 0A 3C 0B 74 06 24 F5 3C 04 75 02 8B EF 88   .t.<.t.$õ<.u..ï.
0x000000C0   2D 83 EF 10 E2 BB 0B DB 74 1B 0B ED 74 17 8B FB   -.ï.â».Ût..ít..û
0x000000D0   F6 06 4E 01 04 75 47 F6 06 4E 01 02 75 44 E8 7C   ö.N..uGö.N..uDè|
0x000000E0   FF 75 3B EB 3D 66 33 D2 E8 44 FF BA 01 00 B1 04   .u;ë=f3ÒèD.º..±.
0x000000F0   BF BE 03 0B D2 75 06 80 7D 04 00 75 42 80 3D 80   ¿¾..Òu..}..uB.=.
0x00000100   74 3D 83 C7 10 E2 EC 4A 74 E4 8B 36 51 01 E8 3E   t=.Ç.âìJtä.6Q.è>
0x00000110   FF 8B 36 53 01 E8 37 FF B4 00 CD 16 CD 18 8B EF   ..6S.è7.´.Í.Í..ï
0x00000120   EB 00 A0 2A 00 88 45 04 8B FD C6 05 80 80 26 4E   ë..*..E..ýÆ...&N
0x00000130   01 F9 66 33 D2 C6 06 1F 00 7A B4 43 E8 F7 FE E8   .ùf3ÒÆ...z´Cè÷þè
0x00000140   E9 FE 8B 36 4F 01 75 C6 EA 00 7C 00 00 01 50 57   éþ.6O.uÆê.|...PW
0x00000150   01 5C 01 63 01 68 01 45 72 72 32 00 0D 0A 45 72   .\.c.h.Err2...Er
0x00000160   72 31 00 45 72 72 33 00 0D 0A 50 72 65 73 73 20   r1.Err3...Press 
0x00000170   46 31 31 20 66 6F 72 20 45 6D 65 72 67 65 6E 63   F11 for Emergenc
0x00000180   79 20 52 65 63 6F 76 65 72 79 20 00 73 20 61 20   y Recovery .s a 
0x00000190   6B 65 79 0D 0A 00 00 00 00 00 00 00 00 00 00 00   key.............
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 4D 01 22 BC 22 BC 00 00 80 01   ......M."¼"¼....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 9D 74 9D 11 00 FE   ...þ..?....t...þ
0x000001D0   FF FF 07 FE FF FF DC 74 9D 11 E5 15 04 01 00 00   ...þ..Üt..å.....
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    33ff            XOR DI, DI   
0x0002    be 0002         MOV SI, 0x200   
0x0005    8ed7            MOV SS, DI   
0x0007    bc 007a         MOV SP, 0x7a00   
0x000A    bb a007         MOV BX, 0x7a0   
0x000D    8bce            MOV CX, SI   
0x000F    8edb            MOV DS, BX   
0x0011    8ec3            MOV ES, BX   
0x0013    f3 a4           REP MOVSB   
0x0015    ea 7200 a007    JMP FAR 0x7a0:0x72   
0x001A    1000            ADC [BX+SI], AL   
0x001C    0100            ADD [BX+SI], AX   
0x001E    007a 00         ADD [BP+SI+0x0], BH   
0x0021    0000            ADD [BX+SI], AL   
0x0023    0000            ADD [BX+SI], AL   
0x0025    0000            ADD [BX+SI], AL   
0x0027    0000            ADD [BX+SI], AL   
0x0029    0007            ADD [BX], AL   
0x002B    66 8b55 08      MOV EDX, [DI+0x8]   
0x002F    b4 42           MOV AH, 0x42   
0x0031    c606 1f00 7c    MOV BYTE [0x1f], 0x7c   
0x0036    32c0            XOR AL, AL   
0x0038    66 8916 2200    MOV [0x22], EDX   
0x003D    be 1a00         MOV SI, 0x1a   
0x0040    b2 80           MOV DL, 0x80   
0x0042    cd 13           INT 0x13   
0x0044    0f82 c200       JB 0x10a   
0x0048    813e fe03 55aa  CMP WORD [0x3fe], 0xaa55   
0x004E    c3              RET   
0x004F    ac              LODSB   
0x0050    0ac0            OR AL, AL   
0x0052    74 fa           JZ 0x4e   
0x0054    b4 0e           MOV AH, 0xe   
0x0056    bb 0700         MOV BX, 0x7   
0x0059    cd 10           INT 0x10   
0x005B    eb f2           JMP 0x4f   
0x005D    b8 125f         MOV AX, 0x5f12   
0x0060    66 ba 5150485f  MOV EDX, 0x5f485051   
0x0066    cd 15           INT 0x15   
0x0068    73 02           JAE 0x6c   
0x006A    33db            XOR BX, BX   
0x006C    80e3 01         AND BL, 0x1   
0x006F    0adb            OR BL, BL   
0x0071    c3              RET   
0x0072    8be9            MOV BP, CX   
0x0074    8bd9            MOV BX, CX   
0x0076    c606 2a00 0c    MOV BYTE [0x2a], 0xc   
0x007B    bf ee01         MOV DI, 0x1ee   
0x007E    b9 0400         MOV CX, 0x4   
0x0081    386d 04         CMP [DI+0x4], CH   
0x0084    74 39           JZ 0xbf   
0x0086    e8 a2ff         CALL 0x2b   
0x0089    75 21           JNZ 0xac   
0x008B    66 b8 5245434f  MOV EAX, 0x4f434552   
0x0091    66 3906 0302    CMP [0x203], EAX   
0x0096    74 0c           JZ 0xa4   
0x0098    66 3906 f003    CMP [0x3f0], EAX   
0x009D    75 0d           JNZ 0xac   
0x009F    c606 2a00 07    MOV BYTE [0x2a], 0x7   
0x00A4    8bdf            MOV BX, DI   
0x00A6    c645 04 0c      MOV BYTE [DI+0x4], 0xc   
0x00AA    eb 13           JMP 0xbf   
0x00AC    8a45 04         MOV AL, [DI+0x4]   
0x00AF    3c 07           CMP AL, 0x7   
0x00B1    74 0a           JZ 0xbd   
0x00B3    3c 0b           CMP AL, 0xb   
0x00B5    74 06           JZ 0xbd   
0x00B7    24 f5           AND AL, 0xf5   
0x00B9    3c 04           CMP AL, 0x4   
0x00BB    75 02           JNZ 0xbf   
0x00BD    8bef            MOV BP, DI   
0x00BF    882d            MOV [DI], CH   
0x00C1    83ef 10         SUB DI, 0x10   
0x00C4    e2 bb           LOOP 0x81   
0x00C6    0bdb            OR BX, BX   
0x00C8    74 1b           JZ 0xe5   
0x00CA    0bed            OR BP, BP   
0x00CC    74 17           JZ 0xe5   
0x00CE    8bfb            MOV DI, BX   
0x00D0    f606 4e01 04    TEST BYTE [0x14e], 0x4   
0x00D5    75 47           JNZ 0x11e   
0x00D7    f606 4e01 02    TEST BYTE [0x14e], 0x2   
0x00DC    75 44           JNZ 0x122   
0x00DE    e8 7cff         CALL 0x5d   
0x00E1    75 3b           JNZ 0x11e   
0x00E3    eb 3d           JMP 0x122   
0x00E5    66 33d2         XOR EDX, EDX   
0x00E8    e8 44ff         CALL 0x2f   
0x00EB    ba 0100         MOV DX, 0x1   
0x00EE    b1 04           MOV CL, 0x4   
0x00F0    bf be03         MOV DI, 0x3be   
0x00F3    0bd2            OR DX, DX   
0x00F5    75 06           JNZ 0xfd   
0x00F7    807d 04 00      CMP BYTE [DI+0x4], 0x0   
0x00FB    75 42           JNZ 0x13f   
0x00FD    803d 80         CMP BYTE [DI], 0x80   
0x0100    74 3d           JZ 0x13f   
0x0102    83c7 10         ADD DI, 0x10   
0x0105    e2 ec           LOOP 0xf3   
0x0107    4a              DEC DX   
0x0108    74 e4           JZ 0xee   
0x010A    8b36 5101       MOV SI, [0x151]   
0x010E    e8 3eff         CALL 0x4f   
0x0111    8b36 5301       MOV SI, [0x153]   
0x0115    e8 37ff         CALL 0x4f   
0x0118    b4 00           MOV AH, 0x0   
0x011A    cd 16           INT 0x16   
0x011C    cd 18           INT 0x18   
0x011E    8bef            MOV BP, DI   
0x0120    eb 00           JMP 0x122   
0x0122    a0 2a00         MOV AL, [0x2a]   
0x0125    8845 04         MOV [DI+0x4], AL   
0x0128    8bfd            MOV DI, BP   
0x012A    c605 80         MOV BYTE [DI], 0x80   
0x012D    8026 4e01 f9    AND BYTE [0x14e], 0xf9   
0x0132    66 33d2         XOR EDX, EDX   
0x0135    c606 1f00 7a    MOV BYTE [0x1f], 0x7a   
0x013A    b4 43           MOV AH, 0x43   
0x013C    e8 f7fe         CALL 0x36   
0x013F    e8 e9fe         CALL 0x2b   
0x0142    8b36 4f01       MOV SI, [0x14f]   
0x0146    75 c6           JNZ 0x10e   
0x0148    ea 007c 0000    JMP FAR 0x0:0x7c00   
0x014D    0150 57         ADD [BX+SI+0x57], DX   
0x0150    015c 01         ADD [SI+0x1], BX   
0x0153    6301            ARPL [BX+DI], AX   
0x0155    68 0145         PUSH 0x4501   
0x0158    72 72           JB 0x1cc   
0x015A    3200            XOR AL, [BX+SI]   
0x015C    0d 0a45         OR AX, 0x450a   
0x015F    72 72           JB 0x1d3   
0x0161    3100            XOR [BX+SI], AX   
0x0163    45              INC BP   
0x0164    72 72           JB 0x1d8   
0x0166    3300            XOR AX, [BX+SI]   
0x0168    0d 0a50         OR AX, 0x500a   
0x016B    72 65           JB 0x1d2   
0x016D    73 73           JAE 0x1e2   
0x016F    2046 31         AND [BP+0x31], AL   
0x0172    3120            XOR [BX+SI], SP   
0x0174    66 6f           OUTSD   
0x0176    72 20           JB 0x198   
0x0178    45              INC BP   
0x0179    6d              INSW   
0x017A    65              DB 0x65   
0x017A    65 72 67        JB 0x1e4   
0x017D    65 6e           OUTS DX, BYTE GS:[SI]   
0x017F    6379 20         ARPL [BX+DI+0x20], DI   
0x0182    52              PUSH DX   
0x0183    65 636f 76      ARPL GS:[BX+0x76], BP   
0x0187    65              DB 0x65   
0x0187    65 72 79        JB 0x203   
0x018A    2000            AND [BX+SI], AL   
0x018C    73 20           JAE 0x1ae   
0x018E    61              POPA   
0x018F    206b 65         AND [BP+DI+0x65], CH   
0x0192    79 0d           JNS 0x1a1   
0x0194    0a00            OR AL, [BX+SI]   
0x0196    0000            ADD [BX+SI], AL   
0x0198    0000            ADD [BX+SI], AL   
0x019A    0000            ADD [BX+SI], AL   
0x019C    0000            ADD [BX+SI], AL   
0x019E    0000            ADD [BX+SI], AL   
0x01A0    0000            ADD [BX+SI], AL   
0x01A2    0000            ADD [BX+SI], AL   
0x01A4    0000            ADD [BX+SI], AL   
0x01A6    0000            ADD [BX+SI], AL   
0x01A8    0000            ADD [BX+SI], AL   
0x01AA    0000            ADD [BX+SI], AL   
0x01AC    0000            ADD [BX+SI], AL   
0x01AE    0000            ADD [BX+SI], AL   
0x01B0    0000            ADD [BX+SI], AL   
0x01B2    0000            ADD [BX+SI], AL   
0x01B4    0000            ADD [BX+SI], AL   
0x01B6    4d              DEC BP   
0x01B7    0122            ADD [BP+SI], SP   
0x01B9    bc 22bc         MOV SP, 0xbc22   
0x01BC    0000            ADD [BX+SI], AL   
0x01BE    8001 01         ADD BYTE [BX+DI], 0x1   
0x01C1    0007            ADD [BX], AL   
0x01C3    fe              DB 0xfe   
0x01C4    ff              DB 0xff   
0x01C5    ff              DB 0xff   
0x01C6    3f              AAS   
0x01C7    0000            ADD [BX+SI], AL   
0x01C9    009d 749d       ADD [DI-0x628c], BL   
0x01CD    1100            ADC [BX+SI], AX   
0x01CF    fe              DB 0xfe   
0x01D0    ff              DB 0xff   
0x01D1    ff07            INC WORD [BX]   
0x01D3    fe              DB 0xfe   
0x01D4    ff              DB 0xff   
0x01D5    ff              DB 0xff   
0x01D6    dc74 9d         FDIV QWORD [SI-0x63]   
0x01D9    11e5            ADC BP, SP   
0x01DB    15 0401         ADC AX, 0x104   
0x01DE    0000            ADD [BX+SI], AL   
0x01E0    0000            ADD [BX+SI], AL   
0x01E2    0000            ADD [BX+SI], AL   
0x01E4    0000            ADD [BX+SI], AL   
0x01E6    0000            ADD [BX+SI], AL   
0x01E8    0000            ADD [BX+SI], AL   
0x01EA    0000            ADD [BX+SI], AL   
0x01EC    0000            ADD [BX+SI], AL   
0x01EE    0000            ADD [BX+SI], AL   
0x01F0    0000            ADD [BX+SI], AL   
0x01F2    0000            ADD [BX+SI], AL   
0x01F4    0000            ADD [BX+SI], AL   
0x01F6    0000            ADD [BX+SI], AL   
0x01F8    0000            ADD [BX+SI], AL   
0x01FA    0000            ADD [BX+SI], AL   
0x01FC    0000            ADD [BX+SI], AL   
0x01FE    55              PUSH BP   
0x01FF    aa              STOSB

Re: trojský kůň

Napsal: 15 črc 2012 16:18
od Zoe25
A ostatní co je zatrhlé mám odoznažit? a jen označit other sectors?

Re: trojský kůň

Napsal: 15 črc 2012 16:23
od Zoe25

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows Vista Service Pack 2 (32 bit)
PROCESSOR      : x86 Family 6 Model 14 Stepping 12, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/07/15 (ISO 8601) at 17:22:41
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST9160821AS (3.BHD)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	149.1 Go  [Fixed] ==> Unknown MBR Code

MBR_MD5   : 58073066DBEBD02729237966891250F0
MBR_SHA1  : 718A7FC943F57028D298C9F6E82D1A9F1BD14C6B

Device\Harddisk0\Partition1	140.9 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	8.13 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x92EA4000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_msahci.sys => Invisible on the disk
ADDRESS : 0x92EAF000
SIZE    : 40.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions : /NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 FF BE 00 02 8E D7 BC 00 7A BB A0 07 8B CE 8E   3.¾...×¼.z»...Î.
0x00000010   DB 8E C3 F3 A4 EA 72 00 A0 07 10 00 01 00 00 7A   Û.Ãó¤êr........z
0x00000020   00 00 00 00 00 00 00 00 00 00 07 66 8B 55 08 B4   ...........f.U.´
0x00000030   42 C6 06 1F 00 7C 32 C0 66 89 16 22 00 BE 1A 00   BÆ...|2Àf..".¾..
0x00000040   B2 80 CD 13 0F 82 C2 00 81 3E FE 03 55 AA C3 AC   ².Í...Â..>þ.UªÃ¬
0x00000050   0A C0 74 FA B4 0E BB 07 00 CD 10 EB F2 B8 12 5F   .Àtú´.»..Í.ëò¸._
0x00000060   66 BA 51 50 48 5F CD 15 73 02 33 DB 80 E3 01 0A   fºQPH_Í.s.3Û.ã..
0x00000070   DB C3 8B E9 8B D9 C6 06 2A 00 0C BF EE 01 B9 04   ÛÃ.é.ÙÆ.*..¿î.¹.
0x00000080   00 38 6D 04 74 39 E8 A2 FF 75 21 66 B8 52 45 43   .8m.t9è¢.u!f¸REC
0x00000090   4F 66 39 06 03 02 74 0C 66 39 06 F0 03 75 0D C6   Of9...t.f9.ð.u.Æ
0x000000A0   06 2A 00 07 8B DF C6 45 04 0C EB 13 8A 45 04 3C   .*...ßÆE..ë..E.<
0x000000B0   07 74 0A 3C 0B 74 06 24 F5 3C 04 75 02 8B EF 88   .t.<.t.$õ<.u..ï.
0x000000C0   2D 83 EF 10 E2 BB 0B DB 74 1B 0B ED 74 17 8B FB   -.ï.â».Ût..ít..û
0x000000D0   F6 06 4E 01 04 75 47 F6 06 4E 01 02 75 44 E8 7C   ö.N..uGö.N..uDè|
0x000000E0   FF 75 3B EB 3D 66 33 D2 E8 44 FF BA 01 00 B1 04   .u;ë=f3ÒèD.º..±.
0x000000F0   BF BE 03 0B D2 75 06 80 7D 04 00 75 42 80 3D 80   ¿¾..Òu..}..uB.=.
0x00000100   74 3D 83 C7 10 E2 EC 4A 74 E4 8B 36 51 01 E8 3E   t=.Ç.âìJtä.6Q.è>
0x00000110   FF 8B 36 53 01 E8 37 FF B4 00 CD 16 CD 18 8B EF   ..6S.è7.´.Í.Í..ï
0x00000120   EB 00 A0 2A 00 88 45 04 8B FD C6 05 80 80 26 4E   ë..*..E..ýÆ...&N
0x00000130   01 F9 66 33 D2 C6 06 1F 00 7A B4 43 E8 F7 FE E8   .ùf3ÒÆ...z´Cè÷þè
0x00000140   E9 FE 8B 36 4F 01 75 C6 EA 00 7C 00 00 01 50 57   éþ.6O.uÆê.|...PW
0x00000150   01 5C 01 63 01 68 01 45 72 72 32 00 0D 0A 45 72   .\.c.h.Err2...Er
0x00000160   72 31 00 45 72 72 33 00 0D 0A 50 72 65 73 73 20   r1.Err3...Press 
0x00000170   46 31 31 20 66 6F 72 20 45 6D 65 72 67 65 6E 63   F11 for Emergenc
0x00000180   79 20 52 65 63 6F 76 65 72 79 20 00 73 20 61 20   y Recovery .s a 
0x00000190   6B 65 79 0D 0A 00 00 00 00 00 00 00 00 00 00 00   key.............
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 4D 01 22 BC 22 BC 00 00 80 01   ......M."¼"¼....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 9D 74 9D 11 00 FE   ...þ..?....t...þ
0x000001D0   FF FF 07 FE FF FF DC 74 9D 11 E5 15 04 01 00 00   ...þ..Üt..å.....
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    33ff            XOR DI, DI   
0x0002    be 0002         MOV SI, 0x200   
0x0005    8ed7            MOV SS, DI   
0x0007    bc 007a         MOV SP, 0x7a00   
0x000A    bb a007         MOV BX, 0x7a0   
0x000D    8bce            MOV CX, SI   
0x000F    8edb            MOV DS, BX   
0x0011    8ec3            MOV ES, BX   
0x0013    f3 a4           REP MOVSB   
0x0015    ea 7200 a007    JMP FAR 0x7a0:0x72   
0x001A    1000            ADC [BX+SI], AL   
0x001C    0100            ADD [BX+SI], AX   
0x001E    007a 00         ADD [BP+SI+0x0], BH   
0x0021    0000            ADD [BX+SI], AL   
0x0023    0000            ADD [BX+SI], AL   
0x0025    0000            ADD [BX+SI], AL   
0x0027    0000            ADD [BX+SI], AL   
0x0029    0007            ADD [BX], AL   
0x002B    66 8b55 08      MOV EDX, [DI+0x8]   
0x002F    b4 42           MOV AH, 0x42   
0x0031    c606 1f00 7c    MOV BYTE [0x1f], 0x7c   
0x0036    32c0            XOR AL, AL   
0x0038    66 8916 2200    MOV [0x22], EDX   
0x003D    be 1a00         MOV SI, 0x1a   
0x0040    b2 80           MOV DL, 0x80   
0x0042    cd 13           INT 0x13   
0x0044    0f82 c200       JB 0x10a   
0x0048    813e fe03 55aa  CMP WORD [0x3fe], 0xaa55   
0x004E    c3              RET   
0x004F    ac              LODSB   
0x0050    0ac0            OR AL, AL   
0x0052    74 fa           JZ 0x4e   
0x0054    b4 0e           MOV AH, 0xe   
0x0056    bb 0700         MOV BX, 0x7   
0x0059    cd 10           INT 0x10   
0x005B    eb f2           JMP 0x4f   
0x005D    b8 125f         MOV AX, 0x5f12   
0x0060    66 ba 5150485f  MOV EDX, 0x5f485051   
0x0066    cd 15           INT 0x15   
0x0068    73 02           JAE 0x6c   
0x006A    33db            XOR BX, BX   
0x006C    80e3 01         AND BL, 0x1   
0x006F    0adb            OR BL, BL   
0x0071    c3              RET   
0x0072    8be9            MOV BP, CX   
0x0074    8bd9            MOV BX, CX   
0x0076    c606 2a00 0c    MOV BYTE [0x2a], 0xc   
0x007B    bf ee01         MOV DI, 0x1ee   
0x007E    b9 0400         MOV CX, 0x4   
0x0081    386d 04         CMP [DI+0x4], CH   
0x0084    74 39           JZ 0xbf   
0x0086    e8 a2ff         CALL 0x2b   
0x0089    75 21           JNZ 0xac   
0x008B    66 b8 5245434f  MOV EAX, 0x4f434552   
0x0091    66 3906 0302    CMP [0x203], EAX   
0x0096    74 0c           JZ 0xa4   
0x0098    66 3906 f003    CMP [0x3f0], EAX   
0x009D    75 0d           JNZ 0xac   
0x009F    c606 2a00 07    MOV BYTE [0x2a], 0x7   
0x00A4    8bdf            MOV BX, DI   
0x00A6    c645 04 0c      MOV BYTE [DI+0x4], 0xc   
0x00AA    eb 13           JMP 0xbf   
0x00AC    8a45 04         MOV AL, [DI+0x4]   
0x00AF    3c 07           CMP AL, 0x7   
0x00B1    74 0a           JZ 0xbd   
0x00B3    3c 0b           CMP AL, 0xb   
0x00B5    74 06           JZ 0xbd   
0x00B7    24 f5           AND AL, 0xf5   
0x00B9    3c 04           CMP AL, 0x4   
0x00BB    75 02           JNZ 0xbf   
0x00BD    8bef            MOV BP, DI   
0x00BF    882d            MOV [DI], CH   
0x00C1    83ef 10         SUB DI, 0x10   
0x00C4    e2 bb           LOOP 0x81   
0x00C6    0bdb            OR BX, BX   
0x00C8    74 1b           JZ 0xe5   
0x00CA    0bed            OR BP, BP   
0x00CC    74 17           JZ 0xe5   
0x00CE    8bfb            MOV DI, BX   
0x00D0    f606 4e01 04    TEST BYTE [0x14e], 0x4   
0x00D5    75 47           JNZ 0x11e   
0x00D7    f606 4e01 02    TEST BYTE [0x14e], 0x2   
0x00DC    75 44           JNZ 0x122   
0x00DE    e8 7cff         CALL 0x5d   
0x00E1    75 3b           JNZ 0x11e   
0x00E3    eb 3d           JMP 0x122   
0x00E5    66 33d2         XOR EDX, EDX   
0x00E8    e8 44ff         CALL 0x2f   
0x00EB    ba 0100         MOV DX, 0x1   
0x00EE    b1 04           MOV CL, 0x4   
0x00F0    bf be03         MOV DI, 0x3be   
0x00F3    0bd2            OR DX, DX   
0x00F5    75 06           JNZ 0xfd   
0x00F7    807d 04 00      CMP BYTE [DI+0x4], 0x0   
0x00FB    75 42           JNZ 0x13f   
0x00FD    803d 80         CMP BYTE [DI], 0x80   
0x0100    74 3d           JZ 0x13f   
0x0102    83c7 10         ADD DI, 0x10   
0x0105    e2 ec           LOOP 0xf3   
0x0107    4a              DEC DX   
0x0108    74 e4           JZ 0xee   
0x010A    8b36 5101       MOV SI, [0x151]   
0x010E    e8 3eff         CALL 0x4f   
0x0111    8b36 5301       MOV SI, [0x153]   
0x0115    e8 37ff         CALL 0x4f   
0x0118    b4 00           MOV AH, 0x0   
0x011A    cd 16           INT 0x16   
0x011C    cd 18           INT 0x18   
0x011E    8bef            MOV BP, DI   
0x0120    eb 00           JMP 0x122   
0x0122    a0 2a00         MOV AL, [0x2a]   
0x0125    8845 04         MOV [DI+0x4], AL   
0x0128    8bfd            MOV DI, BP   
0x012A    c605 80         MOV BYTE [DI], 0x80   
0x012D    8026 4e01 f9    AND BYTE [0x14e], 0xf9   
0x0132    66 33d2         XOR EDX, EDX   
0x0135    c606 1f00 7a    MOV BYTE [0x1f], 0x7a   
0x013A    b4 43           MOV AH, 0x43   
0x013C    e8 f7fe         CALL 0x36   
0x013F    e8 e9fe         CALL 0x2b   
0x0142    8b36 4f01       MOV SI, [0x14f]   
0x0146    75 c6           JNZ 0x10e   
0x0148    ea 007c 0000    JMP FAR 0x0:0x7c00   
0x014D    0150 57         ADD [BX+SI+0x57], DX   
0x0150    015c 01         ADD [SI+0x1], BX   
0x0153    6301            ARPL [BX+DI], AX   
0x0155    68 0145         PUSH 0x4501   
0x0158    72 72           JB 0x1cc   
0x015A    3200            XOR AL, [BX+SI]   
0x015C    0d 0a45         OR AX, 0x450a   
0x015F    72 72           JB 0x1d3   
0x0161    3100            XOR [BX+SI], AX   
0x0163    45              INC BP   
0x0164    72 72           JB 0x1d8   
0x0166    3300            XOR AX, [BX+SI]   
0x0168    0d 0a50         OR AX, 0x500a   
0x016B    72 65           JB 0x1d2   
0x016D    73 73           JAE 0x1e2   
0x016F    2046 31         AND [BP+0x31], AL   
0x0172    3120            XOR [BX+SI], SP   
0x0174    66 6f           OUTSD   
0x0176    72 20           JB 0x198   
0x0178    45              INC BP   
0x0179    6d              INSW   
0x017A    65              DB 0x65   
0x017A    65 72 67        JB 0x1e4   
0x017D    65 6e           OUTS DX, BYTE GS:[SI]   
0x017F    6379 20         ARPL [BX+DI+0x20], DI   
0x0182    52              PUSH DX   
0x0183    65 636f 76      ARPL GS:[BX+0x76], BP   
0x0187    65              DB 0x65   
0x0187    65 72 79        JB 0x203   
0x018A    2000            AND [BX+SI], AL   
0x018C    73 20           JAE 0x1ae   
0x018E    61              POPA   
0x018F    206b 65         AND [BP+DI+0x65], CH   
0x0192    79 0d           JNS 0x1a1   
0x0194    0a00            OR AL, [BX+SI]   
0x0196    0000            ADD [BX+SI], AL   
0x0198    0000            ADD [BX+SI], AL   
0x019A    0000            ADD [BX+SI], AL   
0x019C    0000            ADD [BX+SI], AL   
0x019E    0000            ADD [BX+SI], AL   
0x01A0    0000            ADD [BX+SI], AL   
0x01A2    0000            ADD [BX+SI], AL   
0x01A4    0000            ADD [BX+SI], AL   
0x01A6    0000            ADD [BX+SI], AL   
0x01A8    0000            ADD [BX+SI], AL   
0x01AA    0000            ADD [BX+SI], AL   
0x01AC    0000            ADD [BX+SI], AL   
0x01AE    0000            ADD [BX+SI], AL   
0x01B0    0000            ADD [BX+SI], AL   
0x01B2    0000            ADD [BX+SI], AL   
0x01B4    0000            ADD [BX+SI], AL   
0x01B6    4d              DEC BP   
0x01B7    0122            ADD [BP+SI], SP   
0x01B9    bc 22bc         MOV SP, 0xbc22   
0x01BC    0000            ADD [BX+SI], AL   
0x01BE    8001 01         ADD BYTE [BX+DI], 0x1   
0x01C1    0007            ADD [BX], AL   
0x01C3    fe              DB 0xfe   
0x01C4    ff              DB 0xff   
0x01C5    ff              DB 0xff   
0x01C6    3f              AAS   
0x01C7    0000            ADD [BX+SI], AL   
0x01C9    009d 749d       ADD [DI-0x628c], BL   
0x01CD    1100            ADC [BX+SI], AX   
0x01CF    fe              DB 0xfe   
0x01D0    ff              DB 0xff   
0x01D1    ff07            INC WORD [BX]   
0x01D3    fe              DB 0xfe   
0x01D4    ff              DB 0xff   
0x01D5    ff              DB 0xff   
0x01D6    dc74 9d         FDIV QWORD [SI-0x63]   
0x01D9    11e5            ADC BP, SP   
0x01DB    15 0401         ADC AX, 0x104   
0x01DE    0000            ADD [BX+SI], AL   
0x01E0    0000            ADD [BX+SI], AL   
0x01E2    0000            ADD [BX+SI], AL   
0x01E4    0000            ADD [BX+SI], AL   
0x01E6    0000            ADD [BX+SI], AL   
0x01E8    0000            ADD [BX+SI], AL   
0x01EA    0000            ADD [BX+SI], AL   
0x01EC    0000            ADD [BX+SI], AL   
0x01EE    0000            ADD [BX+SI], AL   
0x01F0    0000            ADD [BX+SI], AL   
0x01F2    0000            ADD [BX+SI], AL   
0x01F4    0000            ADD [BX+SI], AL   
0x01F6    0000            ADD [BX+SI], AL   
0x01F8    0000            ADD [BX+SI], AL   
0x01FA    0000            ADD [BX+SI], AL   
0x01FC    0000            ADD [BX+SI], AL   
0x01FE    55              PUSH BP   
0x01FF    aa              STOSB

Re: trojský kůň

Napsal: 15 črc 2012 16:24
od Zoe25

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows Vista Service Pack 2 (32 bit)
PROCESSOR      : x86 Family 6 Model 14 Stepping 12, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/07/15 (ISO 8601) at 17:24:09
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST9160821AS (3.BHD)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	149.1 Go  [Fixed] ==> Unknown MBR Code

MBR_MD5   : 58073066DBEBD02729237966891250F0
MBR_SHA1  : 718A7FC943F57028D298C9F6E82D1A9F1BD14C6B

Device\Harddisk0\Partition1	140.9 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	8.13 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x92EA4000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_msahci.sys => Invisible on the disk
ADDRESS : 0x92EAF000
SIZE    : 40.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions : /NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 FF BE 00 02 8E D7 BC 00 7A BB A0 07 8B CE 8E   3.¾...×¼.z»...Î.
0x00000010   DB 8E C3 F3 A4 EA 72 00 A0 07 10 00 01 00 00 7A   Û.Ãó¤êr........z
0x00000020   00 00 00 00 00 00 00 00 00 00 07 66 8B 55 08 B4   ...........f.U.´
0x00000030   42 C6 06 1F 00 7C 32 C0 66 89 16 22 00 BE 1A 00   BÆ...|2Àf..".¾..
0x00000040   B2 80 CD 13 0F 82 C2 00 81 3E FE 03 55 AA C3 AC   ².Í...Â..>þ.UªÃ¬
0x00000050   0A C0 74 FA B4 0E BB 07 00 CD 10 EB F2 B8 12 5F   .Àtú´.»..Í.ëò¸._
0x00000060   66 BA 51 50 48 5F CD 15 73 02 33 DB 80 E3 01 0A   fºQPH_Í.s.3Û.ã..
0x00000070   DB C3 8B E9 8B D9 C6 06 2A 00 0C BF EE 01 B9 04   ÛÃ.é.ÙÆ.*..¿î.¹.
0x00000080   00 38 6D 04 74 39 E8 A2 FF 75 21 66 B8 52 45 43   .8m.t9è¢.u!f¸REC
0x00000090   4F 66 39 06 03 02 74 0C 66 39 06 F0 03 75 0D C6   Of9...t.f9.ð.u.Æ
0x000000A0   06 2A 00 07 8B DF C6 45 04 0C EB 13 8A 45 04 3C   .*...ßÆE..ë..E.<
0x000000B0   07 74 0A 3C 0B 74 06 24 F5 3C 04 75 02 8B EF 88   .t.<.t.$õ<.u..ï.
0x000000C0   2D 83 EF 10 E2 BB 0B DB 74 1B 0B ED 74 17 8B FB   -.ï.â».Ût..ít..û
0x000000D0   F6 06 4E 01 04 75 47 F6 06 4E 01 02 75 44 E8 7C   ö.N..uGö.N..uDè|
0x000000E0   FF 75 3B EB 3D 66 33 D2 E8 44 FF BA 01 00 B1 04   .u;ë=f3ÒèD.º..±.
0x000000F0   BF BE 03 0B D2 75 06 80 7D 04 00 75 42 80 3D 80   ¿¾..Òu..}..uB.=.
0x00000100   74 3D 83 C7 10 E2 EC 4A 74 E4 8B 36 51 01 E8 3E   t=.Ç.âìJtä.6Q.è>
0x00000110   FF 8B 36 53 01 E8 37 FF B4 00 CD 16 CD 18 8B EF   ..6S.è7.´.Í.Í..ï
0x00000120   EB 00 A0 2A 00 88 45 04 8B FD C6 05 80 80 26 4E   ë..*..E..ýÆ...&N
0x00000130   01 F9 66 33 D2 C6 06 1F 00 7A B4 43 E8 F7 FE E8   .ùf3ÒÆ...z´Cè÷þè
0x00000140   E9 FE 8B 36 4F 01 75 C6 EA 00 7C 00 00 01 50 57   éþ.6O.uÆê.|...PW
0x00000150   01 5C 01 63 01 68 01 45 72 72 32 00 0D 0A 45 72   .\.c.h.Err2...Er
0x00000160   72 31 00 45 72 72 33 00 0D 0A 50 72 65 73 73 20   r1.Err3...Press 
0x00000170   46 31 31 20 66 6F 72 20 45 6D 65 72 67 65 6E 63   F11 for Emergenc
0x00000180   79 20 52 65 63 6F 76 65 72 79 20 00 73 20 61 20   y Recovery .s a 
0x00000190   6B 65 79 0D 0A 00 00 00 00 00 00 00 00 00 00 00   key.............
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 4D 01 22 BC 22 BC 00 00 80 01   ......M."¼"¼....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 9D 74 9D 11 00 FE   ...þ..?....t...þ
0x000001D0   FF FF 07 FE FF FF DC 74 9D 11 E5 15 04 01 00 00   ...þ..Üt..å.....
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    33ff            XOR DI, DI   
0x0002    be 0002         MOV SI, 0x200   
0x0005    8ed7            MOV SS, DI   
0x0007    bc 007a         MOV SP, 0x7a00   
0x000A    bb a007         MOV BX, 0x7a0   
0x000D    8bce            MOV CX, SI   
0x000F    8edb            MOV DS, BX   
0x0011    8ec3            MOV ES, BX   
0x0013    f3 a4           REP MOVSB   
0x0015    ea 7200 a007    JMP FAR 0x7a0:0x72   
0x001A    1000            ADC [BX+SI], AL   
0x001C    0100            ADD [BX+SI], AX   
0x001E    007a 00         ADD [BP+SI+0x0], BH   
0x0021    0000            ADD [BX+SI], AL   
0x0023    0000            ADD [BX+SI], AL   
0x0025    0000            ADD [BX+SI], AL   
0x0027    0000            ADD [BX+SI], AL   
0x0029    0007            ADD [BX], AL   
0x002B    66 8b55 08      MOV EDX, [DI+0x8]   
0x002F    b4 42           MOV AH, 0x42   
0x0031    c606 1f00 7c    MOV BYTE [0x1f], 0x7c   
0x0036    32c0            XOR AL, AL   
0x0038    66 8916 2200    MOV [0x22], EDX   
0x003D    be 1a00         MOV SI, 0x1a   
0x0040    b2 80           MOV DL, 0x80   
0x0042    cd 13           INT 0x13   
0x0044    0f82 c200       JB 0x10a   
0x0048    813e fe03 55aa  CMP WORD [0x3fe], 0xaa55   
0x004E    c3              RET   
0x004F    ac              LODSB   
0x0050    0ac0            OR AL, AL   
0x0052    74 fa           JZ 0x4e   
0x0054    b4 0e           MOV AH, 0xe   
0x0056    bb 0700         MOV BX, 0x7   
0x0059    cd 10           INT 0x10   
0x005B    eb f2           JMP 0x4f   
0x005D    b8 125f         MOV AX, 0x5f12   
0x0060    66 ba 5150485f  MOV EDX, 0x5f485051   
0x0066    cd 15           INT 0x15   
0x0068    73 02           JAE 0x6c   
0x006A    33db            XOR BX, BX   
0x006C    80e3 01         AND BL, 0x1   
0x006F    0adb            OR BL, BL   
0x0071    c3              RET   
0x0072    8be9            MOV BP, CX   
0x0074    8bd9            MOV BX, CX   
0x0076    c606 2a00 0c    MOV BYTE [0x2a], 0xc   
0x007B    bf ee01         MOV DI, 0x1ee   
0x007E    b9 0400         MOV CX, 0x4   
0x0081    386d 04         CMP [DI+0x4], CH   
0x0084    74 39           JZ 0xbf   
0x0086    e8 a2ff         CALL 0x2b   
0x0089    75 21           JNZ 0xac   
0x008B    66 b8 5245434f  MOV EAX, 0x4f434552   
0x0091    66 3906 0302    CMP [0x203], EAX   
0x0096    74 0c           JZ 0xa4   
0x0098    66 3906 f003    CMP [0x3f0], EAX   
0x009D    75 0d           JNZ 0xac   
0x009F    c606 2a00 07    MOV BYTE [0x2a], 0x7   
0x00A4    8bdf            MOV BX, DI   
0x00A6    c645 04 0c      MOV BYTE [DI+0x4], 0xc   
0x00AA    eb 13           JMP 0xbf   
0x00AC    8a45 04         MOV AL, [DI+0x4]   
0x00AF    3c 07           CMP AL, 0x7   
0x00B1    74 0a           JZ 0xbd   
0x00B3    3c 0b           CMP AL, 0xb   
0x00B5    74 06           JZ 0xbd   
0x00B7    24 f5           AND AL, 0xf5   
0x00B9    3c 04           CMP AL, 0x4   
0x00BB    75 02           JNZ 0xbf   
0x00BD    8bef            MOV BP, DI   
0x00BF    882d            MOV [DI], CH   
0x00C1    83ef 10         SUB DI, 0x10   
0x00C4    e2 bb           LOOP 0x81   
0x00C6    0bdb            OR BX, BX   
0x00C8    74 1b           JZ 0xe5   
0x00CA    0bed            OR BP, BP   
0x00CC    74 17           JZ 0xe5   
0x00CE    8bfb            MOV DI, BX   
0x00D0    f606 4e01 04    TEST BYTE [0x14e], 0x4   
0x00D5    75 47           JNZ 0x11e   
0x00D7    f606 4e01 02    TEST BYTE [0x14e], 0x2   
0x00DC    75 44           JNZ 0x122   
0x00DE    e8 7cff         CALL 0x5d   
0x00E1    75 3b           JNZ 0x11e   
0x00E3    eb 3d           JMP 0x122   
0x00E5    66 33d2         XOR EDX, EDX   
0x00E8    e8 44ff         CALL 0x2f   
0x00EB    ba 0100         MOV DX, 0x1   
0x00EE    b1 04           MOV CL, 0x4   
0x00F0    bf be03         MOV DI, 0x3be   
0x00F3    0bd2            OR DX, DX   
0x00F5    75 06           JNZ 0xfd   
0x00F7    807d 04 00      CMP BYTE [DI+0x4], 0x0   
0x00FB    75 42           JNZ 0x13f   
0x00FD    803d 80         CMP BYTE [DI], 0x80   
0x0100    74 3d           JZ 0x13f   
0x0102    83c7 10         ADD DI, 0x10   
0x0105    e2 ec           LOOP 0xf3   
0x0107    4a              DEC DX   
0x0108    74 e4           JZ 0xee   
0x010A    8b36 5101       MOV SI, [0x151]   
0x010E    e8 3eff         CALL 0x4f   
0x0111    8b36 5301       MOV SI, [0x153]   
0x0115    e8 37ff         CALL 0x4f   
0x0118    b4 00           MOV AH, 0x0   
0x011A    cd 16           INT 0x16   
0x011C    cd 18           INT 0x18   
0x011E    8bef            MOV BP, DI   
0x0120    eb 00           JMP 0x122   
0x0122    a0 2a00         MOV AL, [0x2a]   
0x0125    8845 04         MOV [DI+0x4], AL   
0x0128    8bfd            MOV DI, BP   
0x012A    c605 80         MOV BYTE [DI], 0x80   
0x012D    8026 4e01 f9    AND BYTE [0x14e], 0xf9   
0x0132    66 33d2         XOR EDX, EDX   
0x0135    c606 1f00 7a    MOV BYTE [0x1f], 0x7a   
0x013A    b4 43           MOV AH, 0x43   
0x013C    e8 f7fe         CALL 0x36   
0x013F    e8 e9fe         CALL 0x2b   
0x0142    8b36 4f01       MOV SI, [0x14f]   
0x0146    75 c6           JNZ 0x10e   
0x0148    ea 007c 0000    JMP FAR 0x0:0x7c00   
0x014D    0150 57         ADD [BX+SI+0x57], DX   
0x0150    015c 01         ADD [SI+0x1], BX   
0x0153    6301            ARPL [BX+DI], AX   
0x0155    68 0145         PUSH 0x4501   
0x0158    72 72           JB 0x1cc   
0x015A    3200            XOR AL, [BX+SI]   
0x015C    0d 0a45         OR AX, 0x450a   
0x015F    72 72           JB 0x1d3   
0x0161    3100            XOR [BX+SI], AX   
0x0163    45              INC BP   
0x0164    72 72           JB 0x1d8   
0x0166    3300            XOR AX, [BX+SI]   
0x0168    0d 0a50         OR AX, 0x500a   
0x016B    72 65           JB 0x1d2   
0x016D    73 73           JAE 0x1e2   
0x016F    2046 31         AND [BP+0x31], AL   
0x0172    3120            XOR [BX+SI], SP   
0x0174    66 6f           OUTSD   
0x0176    72 20           JB 0x198   
0x0178    45              INC BP   
0x0179    6d              INSW   
0x017A    65              DB 0x65   
0x017A    65 72 67        JB 0x1e4   
0x017D    65 6e           OUTS DX, BYTE GS:[SI]   
0x017F    6379 20         ARPL [BX+DI+0x20], DI   
0x0182    52              PUSH DX   
0x0183    65 636f 76      ARPL GS:[BX+0x76], BP   
0x0187    65              DB 0x65   
0x0187    65 72 79        JB 0x203   
0x018A    2000            AND [BX+SI], AL   
0x018C    73 20           JAE 0x1ae   
0x018E    61              POPA   
0x018F    206b 65         AND [BP+DI+0x65], CH   
0x0192    79 0d           JNS 0x1a1   
0x0194    0a00            OR AL, [BX+SI]   
0x0196    0000            ADD [BX+SI], AL   
0x0198    0000            ADD [BX+SI], AL   
0x019A    0000            ADD [BX+SI], AL   
0x019C    0000            ADD [BX+SI], AL   
0x019E    0000            ADD [BX+SI], AL   
0x01A0    0000            ADD [BX+SI], AL   
0x01A2    0000            ADD [BX+SI], AL   
0x01A4    0000            ADD [BX+SI], AL   
0x01A6    0000            ADD [BX+SI], AL   
0x01A8    0000            ADD [BX+SI], AL   
0x01AA    0000            ADD [BX+SI], AL   
0x01AC    0000            ADD [BX+SI], AL   
0x01AE    0000            ADD [BX+SI], AL   
0x01B0    0000            ADD [BX+SI], AL   
0x01B2    0000            ADD [BX+SI], AL   
0x01B4    0000            ADD [BX+SI], AL   
0x01B6    4d              DEC BP   
0x01B7    0122            ADD [BP+SI], SP   
0x01B9    bc 22bc         MOV SP, 0xbc22   
0x01BC    0000            ADD [BX+SI], AL   
0x01BE    8001 01         ADD BYTE [BX+DI], 0x1   
0x01C1    0007            ADD [BX], AL   
0x01C3    fe              DB 0xfe   
0x01C4    ff              DB 0xff   
0x01C5    ff              DB 0xff   
0x01C6    3f              AAS   
0x01C7    0000            ADD [BX+SI], AL   
0x01C9    009d 749d       ADD [DI-0x628c], BL   
0x01CD    1100            ADC [BX+SI], AX   
0x01CF    fe              DB 0xfe   
0x01D0    ff              DB 0xff   
0x01D1    ff07            INC WORD [BX]   
0x01D3    fe              DB 0xfe   
0x01D4    ff              DB 0xff   
0x01D5    ff              DB 0xff   
0x01D6    dc74 9d         FDIV QWORD [SI-0x63]   
0x01D9    11e5            ADC BP, SP   
0x01DB    15 0401         ADC AX, 0x104   
0x01DE    0000            ADD [BX+SI], AL   
0x01E0    0000            ADD [BX+SI], AL   
0x01E2    0000            ADD [BX+SI], AL   
0x01E4    0000            ADD [BX+SI], AL   
0x01E6    0000            ADD [BX+SI], AL   
0x01E8    0000            ADD [BX+SI], AL   
0x01EA    0000            ADD [BX+SI], AL   
0x01EC    0000            ADD [BX+SI], AL   
0x01EE    0000            ADD [BX+SI], AL   
0x01F0    0000            ADD [BX+SI], AL   
0x01F2    0000            ADD [BX+SI], AL   
0x01F4    0000            ADD [BX+SI], AL   
0x01F6    0000            ADD [BX+SI], AL   
0x01F8    0000            ADD [BX+SI], AL   
0x01FA    0000            ADD [BX+SI], AL   
0x01FC    0000            ADD [BX+SI], AL   
0x01FE    55              PUSH BP   
0x01FF    aa              STOSB

Re: trojský kůň

Napsal: 15 črc 2012 16:37
od Zoe25
Díky moc za vše :) už mě momentálně nic moc asinenapadá..jen jsem si ted všimla, že když jsem odinstalovala ten ICQ toolbar takž mi nefunguje ta ikona ICQ (nezobrazuje se to jako kytka) a ještě jen jak jsem ti psala o těch dvou neviditelných ikonách,tak je mohu někam přesunout z plochy do nějaké složky nebo jsou potřeba tam?
Ale jinak vše zatím funguje v pohodě..:)

Měj se krásně a a ještě jednou děkuju :)
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz