VIRUS, MALWARE

Zpráva

MMJJ · #16 Příspěvek od **MMJJ** » 12 dub 2010 21:23

i tato zpráva pro vás odešla - a to neposílám z nouzáku, takže to je asi ok. Díky !

#17 Příspěvek od **Caroprd111** » 12 dub 2010 21:24

Poprosím o nový log z RSIT.

MMJJ · #18 Příspěvek od **MMJJ** » 12 dub 2010 21:25

Logfile of random's system information tool 1.06 (written by random/random)
Run by MJ at 2010-04-12 22:24:54
Systém Microsoft Windows XP Professional Service Pack 1
System drive C: has 31 GB (81%) free of 38 GB
Total RAM: 1014 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:59, on 12.4.2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\MJ\Plocha\RSIT.exe
C:\Program Files\trend micro\MJ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0800136140
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Služba Google Update (gupdate1ca8f788138d1b4) (gupdate1ca8f788138d1b4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 5667 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-30 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINDOWS\System32\msdxm.ocx [2002-09-20 844828]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-12-10 18789920]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-12-28 417792]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2005-07-08 1397760]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-12-14 39408]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-04-12 22:18:07 ----A---- C:\WINDOWS\resetlog.txt
2010-04-12 21:44:02 ----D---- C:\WINDOWS\temp
2010-04-12 21:44:00 ----A---- C:\ComboFix.txt
2010-04-12 21:32:36 ----A---- C:\WINDOWS\zip.exe
2010-04-12 21:32:36 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-12 21:32:36 ----A---- C:\WINDOWS\SWSC.exe
2010-04-12 21:32:36 ----A---- C:\WINDOWS\SWREG.exe
2010-04-12 21:32:36 ----A---- C:\WINDOWS\sed.exe
2010-04-12 21:32:36 ----A---- C:\WINDOWS\PEV.exe
2010-04-12 21:32:36 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-12 21:32:36 ----A---- C:\WINDOWS\MBR.exe
2010-04-12 21:32:36 ----A---- C:\WINDOWS\grep.exe
2010-04-12 21:32:29 ----D---- C:\WINDOWS\ERDNT
2010-04-12 21:32:09 ----D---- C:\Qoobox
2010-04-08 06:24:19 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-05 15:51:34 ----D---- C:\_OTL
2010-04-05 08:34:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-05 04:17:18 ----D---- C:\Program Files\trend micro
2010-04-05 04:17:17 ----D---- C:\rsit
2010-03-30 20:31:36 ----D---- C:\Program Files\Sunbelt Software

======List of files/folders modified in the last 1 months======

2010-04-12 22:20:17 ----D---- C:\Documents and Settings\MJ\Data aplikací\Skype
2010-04-12 22:19:48 ----SHD---- C:\System Volume Information
2010-04-12 22:19:48 ----D---- C:\WINDOWS\System32\Restore
2010-04-12 22:19:42 ----D---- C:\WINDOWS\Debug
2010-04-12 22:18:07 ----D---- C:\WINDOWS
2010-04-12 21:45:10 ----D---- C:\WINDOWS\System32\CatRoot2
2010-04-12 21:44:02 ----D---- C:\WINDOWS\System32\drivers
2010-04-12 21:42:50 ----A---- C:\WINDOWS\system.ini
2010-04-12 21:34:56 ----D---- C:\WINDOWS\system32
2010-04-12 21:34:56 ----D---- C:\WINDOWS\AppPatch
2010-04-12 21:34:56 ----D---- C:\Program Files\Common Files
2010-04-12 20:31:35 ----D---- C:\Documents and Settings\MJ\Data aplikací\skypePM
2010-04-09 21:04:39 ----D---- C:\WINDOWS\Prefetch
2010-04-05 05:24:43 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-05 04:17:18 ----RD---- C:\Program Files
2010-04-01 22:30:19 ----SD---- C:\WINDOWS\Tasks
2010-03-30 20:31:58 ----SHD---- C:\WINDOWS\Installer
2010-03-30 20:31:50 ----HD---- C:\WINDOWS\inf
2010-03-30 19:34:56 ----D---- C:\WINDOWS\Minidump
2010-03-29 21:44:54 ----D---- C:\Documents and Settings
2010-03-29 21:32:53 ----RSHDC---- C:\WINDOWS\System32\dllcache
2010-03-29 21:18:13 ----RD---- C:\WINDOWS\Offline Web Pages
2010-03-29 20:05:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-29 18:37:16 ----SHD---- C:\WINDOWS\CSC
2010-03-28 10:28:43 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2009-02-13 45416]
R1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\System32\drivers\incdrm.sys [2005-07-08 28672]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-12-10 6017568]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2009-06-05 142336]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]
R4 InCDfs;InCD File System; C:\WINDOWS\System32\drivers\InCDfs.sys [2005-07-08 99584]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 catchme;catchme; \??\C:\DOCUME~1\MJ\LOCALS~1\Temp\catchme.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
S2 gupdate1ca8f788138d1b4;Služba Google Update (gupdate1ca8f788138d1b4); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07 133104]
S2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-14 182768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2010-02-23 79360]

-----------------EOF-----------------

#19 Příspěvek od **Caroprd111** » 12 dub 2010 21:31

Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.

Obrázek

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter

Obrázek

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte a použijte http://oldtimer.geekstogo.com/TFC.exe

Obrázek

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

Spusťte.
Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít

Doinstalujte SP3 http://www.viry.cz/forum/viewtopic.php?f=46&t=86100

MMJJ · #20 Příspěvek od **MMJJ** » 12 dub 2010 22:02

sory, nevim, co jsou lišty - v programech toolbary nevidim

#21 Příspěvek od **Caroprd111** » 13 dub 2010 04:59

Google Toolbar for Internet Explorer

MMJJ · #22 Příspěvek od **MMJJ** » 13 dub 2010 18:53

ahoj, udělal jsem vše, co jste napsal.

#23 Příspěvek od **Caroprd111** » 13 dub 2010 18:56

V tom případě je to vše.

MMJJ · #24 Příspěvek od **MMJJ** » 13 dub 2010 19:04

ok, díky!

#25 Příspěvek od **Caroprd111** » 13 dub 2010 19:07

Nemáte zač

MMJJ · #26 Příspěvek od **MMJJ** » 18 dub 2010 09:23

Hezký víkend,
mohu požádat o kontrolu logu? něco v počítači mam, asi spyware.
díky, Marek

Logfile of random's system information tool 1.06 (written by random/random)
Run by MJ at 2010-04-18 10:21:05
Systém Microsoft Windows XP Professional Service Pack 1
System drive C: has 31 GB (81%) free of 38 GB
Total RAM: 1014 MB (59% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINDOWS\System32\msdxm.ocx [2002-09-20 844828]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-12-10 18789920]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-12-28 417792]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2005-07-08 1397760]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"mfvjgbft"=C:\Documents and Settings\MJ\Local Settings\Data aplikací\ynhcwfyab\gpvqhxvtssd.exe [2010-04-17 271616]
"tqremdcy"=C:\Documents and Settings\MJ\Local Settings\Data aplikací\pclaxjoey\gnbqasgtssd.exe [2010-04-17 271616]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"asam"=C:\WINDOWS\asam.exe [2010-04-17 60672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"mfvjgbft"=C:\Documents and Settings\MJ\Local Settings\Data aplikací\ynhcwfyab\gpvqhxvtssd.exe [2010-04-17 271616]
"tqremdcy"=C:\Documents and Settings\MJ\Local Settings\Data aplikací\pclaxjoey\gnbqasgtssd.exe [2010-04-17 271616]
"asam"=C:\WINDOWS\asam.exe [2010-04-17 60672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-04-18 10:21:05 ----D---- C:\rsit
2010-04-18 10:21:05 ----D---- C:\Program Files\trend micro
2010-04-18 10:12:00 ----D---- C:\Documents and Settings\MJ\Data aplikací\Mozilla
2010-04-18 10:11:50 ----D---- C:\Program Files\Mozilla Firefox
2010-04-18 10:11:24 ----A---- C:\Program Files\FirefoxSetup3.6.3.exe
2010-04-17 21:02:08 ----A---- C:\WINDOWS\resetlog.txt
2010-04-17 20:40:21 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-17 20:35:54 ----A---- C:\WINDOWS\asam.exe
2010-04-13 19:34:55 ----D---- C:\Documents and Settings\MJ\Data aplikací\Help
2010-04-12 23:03:10 ----SHD---- C:\RECYCLER
2010-04-12 21:44:02 ----D---- C:\WINDOWS\temp
2010-04-05 08:34:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-30 20:31:36 ----D---- C:\Program Files\Sunbelt Software

======List of files/folders modified in the last 1 months======

2010-04-18 10:21:05 ----RD---- C:\Program Files
2010-04-18 10:15:34 ----D---- C:\WINDOWS\System32\CatRoot2
2010-04-18 10:14:53 ----D---- C:\WINDOWS\Prefetch
2010-04-18 10:12:02 ----D---- C:\WINDOWS
2010-04-18 10:08:55 ----D---- C:\Documents and Settings\MJ\Data aplikací\Skype
2010-04-18 10:07:43 ----D---- C:\WINDOWS\Debug
2010-04-18 09:38:15 ----D---- C:\Documents and Settings\MJ\Data aplikací\skypePM
2010-04-17 23:22:20 ----D---- C:\WINDOWS\System32\drivers
2010-04-17 23:22:20 ----D---- C:\WINDOWS\Cursors
2010-04-17 17:04:20 ----D---- C:\WINDOWS\system32
2010-04-14 23:28:30 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-13 19:42:49 ----SHD---- C:\System Volume Information
2010-04-13 19:42:49 ----D---- C:\WINDOWS\System32\Restore
2010-04-13 19:34:55 ----D---- C:\WINDOWS\Help
2010-04-13 17:45:29 ----D---- C:\Program Files\Google
2010-04-12 23:09:20 ----SHD---- C:\WINDOWS\Installer
2010-04-12 21:42:50 ----A---- C:\WINDOWS\system.ini
2010-04-12 21:34:56 ----D---- C:\WINDOWS\AppPatch
2010-04-12 21:34:56 ----D---- C:\Program Files\Common Files
2010-04-01 22:30:19 ----SD---- C:\WINDOWS\Tasks
2010-03-30 20:31:50 ----HD---- C:\WINDOWS\inf
2010-03-30 19:34:56 ----D---- C:\WINDOWS\Minidump
2010-03-29 21:44:54 ----D---- C:\Documents and Settings
2010-03-29 21:32:53 ----RSHDC---- C:\WINDOWS\System32\dllcache
2010-03-29 21:18:13 ----RD---- C:\WINDOWS\Offline Web Pages
2010-03-29 20:05:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-29 18:37:16 ----SHD---- C:\WINDOWS\CSC
2010-03-28 10:28:43 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2009-02-13 45416]
R1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\System32\drivers\incdrm.sys [2005-07-08 28672]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-12-10 6017568]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2009-06-05 142336]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]
R4 InCDfs;InCD File System; C:\WINDOWS\System32\drivers\InCDfs.sys [2005-07-08 99584]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
S2 gupdate1ca8f788138d1b4;Služba Google Update (gupdate1ca8f788138d1b4); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07 133104]
S2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2010-02-23 79360]

-----------------EOF-----------------

#27 Příspěvek od **Caroprd111** » 18 dub 2010 09:28

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

MMJJ · #28 Příspěvek od **MMJJ** » 18 dub 2010 09:48

OTL logfile created on: 18.4.2010 10:46:28 - Run 2
OTL by OldTimer - Version 3.2.1.2 Folder = C:\Documents and Settings\MJ\Dokumenty\Stažené soubory
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 014,00 Mb Total Physical Memory | 570,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 30,22 Gb Free Space | 81,12% Space Free | Partition Type: NTFS
Drive D: | 3,99 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MJ-XUO0PUS6PEH1
Current User Name: MJ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.18 10:29:05 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MJ\Dokumenty\Stažené soubory\OTL.exe
PRC - [2010.04.17 20:34:53 | 000,060,672 | ---- | M] () -- C:\WINDOWS\asam.exe
PRC - [2010.04.01 19:59:58 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2005.07.08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2005.07.08 17:25:10 | 001,397,760 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2004.11.02 21:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2002.09.20 18:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010.04.18 10:29:05 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MJ\Dokumenty\Stažené soubory\OTL.exe
MOD - [2002.09.20 18:03:32 | 000,921,600 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010.02.23 20:08:46 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.10.31 07:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) [Auto | Stopped] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4)
SRV - [2008.10.31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher)
SRV - [2005.07.08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)

========== Driver Services (SafeList) ==========

DRV - [2009.12.10 18:23:36 | 006,017,568 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.11.18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.06.05 16:16:32 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.05.11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:29:11 | 000,022,360 | ---- | M] (Avira GmbH) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys -- (avgntmgr)
DRV - [2009.02.13 12:17:49 | 000,045,416 | ---- | M] (Avira GmbH) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd)
DRV - [2008.10.31 07:09:06 | 000,270,888 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2008.06.21 04:54:54 | 000,066,600 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2008.06.21 04:54:54 | 000,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2005.07.08 18:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005.07.08 18:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005.07.08 17:17:31 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005.01.07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-1450960922-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-789336058-1450960922-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-789336058-1450960922-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-789336058-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-789336058-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-789336058-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.18 10:12:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.18 10:11:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010.04.18 10:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Mozilla\Extensions
[2010.04.18 10:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Mozilla\Firefox\Profiles\eza0l59u.default\extensions
[2010.04.18 10:11:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.01 18:51:34 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.04.01 18:51:34 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.04.01 18:51:34 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.04.01 18:51:34 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.04.01 18:51:34 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.04.18 10:06:09 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Rádio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O3 - HKU\S-1-5-21-789336058-1450960922-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.
O4 - HKLM..\Run: [asam] C:\WINDOWS\asam.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [mfvjgbft] C:\Documents and Settings\MJ\Local Settings\Data aplikací\ynhcwfyab\gpvqhxvtssd.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [tqremdcy] C:\Documents and Settings\MJ\Local Settings\Data aplikací\pclaxjoey\gnbqasgtssd.exe ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-789336058-1450960922-839522115-1003..\Run: [asam] C:\WINDOWS\asam.exe ()
O4 - HKU\S-1-5-21-789336058-1450960922-839522115-1003..\Run: [mfvjgbft] C:\Documents and Settings\MJ\Local Settings\Data aplikací\ynhcwfyab\gpvqhxvtssd.exe ()
O4 - HKU\S-1-5-21-789336058-1450960922-839522115-1003..\Run: [tqremdcy] C:\Documents and Settings\MJ\Local Settings\Data aplikací\pclaxjoey\gnbqasgtssd.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1450960922-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-1450960922-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-1450960922-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-1450960922-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-789336058-1450960922-839522115-1003\..Trusted Domains: ([]msn in Tento počítač)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 0800136140 (WUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/L ... nstall.cab (WebSDev Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.18 10:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
[2010.04.18 10:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.18 10:21:05 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.18 10:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Dokumenty\Stažené soubory
[2010.04.18 10:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\Mozilla
[2010.04.18 10:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Data aplikací\Mozilla
[2010.04.18 10:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.04.18 10:11:24 | 008,185,280 | ---- | C] (Mozilla) -- C:\Program Files\FirefoxSetup3.6.3.exe
[2010.04.17 20:40:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MJ\Recent
[2010.04.17 17:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\pclaxjoey
[2010.04.17 17:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\ynhcwfyab
[2010.04.13 19:38:48 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\TFC.exe
[2010.04.13 19:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\Help
[2010.04.13 19:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Data aplikací\Help
[2010.04.12 23:03:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.04.12 22:17:27 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\MJ\Plocha\winsockxpfix.exe
[2010.04.12 21:44:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.04.11 15:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Nová složka
[2010.04.05 04:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\nabídky, MJ OKNA, DVEŘE, soukromí investoři
[2010.04.01 22:26:32 | 017,013,088 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\MJ\Plocha\IE8-WindowsXP-x86-CSY.exe
[2010.03.30 20:31:45 | 000,270,888 | R--- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFw.sys
[2010.03.30 20:31:45 | 000,065,576 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFwIm.sys
[2010.03.30 20:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2010.03.30 20:27:14 | 006,000,608 | ---- | C] (Sunbelt Software ) -- C:\Documents and Settings\MJ\Plocha\sunbelt-personal-firewall.exe
[2010.03.30 20:02:03 | 322,523,176 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\MJ\Plocha\WindowsXP-KB936929-SP3-x86-CSY.exe
[2010.03.29 23:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\zelená úsporám - směrnice
[2010.03.29 23:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\winamp
[2010.03.29 23:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\vgp, horní počernice
[2010.03.29 23:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\trocal
[2010.03.29 23:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\trigema
[2010.03.29 23:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Tomáš Korecký
[2010.03.29 23:42:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Realtek_LAN_PCIE_MB
[2010.03.29 23:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\pacienti
[2010.03.29 23:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\OpenOffice.org 3.0 (cs) Installation Files
[2010.03.29 23:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, REALITNÍ SLUŽBY
[2010.03.29 23:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, OKNA, DVEŘE
[2010.03.29 23:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, CV
[2010.03.29 23:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\kovosystem
[2010.03.29 23:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\koef. tep. prost U
[2010.03.29 23:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\kbe select
[2010.03.29 23:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\avira antivir
[2010.03.29 21:32:48 | 000,047,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010.03.29 20:04:37 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\MJ\Plocha\mbam-setup.exe
[2009.12.11 22:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2009.12.11 22:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2009.12.11 22:47:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.12.11 22:47:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft

========== Files - Modified Within 30 Days ==========

[2010.04.18 10:20:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.18 10:14:05 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Zástupce - firefox.lnk
[2010.04.18 10:12:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010.04.18 10:11:56 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\Mozilla Firefox.lnk
[2010.04.18 10:10:50 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.18 10:07:33 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.18 10:07:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.18 10:07:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.18 10:07:14 | 008,185,280 | ---- | M] (Mozilla) -- C:\Program Files\FirefoxSetup3.6.3.exe
[2010.04.18 10:06:32 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\MJ\NTUSER.DAT
[2010.04.18 10:06:32 | 000,000,180 | -HS- | M] () -- C:\Documents and Settings\MJ\ntuser.ini
[2010.04.18 10:06:31 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\IconCache.db
[2010.04.18 10:06:09 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.04.17 21:14:33 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Skype.lnk
[2010.04.17 20:34:53 | 000,060,672 | ---- | M] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\syssvc.exe
[2010.04.17 20:34:53 | 000,060,672 | ---- | M] () -- C:\WINDOWS\asam.exe
[2010.04.17 17:04:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.04.17 16:53:55 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Dodatek ke smlouvě č. 01010.doc
[2010.04.16 15:38:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.14 23:28:30 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.14 18:03:00 | 000,746,568 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\skenovat0001.tif
[2010.04.13 22:26:51 | 000,046,408 | ---- | M] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.04.13 19:49:14 | 000,212,436 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Windows XP Service Pack 3.docx
[2010.04.13 19:38:54 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\TFC.exe
[2010.04.12 22:17:38 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\MJ\Plocha\winsockxpfix.exe
[2010.04.12 21:42:50 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.12 19:35:21 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\MJ, MASÉRSKÉ, REKONDIČNÍ A REGENERAČNÍ SLUŽBY.doc
[2010.04.12 05:38:02 | 000,589,878 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\svj jan, p. frišerová, MJ, žaluzie.bmp
[2010.04.11 22:10:40 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\redukce, strava, Miroslava Hromová.doc
[2010.04.11 19:44:07 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\zkrat, repertoár.doc
[2010.04.11 19:35:28 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\vraceni_RP.doc
[2010.04.10 00:33:32 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\masáž ve sportu, blanka hošková.doc
[2010.04.09 16:46:42 | 001,683,240 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\MJ\Plocha\SkypeSetup.exe
[2010.04.08 06:32:47 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Janouskova.xls
[2010.04.06 06:02:03 | 000,102,531 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\E0088-10 Plzák, Janouąkova.PDF
[2010.04.04 10:02:36 | 000,047,246 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\poranění měkkého kolena.rtf
[2010.04.04 00:45:33 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\základy fyziatrické léčby, capko.doc
[2010.04.02 00:22:49 | 000,942,592 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\HSS.doc
[2010.04.01 22:27:24 | 016,999,990 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\IE8-WindowsXP-x86-CSY.rar
[2010.04.01 22:26:32 | 017,013,088 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\MJ\Plocha\IE8-WindowsXP-x86-CSY.exe
[2010.03.30 20:27:14 | 006,000,608 | ---- | M] (Sunbelt Software ) -- C:\Documents and Settings\MJ\Plocha\sunbelt-personal-firewall.exe
[2010.03.30 20:02:03 | 322,523,176 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\MJ\Plocha\WindowsXP-KB936929-SP3-x86-CSY.exe
[2010.03.30 19:42:56 | 000,209,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.03.29 21:24:00 | 000,000,698 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2010.03.28 15:41:58 | 090,552,374 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, OKNA, DVEŘE.rar
[2010.03.28 15:05:10 | 030,897,573 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\avira antivir.rar
[2010.03.28 10:28:43 | 000,920,954 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.28 10:28:43 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.28 10:28:43 | 000,389,664 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.03.28 10:28:43 | 000,068,736 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.03.28 10:28:43 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.27 00:05:38 | 000,312,832 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\MJ OKNA DVEŘE, mailing.doc
[2010.03.26 12:50:26 | 000,021,726 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Image (2).tif
[2010.03.26 12:50:22 | 000,020,434 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Image.tif
[2010.03.24 20:27:34 | 000,000,038 | ---- | M] () -- C:\{ec81ab65-9ded-4c70-bc7d-a4d9e14e361d}
[2010.03.23 22:06:32 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\OKNA, DVEŘE, vzory textu.doc

========== Files Created - No Company Name ==========

[2010.04.18 10:14:05 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Zástupce - firefox.lnk
[2010.04.18 10:12:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.04.18 10:11:56 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\Mozilla Firefox.lnk
[2010.04.17 20:35:54 | 000,060,672 | ---- | C] () -- C:\WINDOWS\asam.exe
[2010.04.17 20:34:52 | 000,060,672 | ---- | C] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\syssvc.exe
[2010.04.16 16:15:30 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Dodatek ke smlouvě č. 01010.doc
[2010.04.14 18:02:07 | 000,746,568 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\skenovat0001.tif
[2010.04.13 19:49:21 | 000,212,436 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Windows XP Service Pack 3.docx
[2010.04.12 05:38:01 | 000,589,878 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\svj jan, p. frišerová, MJ, žaluzie.bmp
[2010.04.11 19:30:48 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\vraceni_RP.doc
[2010.04.11 15:22:26 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\redukce, strava, Miroslava Hromová.doc
[2010.04.09 23:03:51 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\masáž ve sportu, blanka hošková.doc
[2010.04.08 06:32:48 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Janouskova.xls
[2010.04.07 21:48:06 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\zkrat, repertoár.doc
[2010.04.06 06:02:07 | 000,102,531 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\E0088-10 Plzák, Janouąkova.PDF
[2010.04.04 09:59:51 | 000,047,246 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\poranění měkkého kolena.rtf
[2010.04.03 12:13:53 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\základy fyziatrické léčby, capko.doc
[2010.04.02 00:21:49 | 000,942,592 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\HSS.doc
[2010.04.01 22:27:13 | 016,999,990 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\IE8-WindowsXP-x86-CSY.rar
[2010.03.28 15:41:14 | 090,552,374 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, OKNA, DVEŘE.rar
[2010.03.28 15:04:47 | 030,897,573 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\avira antivir.rar
[2010.03.27 23:02:31 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\MJ, MASÉRSKÉ, REKONDIČNÍ A REGENERAČNÍ SLUŽBY.doc
[2010.03.26 12:50:25 | 000,021,726 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Image (2).tif
[2010.03.26 12:50:22 | 000,020,434 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Image.tif
[2010.03.24 20:08:12 | 000,000,038 | ---- | C] () -- C:\{ec81ab65-9ded-4c70-bc7d-a4d9e14e361d}
[2010.03.10 20:11:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.10 20:01:48 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2010.02.23 20:08:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010.02.01 09:55:22 | 000,130,560 | RHS- | C] () -- C:\WINDOWS\System32\tsd320.dll
[2010.01.28 17:46:49 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.01.24 11:08:35 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.12.20 22:50:05 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.14 15:45:38 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.12.12 09:49:49 | 000,000,744 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.12.12 09:43:17 | 000,000,180 | -HS- | C] () -- C:\Documents and Settings\MJ\ntuser.ini
[2009.12.12 09:43:16 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\MJ\ntuser.dat.LOG
[2009.12.12 09:43:15 | 005,242,880 | -H-- | C] () -- C:\Documents and Settings\MJ\NTUSER.DAT
[2008.02.01 09:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2007.02.28 18:42:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[2003.01.07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.03.25 20:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010.02.23 20:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\DassaultSystemes
[2010.01.23 23:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ESET
[2010.04.18 10:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
[2010.02.23 20:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\DassaultSystemes
[2010.01.23 23:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\ESET
[2010.01.07 18:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\OpenOffice.org
[2010.01.16 20:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\profine

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP:5C321E34
< End of report >

#29 Příspěvek od **Caroprd111** » 18 dub 2010 10:38

OTL neprohledával pomocí skriptu, spusťte ho ještě jednou podle návodu.

MMJJ · #30 Příspěvek od **MMJJ** » 18 dub 2010 10:40

ten mi to nehází, zkoušel jsem to 2x. vždy jen tento.

VIRY.CZ

VIRUS, MALWARE

Re: VIRUS, MALWARE

Re: VIRUS, MALWARE

Re: VIRUS, MALWARE

Re: VIRUS, MALWARE

Re: VIRUS, MALWARE

Re: VIRUS, MALWARE

Re: VIRUS, MALWARE

Re: VIRUS, MALWARE

Re: VIRUS, MALWARE

Re: VIRUS, MALWARE

Re: VIRUS, MALWARE

Re: VIRUS, MALWARE

Re: VIRUS, MALWARE

Re: VIRUS, MALWARE

Re: VIRUS, MALWARE