VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

velmi velké množství odelsané nevyžádané pošty

https://forum.viry.cz:443/viewtopic.php?t=100526

Stránka 3 z 4

Re: velmi velké množství odelsané nevyžádané pošty

Napsal: 28 dub 2010 22:17
od Tom-Ice
a jak ???

Re: velmi velké množství odelsané nevyžádané pošty

Napsal: 29 dub 2010 05:18
od motji
:arrow: Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde :)

Re: velmi velké množství odelsané nevyžádané pošty

Napsal: 29 dub 2010 14:06
od Tom-Ice
OTL Extras logfile created on: 29.4.2010 15:02:19 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\PC\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 19,87 Gb Free Space | 4,27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3,76 Gb Total Space | 3,66 Gb Free Space | 97,45% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DOMA
Current User Name: PC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Prozkoumat v XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\WWWCukrarna\files\Casino\ParadiseCasino - Czech\casino.exe" = C:\WWWCukrarna\files\Casino\ParadiseCasino - Czech\casino.exe:*:Enabled:casino -- ()
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\WINDOWS\system32\WgaTray.exe" = C:\WINDOWS\system32\WgaTray.exe:*:Enabled:ENABLE -- (Microsoft Corporation)
"C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe" = C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe:*:Enabled:ENABLE -- (Firebird Project)
"C:\WINDOWS\system32\cmd.exe" = C:\WINDOWS\system32\cmd.exe:*:Enabled:ENABLE -- (Microsoft Corporation)
"C:\WINDOWS\system32\ntvdm.exe" = C:\WINDOWS\system32\ntvdm.exe:*:Enabled:ENABLE -- (Microsoft Corporation)
"C:\Program Files\MRP\MRPKS\MRPKS.exe" = C:\Program Files\MRP\MRPKS\MRPKS.exe:*:Enabled:ENABLE -- (MRP Informatics, s.r.o. http://www.mrp.cz)
"C:\WINDOWS\System32\logon.scr" = C:\WINDOWS\System32\logon.scr:*:Enabled:ENABLE -- (Microsoft Corporation)
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" = C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe:*:Enabled:ENABLE -- (Sun Microsystems, Inc.)
"C:\Program Files\MRP\Tiskový manažer\W_mrpprn.exe" = C:\Program Files\MRP\Tiskový manažer\W_mrpprn.exe:*:Enabled:ENABLE -- ()
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:ENABLE -- (BitTorrent, Inc.)
"C:\Program Files\Total Commander\TOTALCMD.EXE" = C:\Program Files\Total Commander\TOTALCMD.EXE:*:Enabled:ENABLE -- (C. Ghisler & Co.)
"C:\Program Files\HP\Digital Imaging\bin\HPQPSXP.exe" = C:\Program Files\HP\Digital Imaging\bin\HPQPSXP.exe:*:Enabled:ENABLE -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe:*:Enabled:ENABLE -- (Hewlett-Packard Development Company, L.P.)
"C:\WINDOWS\system32\netsh.exe" = C:\WINDOWS\system32\netsh.exe:*:Enabled:ENABLE -- (Microsoft Corporation)
"C:\WINDOWS\system32\mspaint.exe" = C:\WINDOWS\system32\mspaint.exe:*:Enabled:ENABLE -- (Microsoft Corporation)
"C:\Program Files\Spamihilator\spamihilator.exe" = C:\Program Files\Spamihilator\spamihilator.exe:*:Enabled:Spamihilator -- (Michel Krämer)
"C:\Program Files\Spamihilator\cdcc.exe" = C:\Program Files\Spamihilator\cdcc.exe:*:Enabled:Spamihilator DCC Filter Configuration -- ()
"C:\Program Files\Spamihilator\dccproc.exe" = C:\Program Files\Spamihilator\dccproc.exe:*:Enabled:Spamihilator DCC Filter -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{078E59A5-668C-D895-1BFF-68AB834A95F3}" = Catalyst Control Center Graphics Full New
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0B6E7EA9-D17E-A9BB-7CE0-A1C737EFB5EE}" = Catalyst Control Center Localization Swedish
"{0FE9DBCE-AB97-90AC-DC4B-BB6C2EDAFF71}" = CCC Help Hungarian
"{155FD632-60F5-A777-538C-3194E889C1D0}" = Catalyst Control Center Localization Greek
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1A9DEF19-760C-4e01-958F-D9B8E6C61B90}" = c5100_Help
"{1E44E5A6-4DCE-F13F-E00E-22076CE97FEA}" = CCC Help Turkish
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26C70E22-6E6D-B28F-9039-5E2052C2A3BB}" = CCC Help Danish
"{29138741-C0FD-3812-EA30-3D4790DBF951}" = CCC Help Korean
"{2BFCBEDB-79F3-17C4-67B8-A0098E214F6A}" = Catalyst Control Center Graphics Full Existing
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{324B54DB-8576-73C9-7089-9373FFD85E18}" = CCC Help Chinese Traditional
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{38797561-17CD-94D2-F422-D83D5133B427}" = CCC Help Chinese Standard
"{3A6898A1-538B-562F-7339-8C5DA25B7254}" = Catalyst Control Center Localization Polish
"{3D190422-5A11-BB51-18B8-7C404DB0E46A}" = Catalyst Control Center Localization Chinese Standard
"{4063CCFF-AEB3-B34C-7D1A-4B32CE46E368}" = CCC Help German
"{41D38ED0-B916-667A-FDD2-965D04D128D5}" = CCC Help Spanish
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4FB3FCC4-AAB5-AED5-4412-B21DABE87025}" = Catalyst Control Center Localization Korean
"{4FDF7A38-81F4-55F3-1661-CC211DBC96A2}" = CCC Help English
"{52E1EC3F-B8E4-19B5-7EE6-A728B64A4310}" = CCC Help Swedish
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{55BD9B64-A9A8-44DF-E4AE-BDF60F5D4E90}" = CCC Help Thai
"{5B014615-5EB8-EE17-4256-A7B1640819A3}" = CCC Help Italian
"{5B852893-9997-AE56-ED51-5F332938B543}" = Skins
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6D14916C-EC29-40FC-8FFB-08A66576BE78}" = Spamihilator 0.9.9.53 (32 bit)
"{6E33F77B-952D-0FF5-87C4-7CDB66B0E8A1}" = Catalyst Control Center Localization Czech
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{709A7F8D-E1DA-A26F-2C10-B91CDA616FD9}" = CCC Help Portuguese
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{79DE041C-BCA2-EFBF-5BC1-B89CCC2893D2}" = CCC Help Polish
"{7BD95C90-3FAA-F55C-E9C2-2951F19474A2}" = Catalyst Control Center Localization Portuguese
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{80B4EB2E-F609-F443-E114-5D935412F085}" = CCC Help Greek
"{80EB1351-E642-33EA-0BF9-C681D616E270}" = CCC Help Czech
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{854B9E99-4007-E575-8E8E-3EDFA5B64CA9}" = CCC Help Dutch
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D5C88CA-2B55-C174-5AC3-643A638C91C8}" = Catalyst Control Center Localization Italian
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90502AE6-C689-A70E-D03D-1AFB6C233EA0}" = Catalyst Control Center Localization Norwegian
"{96639158-501C-D2C4-D25A-B6A86AA4B906}" = Catalyst Control Center Localization Danish
"{977AB934-E01A-DDEC-CF30-B686D5C0A248}" = Catalyst Control Center Localization French
"{982476DE-F2B9-00B0-36E3-DA06948EC1B4}" = Catalyst Control Center Localization Finnish
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4E913EC-8F82-14BB-F31F-0B983F540968}" = Catalyst Control Center Localization Spanish
"{A75BF1D0-C7C3-CB55-EE17-3225387FD154}" = ccc-core-static
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{AA39701D-F5EA-7EC9-D311-08AB84970CD8}" = Catalyst Control Center Localization German
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1029-7B44-A92000000001}" = Adobe Reader 9.2 - Czech
"{AD69F082-B9EE-29BE-14A9-6B453A0B644A}" = CCC Help Japanese
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B3B9BC18-2A09-4728-9B46-12E85FF3F628}" = C5100
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C122B78E-8ACA-BDF3-D150-78B26C3C4B94}" = Catalyst Control Center Graphics Light
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C1E28A5C-94A0-DE77-52FC-177C2930FC48}" = Catalyst Control Center Localization Hungarian
"{C7DA7D9E-56A7-1E08-1B47-427AE3B0C254}" = Catalyst Control Center Core Implementation
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE269E6-CB57-7F2E-3A11-3FF3DE4C1B5D}" = CCC Help Norwegian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFAF33CA-01A5-5FD7-70F4-0195A0FBFD8E}" = CCC Help French
"{D0CA80F4-880D-8929-A78D-54E2CC46565D}" = Catalyst Control Center Localization Dutch
"{D3162DFC-7CA1-47A9-AA00-15BE80E3B1F8}" = 602XML Filler
"{DB40817E-C5E6-6818-47F2-0359EAE14271}" = Catalyst Control Center Localization Japanese
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DC49E045-EB3F-9A88-7404-933FF86D9E2F}" = CCC Help Finnish
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E0DB1A31-F468-8E22-B158-C7756F4DE68E}" = CCC Help Russian
"{E0FF82C1-E2DE-D6D3-A264-F9FBCFFE7D24}" = Catalyst Control Center Localization Russian
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E33A3E61-E7DA-65FB-75B4-AA68B6F9D83B}" = ccc-utility
"{E65906BF-1BB5-0D31-A62C-54A56B687EF5}" = Catalyst Control Center Localization Thai
"{E97C3316-8C49-2267-0976-C6A56C5DC2F8}" = Catalyst Control Center Localization Turkish
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F17CE6DC-028C-C02E-3739-2C2802C08D7C}" = Catalyst Control Center Localization Chinese Traditional
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG 9.0
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.0.7.0 (18/09/2009)
"FBDBServer_2_1_is1" = Firebird 2.1.1.17910 (Win32)
"Furnish Pro" = Furnish Pro
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.57
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"MP4 Player" = MP4 Player
"MRP NetAgent" = MRP Aktualizační manažer
"MRPKS CZ" = MRP-KS, účetní systém
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SMPlayer" = SMPlayer 0.6.7
"Spyware Terminator_is1" = Spyware Terminator
"Totalcmd" = Total Commander (Remove or Repair)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.96
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-725345543-299502267-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28.4.2009 14:25:04 | Computer Name = PC-DOMA | Source = AVG7 | ID = 100
Description =

Error - 28.4.2009 14:25:04 | Computer Name = PC-DOMA | Source = AVG7 | ID = 100
Description =

Error - 28.4.2009 14:25:04 | Computer Name = PC-DOMA | Source = AVG7 | ID = 100
Description =

Error - 28.4.2009 14:25:04 | Computer Name = PC-DOMA | Source = AVG7 | ID = 100
Description =

Error - 28.4.2009 14:25:04 | Computer Name = PC-DOMA | Source = AVG7 | ID = 100
Description =

Error - 28.4.2009 14:25:04 | Computer Name = PC-DOMA | Source = AVG7 | ID = 100
Description =

Error - 28.4.2009 14:25:04 | Computer Name = PC-DOMA | Source = AVG7 | ID = 100
Description =

Error - 28.4.2009 14:25:04 | Computer Name = PC-DOMA | Source = AVG7 | ID = 100
Description =

Error - 28.4.2009 14:25:04 | Computer Name = PC-DOMA | Source = AVG7 | ID = 100
Description =

Error - 28.4.2009 14:25:04 | Computer Name = PC-DOMA | Source = AVG7 | ID = 100
Description =

[ Application Events ]
Error - 28.4.2009 14:25:04 | Computer Name = PC-DOMA | Source = AVG7 | ID = 100
Description =

Error - 28.4.2009 14:25:04 | Computer Name = PC-DOMA | Source = AVG7 | ID = 100
Description =

Error - 28.4.2009 14:25:04 | Computer Name = PC-DOMA | Source = AVG7 | ID = 100
Description =

Error - 28.4.2009 14:25:04 | Computer Name = PC-DOMA | Source = AVG7 | ID = 100
Description =

Error - 28.4.2009 14:25:04 | Computer Name = PC-DOMA | Source = AVG7 | ID = 100
Description =

Error - 28.4.2009 14:25:04 | Computer Name = PC-DOMA | Source = AVG7 | ID = 100
Description =

Error - 28.4.2009 14:25:04 | Computer Name = PC-DOMA | Source = AVG7 | ID = 100
Description =

Error - 28.4.2009 14:25:04 | Computer Name = PC-DOMA | Source = AVG7 | ID = 100
Description =

Error - 28.4.2009 14:25:04 | Computer Name = PC-DOMA | Source = AVG7 | ID = 100
Description =

Error - 28.4.2009 14:25:04 | Computer Name = PC-DOMA | Source = AVG7 | ID = 100
Description =


< End of report >

Re: velmi velké množství odelsané nevyžádané pošty

Napsal: 29 dub 2010 19:44
od motji
Našel by jste ještě tento log?
OTL.Txt

Re: velmi velké množství odelsané nevyžádané pošty

Napsal: 30 dub 2010 08:33
od Tom-Ice
Zdravim
No asi ano pokud je to tedy tady totO:

OTL logfile created on: 29.4.2010 15:02:19 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\PC\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 19,87 Gb Free Space | 4,27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3,76 Gb Total Space | 3,66 Gb Free Space | 97,45% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DOMA
Current User Name: PC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.29 15:00:19 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PC\Plocha\OTL.exe
PRC - [2010.04.19 16:19:40 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010.03.31 12:35:45 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2010.03.29 22:43:20 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010.03.26 11:42:45 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010.03.26 11:42:44 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010.03.26 11:42:41 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010.03.26 11:42:40 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010.03.26 11:42:40 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010.03.26 11:42:37 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010.01.02 10:37:38 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009.12.12 13:49:28 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2008.11.06 19:23:16 | 000,772,096 | ---- | M] () -- C:\Program Files\MP4 Player\Mp4Player.exe
PRC - [2008.06.13 15:22:50 | 002,723,840 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.08.09 09:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007.03.14 04:43:44 | 000,083,608 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
PRC - [2007.03.14 04:43:42 | 000,272,024 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
PRC - [2005.03.18 16:31:34 | 001,138,688 | ---- | M] () -- C:\Program Files\MRP\Tiskový manažer\W_mrpprn.exe


========== Modules (SafeList) ==========

MOD - [2010.04.29 15:00:19 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PC\Plocha\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010.03.31 12:35:45 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010.03.26 11:42:41 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010.03.26 11:42:40 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.03.26 11:42:37 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010.02.23 15:04:34 | 000,369,920 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010.01.02 10:37:38 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.06.13 15:22:50 | 002,723,840 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2007.08.09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010.04.27 23:07:11 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\PC\Local Settings\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.04.27 23:07:11 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\PC\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2010.04.19 16:19:41 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.03.31 12:35:45 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010.03.26 11:43:00 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.03.26 11:43:00 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010.03.26 11:42:54 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010.03.26 11:42:53 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010.03.26 11:42:40 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010.03.26 11:42:39 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010.03.26 11:42:37 | 000,026,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010.03.26 11:42:36 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010.03.26 11:42:36 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.04.23 12:12:28 | 004,402,176 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.03.07 06:47:30 | 000,119,808 | R--- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ahcix86.sys -- (ahcix86)
DRV - [2007.02.02 22:03:24 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.08.15 07:09:48 | 000,083,200 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006.07.01 23:42:58 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.08.13 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-725345543-299502267-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-725345543-299502267-682003330-1003\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
IE - HKU\S-1-5-21-725345543-299502267-682003330-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-725345543-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.bsplayer-search.com/startpage"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.1.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.04.19 16:22:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010.03.26 11:42:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\PROGRA~1\Crawler\firefox\ [2010.04.02 10:01:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.02 14:36:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.04.08 18:19:50 | 000,000,000 | ---D | M]

[2009.02.06 14:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Mozilla\Extensions
[2009.02.06 14:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\lx8mgoj4.default\extensions
[2009.03.17 20:24:53 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\lx8mgoj4.default\searchplugins\bsplayer-search.xml
[2009.05.24 18:19:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009.09.21 11:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2008.03.31 21:06:24 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2008.03.31 21:06:24 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2008.01.27 11:57:20 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2008.01.27 11:57:20 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2008.03.31 21:06:24 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.04.28 00:49:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-725345543-299502267-682003330-1003\..\Toolbar\WebBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-725345543-299502267-682003330-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-725345543-299502267-682003330-1003..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-725345543-299502267-682003330-1003..\Run: [MP4 Player] C:\Program Files\MP4 Player\mp4Player.exe ()
O4 - HKU\S-1-5-21-725345543-299502267-682003330-1003..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKU\S-1-5-21-725345543-299502267-682003330-1003..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\S-1-5-21-725345543-299502267-682003330-1003..\Run: [W_MRPPRN] C:\Program Files\MRP\Tiskový manažer\W_mrpprn.exe ()
O4 - Startup: C:\Documents and Settings\PC\Nabídka Start\Programy\Po spuštění\Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725345543-299502267-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-725345543-299502267-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-725345543-299502267-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-725345543-299502267-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O15 - HKU\S-1-5-21-725345543-299502267-682003330-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-725345543-299502267-682003330-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 3910399733 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.06 00:00:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.02.06 00:41:34 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)

========== Files/Folders - Created Within 30 Days ==========

[2010.04.29 15:00:17 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PC\Plocha\OTL.exe
[2010.04.28 23:21:54 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010.04.28 11:14:19 | 000,000,000 | ---D | C] -- C:\Avenger
[2010.04.28 09:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Data aplikací\SUPERAntiSpyware.com
[2010.04.28 09:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
[2010.04.28 08:48:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.04.28 00:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.04.28 00:43:42 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe
[2010.04.28 00:43:42 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grpconv.exe
[2010.04.28 00:36:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.04.28 00:34:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.04.28 00:34:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.04.28 00:34:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.04.28 00:34:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.04.28 00:34:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.04.28 00:31:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.04.27 23:07:09 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.27 23:07:09 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.27 22:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Local Settings\Data aplikací\WMTools Downloaded Files
[2010.04.19 01:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Spamihilator
[2010.04.19 01:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Data aplikací\Spamihilator
[2010.04.19 01:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spamihilator
[2010.04.07 15:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\HP Product Assistant
[2010.03.31 12:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2010.03.31 12:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Data aplikací\Spyware Terminator
[2010.03.31 12:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2010.03.31 12:35:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.29 15:00:19 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PC\Plocha\OTL.exe
[2010.04.29 14:37:28 | 000,003,544 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.04.29 11:14:33 | 059,354,843 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.04.29 11:12:02 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9E6CF8B6-76A5-49F3-B5B4-9AE1DEB951C2}.job
[2010.04.29 11:09:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.29 11:08:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.29 11:08:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.28 23:31:35 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\PC\NTUSER.DAT
[2010.04.28 23:31:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\PC\ntuser.ini
[2010.04.28 23:23:07 | 003,923,072 | ---- | M] () -- C:\Documents and Settings\PC\Plocha\ComboFix.exe
[2010.04.28 20:04:54 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\PC\Plocha\Seznam hostů.doc
[2010.04.28 08:59:31 | 000,312,100 | ---- | M] () -- C:\Program Files\DNA.rar
[2010.04.28 00:50:59 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.28 00:49:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.04.28 00:36:41 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010.04.27 19:08:20 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\PC\Plocha\Microsoft Office Word 2003.lnk
[2010.04.27 18:55:18 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\PC\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.27 15:14:36 | 000,000,070 | ---- | M] () -- C:\Documents and Settings\PC\Data aplikací\AVSDVDPlayer.m3u
[2010.04.26 23:54:35 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.04.24 09:28:05 | 000,582,365 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010.04.20 08:56:54 | 000,002,517 | ---- | M] () -- C:\Documents and Settings\PC\Plocha\Microsoft Office Excel 2003.lnk
[2010.04.19 16:19:41 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.04.19 01:16:02 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\PC\Nabídka Start\Programy\Po spuštění\Spamihilator.lnk
[2010.04.14 23:32:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.03.31 12:37:16 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Spyware Terminator.lnk
[2010.03.31 12:35:45 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.28 23:23:07 | 003,923,072 | ---- | C] () -- C:\Documents and Settings\PC\Plocha\ComboFix.exe
[2010.04.28 08:59:31 | 000,312,100 | ---- | C] () -- C:\Program Files\DNA.rar
[2010.04.28 00:36:40 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010.04.28 00:36:39 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.04.28 00:34:44 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.04.28 00:34:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.04.28 00:34:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.04.28 00:34:44 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.04.28 00:34:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.04.27 19:57:50 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\PC\Plocha\Seznam hostů.doc
[2010.04.19 01:16:02 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\PC\Nabídka Start\Programy\Po spuštění\Spamihilator.lnk
[2010.03.31 12:37:16 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Spyware Terminator.lnk
[2010.03.31 12:35:45 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009.02.23 12:39:01 | 000,001,279 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009.02.07 16:54:43 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.02.06 16:40:13 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009.02.06 12:43:18 | 000,591,890 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009.02.06 12:43:17 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.02.06 12:43:17 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.02.06 12:43:17 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.02.06 12:43:16 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.02.06 12:43:16 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.02.06 12:41:27 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.02.06 12:33:23 | 000,003,544 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.02.06 00:15:49 | 000,025,211 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009.02.06 00:15:28 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009.02.06 00:15:27 | 000,024,810 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.02.06 00:15:06 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2003.04.09 16:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.07.07 04:00:00 | 000,003,165 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

========== LOP Check ==========

[2010.03.26 11:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
[2010.04.14 12:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2010.01.04 00:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Boss Media
[2010.04.19 01:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spamihilator
[2010.04.29 11:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2009.06.01 10:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\aAvgApi
[2009.04.08 23:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\BitTorrent
[2009.03.17 20:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\BSplayer Pro
[2009.07.11 10:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\CoSoSys
[2010.04.29 14:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\DNA
[2009.02.18 12:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\MRP
[2010.04.29 11:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Spamihilator
[2010.04.28 23:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Spyware Terminator
[2009.10.31 19:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Vso
[2010.04.22 22:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\XnView
[2010.04.29 11:12:02 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9E6CF8B6-76A5-49F3-B5B4-9AE1DEB951C2}.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"StartCCC" = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe -- [2006.11.10 13:35:24 | 000,090,112 | ---- | M] ()
"W_MRPPRN" = C:\Program Files\MRP\Tiskový manažer\W_mrpprn.exe -- [2005.03.18 16:31:34 | 001,138,688 | ---- | M] ()
"BitTorrent DNA" = "C:\Program Files\DNA\btdna.exe" -- [2009.12.12 13:49:28 | 000,323,392 | ---- | M] (BitTorrent, Inc.)
"MP4 Player" = "C:\Program Files\MP4 Player\mp4Player.exe" hmw -- [2008.11.06 19:23:16 | 000,772,096 | ---- | M] ()
"SpywareTerminatorUpdate" = "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe" -- [2010.03.31 12:35:46 | 003,037,696 | ---- | M] (Crawler.com)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.02.06 11:13:33 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.02.06 11:13:33 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: AHCIX86.SYS >
[2007.03.07 14:47:30 | 000,119,808 | ---- | M] (ATI Technologies Inc.) MD5=F1B9E3A223CA684D98BB91FD82157601 -- C:\WINDOWS\OemDir\ahcix86.sys
[2007.03.07 06:47:30 | 000,119,808 | R--- | M] (ATI Technologies Inc.) MD5=F1B9E3A223CA684D98BB91FD82157601 -- C:\WINDOWS\system32\drivers\ahcix86.sys
[2007.03.07 14:47:30 | 000,119,808 | ---- | M] (ATI Technologies Inc.) MD5=F1B9E3A223CA684D98BB91FD82157601 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.02.06 11:13:33 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.02.06 11:13:33 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.18 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.18 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2009.02.06 11:13:33 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2009.02.06 11:13:33 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.18 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: LSASS.EXE >
[2004.08.18 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.18 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.18 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.18 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.18 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.18 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.18 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.18 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\PC\Plocha\Cukrárna 2008.pif:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\PC\Plocha\Cukrárna 2005.pif:SummaryInformation
< End of report >

Re: velmi velké množství odelsané nevyžádané pošty

Napsal: 30 dub 2010 09:09
od motji
:arrow: Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\PC\Plocha\Cukrárna 2008.pif:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\PC\Plocha\Cukrárna 2005.pif:SummaryInformation
FF - prefs.js..browser.startup.homepage: "http://www.bsplayer-search.com/startpage"
O4 - HKU\S-1-5-21-725345543-299502267-682003330-1003..\Run: [MP4 Player] C:\Program Files\MP4 Player\mp4Player.exe ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Program Files\DNA\btdna.exe

:commands
[resethosts]
[emptytemp]
[EMPTYFLASH]
[clearallrestorepoints]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde :)


Spustte ještě jednou mbam a napište, jak to vypadá s počítačem.

Re: velmi velké množství odelsané nevyžádané pošty

Napsal: 30 dub 2010 09:48
od Tom-Ice
Po restartu se otevřel tento log ....
Staci toto nebo mam jeste najit neco dalsiho ???



All processes killed
========== OTL ==========
Process explorer.exe killed successfully!
ADS C:\Documents and Settings\PC\Plocha\Cukrárna 2008.pif:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\PC\Plocha\Cukrárna 2005.pif:SummaryInformation deleted successfully.
Prefs.js: "http://www.bsplayer-search.com/startpage" removed from browser.startup.homepage
Registry value HKEY_USERS\S-1-5-21-725345543-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\MP4 Player deleted successfully.
C:\Program Files\MP4 Player\Mp4Player.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\002692_.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1AE.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D9.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP33.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP387.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP466.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP494.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4DA.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8D.tmp folder moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\temp\1829b96199cbc2eac6b8c6af.tmp moved successfully.
C:\WINDOWS\temp\1cd1f85fdf8a33a4307195a9.tmp moved successfully.
C:\WINDOWS\temp\252ea0a6d19378b0e9932596.tmp moved successfully.
C:\WINDOWS\temp\337b4c9c1a3432fc2828ecff.tmp moved successfully.
C:\WINDOWS\temp\36a11b8edaa4ba838fae11e7.tmp moved successfully.
C:\WINDOWS\temp\41b76fa8f32738d7923965c.tmp moved successfully.
C:\WINDOWS\temp\4c63f5a11efd33c16fdc5a6c.tmp moved successfully.
C:\WINDOWS\temp\69f4afaa6066a2f371c8fd5.tmp moved successfully.
C:\WINDOWS\temp\736c76533346999de457939d.tmp moved successfully.
C:\WINDOWS\temp\89b2bf2b4be4dd69aeb61f16.tmp moved successfully.
C:\WINDOWS\temp\8c037fc7d47c9e15bc79c.tmp moved successfully.
C:\WINDOWS\temp\96087b88c2f0c8e54b8bfb7.tmp moved successfully.
C:\WINDOWS\temp\9a612fc179c97c1f18875fe.tmp moved successfully.
C:\WINDOWS\temp\ba40169b1f36e74b352067b8.tmp moved successfully.
C:\WINDOWS\temp\c885f0c5cc555405887b300.tmp moved successfully.
C:\WINDOWS\temp\cd569d718c794b6f4dd11e28.tmp moved successfully.
C:\WINDOWS\temp\ce8aee7c765756c82c457d82.tmp moved successfully.
C:\WINDOWS\twain_32\hpqgnds2.tmp moved successfully.
C:\Program Files\DNA\btdna.exe moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: PC
->Temp folder emptied: 47997886 bytes
->Temporary Internet Files folder emptied: 47396659 bytes
->Java cache emptied: 8506592 bytes
->FireFox cache emptied: 60277909 bytes
->Flash cache emptied: 100762 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 505 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 35972491 bytes

Total Files Cleaned = 191,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: PC
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.3.0 log created on 04302010_104049

Files\Folders moved on Reboot...
C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\QUXG99QO\afr[2].htm moved successfully.
C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\NPDU1CMK\afr[1].htm moved successfully.
C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\NPDU1CMK\honeypot_export[1].htm moved successfully.
C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...

Re: velmi velké množství odelsané nevyžádané pošty

Napsal: 30 dub 2010 09:52
od motji
Ještě odchází ten spam?
Psala jsem výš, spustě znovu mbam, jestli ještě něco najde.
Pokud ne, už jen uklidíme :)

Re: velmi velké množství odelsané nevyžádané pošty

Napsal: 30 dub 2010 10:03
od Tom-Ice
Spustte ještě jednou mbam a napište, jak to vypadá s počítačem.

????


mbam to si mám stáhnout ? .... nedke sem tu na to videl odkaz

Re: velmi velké množství odelsané nevyžádané pošty

Napsal: 30 dub 2010 10:04
od Tom-Ice
jo jo už to mam tady to je:


našel:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4053

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30.4.2010 11:02:44
mbam-log-2010-04-30 (11-02-44).txt

Typ skenu: Rychlý sken
Skenované objekty: 116477
Uplynulý čas: 4 minuta(y), 0 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\PC\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\PC\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.

Re: velmi velké množství odelsané nevyžádané pošty

Napsal: 30 dub 2010 10:05
od Tom-Ice
infikované soubory odstarnim

Re: velmi velké množství odelsané nevyžádané pošty

Napsal: 30 dub 2010 10:06
od Tom-Ice
po odstranení :

Typ skenu: Rychlý sken
Skenované objekty: 116477
Uplynulý čas: 4 minuta(y), 0 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\PC\Data aplikací\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Data aplikací\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

Re: velmi velké množství odelsané nevyžádané pošty

Napsal: 30 dub 2010 10:09
od motji
Počítač se chová jak?

Re: velmi velké množství odelsané nevyžádané pošty

Napsal: 30 dub 2010 10:11
od Tom-Ice
probehl restart :o

jinak nepozoruju zadne dalsi podezdrele chovani :roll:

jinak nevim jak odpovědět na Vaši otázku počítač se chová jak :shock:

Re: velmi velké množství odelsané nevyžádané pošty

Napsal: 30 dub 2010 10:14
od motji
:D Jestli ještě něco odesílá, funguje normálně, není spomalený...prostě jak se chová :D



:arrow: Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


:arrow: Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


:arrow: Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázekzáložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázekzáložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy :arrow: ok :arrow: zavřít

Obrázek Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



:arrow: Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

:arrow: Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?
Všechny časy jsou v UTC+01:00
Stránka 3 z 4

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz