Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

VIRUS, MALWARE

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: VIRUS, MALWARE

#31 Příspěvek od Caroprd111 »

OTL neprohledával pomocí skriptu, spusťte ho ještě jednou podle návodu a u položky "Specifické registry" zaškrtněte "použít whitelist".
Obrázek
Nahoru
MMJJ
Návštěvník
Návštěvník
Příspěvky: 222
Registrován: 22 led 2010 17:20

Re: VIRUS, MALWARE

#32 Příspěvek od MMJJ »

OTL logfile created on: 18.4.2010 11:50:41 - Run 3
OTL by OldTimer - Version 3.2.1.2 Folder = C:\Documents and Settings\MJ\Plocha
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 014,00 Mb Total Physical Memory | 554,00 Mb Available Physical Memory | 55,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 30,17 Gb Free Space | 80,98% Space Free | Partition Type: NTFS
Drive D: | 3,99 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MJ-XUO0PUS6PEH1
Current User Name: MJ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.18 11:49:04 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\OTL(2).exe
PRC - [2010.04.17 20:34:53 | 000,060,672 | ---- | M] () -- C:\WINDOWS\asam.exe
PRC - [2010.04.01 19:59:58 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2005.07.08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2005.07.08 17:25:10 | 001,397,760 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2004.11.02 21:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2002.09.20 18:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010.04.18 11:49:04 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\OTL(2).exe
MOD - [2002.09.20 18:03:32 | 000,921,600 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.02.23 20:08:46 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.10.31 07:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) [Auto | Stopped] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4)
SRV - [2008.10.31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher)
SRV - [2005.07.08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2009.12.10 18:23:36 | 006,017,568 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.11.18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.06.05 16:16:32 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.05.11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:29:11 | 000,022,360 | ---- | M] (Avira GmbH) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys -- (avgntmgr)
DRV - [2009.02.13 12:17:49 | 000,045,416 | ---- | M] (Avira GmbH) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd)
DRV - [2008.10.31 07:09:06 | 000,270,888 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2008.06.21 04:54:54 | 000,066,600 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2008.06.21 04:54:54 | 000,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2005.07.08 18:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005.07.08 18:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005.07.08 17:17:31 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005.01.07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-1450960922-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-789336058-1450960922-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-789336058-1450960922-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-789336058-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-789336058-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-789336058-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.18 10:12:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.18 10:11:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010.04.18 10:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Mozilla\Extensions
[2010.04.18 10:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Mozilla\Firefox\Profiles\eza0l59u.default\extensions
[2010.04.18 10:11:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.01 18:51:34 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.04.01 18:51:34 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.04.01 18:51:34 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.04.01 18:51:34 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.04.01 18:51:34 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.04.18 10:06:09 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Rádio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O3 - HKU\S-1-5-21-789336058-1450960922-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.
O4 - HKLM..\Run: [asam] C:\WINDOWS\asam.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [mfvjgbft] C:\Documents and Settings\MJ\Local Settings\Data aplikací\ynhcwfyab\gpvqhxvtssd.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [tqremdcy] C:\Documents and Settings\MJ\Local Settings\Data aplikací\pclaxjoey\gnbqasgtssd.exe ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-789336058-1450960922-839522115-1003..\Run: [asam] C:\WINDOWS\asam.exe ()
O4 - HKU\S-1-5-21-789336058-1450960922-839522115-1003..\Run: [mfvjgbft] C:\Documents and Settings\MJ\Local Settings\Data aplikací\ynhcwfyab\gpvqhxvtssd.exe ()
O4 - HKU\S-1-5-21-789336058-1450960922-839522115-1003..\Run: [tqremdcy] C:\Documents and Settings\MJ\Local Settings\Data aplikací\pclaxjoey\gnbqasgtssd.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1450960922-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-1450960922-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-1450960922-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-1450960922-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-789336058-1450960922-839522115-1003\..Trusted Domains: ([]msn in Tento počítač)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 0800136140 (WUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/L ... nstall.cab (WebSDev Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.12.12 09:37:22 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2010.04.18 11:49:07 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\OTL(2).exe
[2010.04.18 10:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
[2010.04.18 10:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.18 10:21:05 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.18 10:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Dokumenty\Stažené soubory
[2010.04.18 10:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\Mozilla
[2010.04.18 10:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Data aplikací\Mozilla
[2010.04.18 10:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.04.18 10:11:24 | 008,185,280 | ---- | C] (Mozilla) -- C:\Program Files\FirefoxSetup3.6.3.exe
[2010.04.17 20:40:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MJ\Recent
[2010.04.17 17:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\pclaxjoey
[2010.04.17 17:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\ynhcwfyab
[2010.04.13 19:38:48 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\TFC.exe
[2010.04.13 19:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\Help
[2010.04.13 19:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Data aplikací\Help
[2010.04.12 23:03:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.04.12 22:17:27 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\MJ\Plocha\winsockxpfix.exe
[2010.04.12 21:44:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.04.11 15:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Nová složka
[2010.04.05 04:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\nabídky, MJ OKNA, DVEŘE, soukromí investoři
[2010.04.01 22:26:32 | 017,013,088 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\MJ\Plocha\IE8-WindowsXP-x86-CSY.exe
[2010.03.30 20:31:45 | 000,270,888 | R--- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFw.sys
[2010.03.30 20:31:45 | 000,065,576 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFwIm.sys
[2010.03.30 20:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2010.03.30 20:27:14 | 006,000,608 | ---- | C] (Sunbelt Software ) -- C:\Documents and Settings\MJ\Plocha\sunbelt-personal-firewall.exe
[2010.03.30 20:02:03 | 322,523,176 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\MJ\Plocha\WindowsXP-KB936929-SP3-x86-CSY.exe
[2010.03.29 23:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\zelená úsporám - směrnice
[2010.03.29 23:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\winamp
[2010.03.29 23:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\vgp, horní počernice
[2010.03.29 23:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\trocal
[2010.03.29 23:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\trigema
[2010.03.29 23:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Tomáš Korecký
[2010.03.29 23:42:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Realtek_LAN_PCIE_MB
[2010.03.29 23:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\pacienti
[2010.03.29 23:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\OpenOffice.org 3.0 (cs) Installation Files
[2010.03.29 23:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, REALITNÍ SLUŽBY
[2010.03.29 23:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, OKNA, DVEŘE
[2010.03.29 23:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, CV
[2010.03.29 23:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\kovosystem
[2010.03.29 23:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\koef. tep. prost U
[2010.03.29 23:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\kbe select
[2010.03.29 23:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\avira antivir
[2010.03.29 21:32:48 | 000,047,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010.03.29 20:04:37 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\MJ\Plocha\mbam-setup.exe
[2009.12.11 22:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2009.12.11 22:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2009.12.11 22:47:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.12.11 22:47:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft

========== Files - Modified Within 30 Days ==========

[2010.04.18 11:49:04 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\OTL(2).exe
[2010.04.18 11:20:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.18 10:14:05 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Zástupce - firefox.lnk
[2010.04.18 10:12:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010.04.18 10:11:56 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\Mozilla Firefox.lnk
[2010.04.18 10:10:50 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.18 10:07:33 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.18 10:07:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.18 10:07:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.18 10:07:14 | 008,185,280 | ---- | M] (Mozilla) -- C:\Program Files\FirefoxSetup3.6.3.exe
[2010.04.18 10:06:32 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\MJ\NTUSER.DAT
[2010.04.18 10:06:32 | 000,000,180 | -HS- | M] () -- C:\Documents and Settings\MJ\ntuser.ini
[2010.04.18 10:06:31 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\IconCache.db
[2010.04.18 10:06:09 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.04.17 21:14:33 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Skype.lnk
[2010.04.17 20:34:53 | 000,060,672 | ---- | M] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\syssvc.exe
[2010.04.17 20:34:53 | 000,060,672 | ---- | M] () -- C:\WINDOWS\asam.exe
[2010.04.17 17:04:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.04.17 16:53:55 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Dodatek ke smlouvě č. 01010.doc
[2010.04.16 15:38:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.14 23:28:30 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.14 18:03:00 | 000,746,568 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\skenovat0001.tif
[2010.04.13 22:26:51 | 000,046,408 | ---- | M] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.04.13 19:49:14 | 000,212,436 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Windows XP Service Pack 3.docx
[2010.04.13 19:38:54 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\TFC.exe
[2010.04.12 22:17:38 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\MJ\Plocha\winsockxpfix.exe
[2010.04.12 21:42:50 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.12 19:35:21 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\MJ, MASÉRSKÉ, REKONDIČNÍ A REGENERAČNÍ SLUŽBY.doc
[2010.04.12 05:38:02 | 000,589,878 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\svj jan, p. frišerová, MJ, žaluzie.bmp
[2010.04.11 22:10:40 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\redukce, strava, Miroslava Hromová.doc
[2010.04.11 19:44:07 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\zkrat, repertoár.doc
[2010.04.11 19:35:28 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\vraceni_RP.doc
[2010.04.10 00:33:32 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\masáž ve sportu, blanka hošková.doc
[2010.04.09 16:46:42 | 001,683,240 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\MJ\Plocha\SkypeSetup.exe
[2010.04.08 06:32:47 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Janouskova.xls
[2010.04.06 06:02:03 | 000,102,531 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\E0088-10 Plzák, Janouąkova.PDF
[2010.04.04 10:02:36 | 000,047,246 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\poranění měkkého kolena.rtf
[2010.04.04 00:45:33 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\základy fyziatrické léčby, capko.doc
[2010.04.02 00:22:49 | 000,942,592 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\HSS.doc
[2010.04.01 22:27:24 | 016,999,990 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\IE8-WindowsXP-x86-CSY.rar
[2010.04.01 22:26:32 | 017,013,088 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\MJ\Plocha\IE8-WindowsXP-x86-CSY.exe
[2010.03.30 20:27:14 | 006,000,608 | ---- | M] (Sunbelt Software ) -- C:\Documents and Settings\MJ\Plocha\sunbelt-personal-firewall.exe
[2010.03.30 20:02:03 | 322,523,176 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\MJ\Plocha\WindowsXP-KB936929-SP3-x86-CSY.exe
[2010.03.30 19:42:56 | 000,209,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.03.29 21:24:00 | 000,000,698 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2010.03.28 15:41:58 | 090,552,374 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, OKNA, DVEŘE.rar
[2010.03.28 15:05:10 | 030,897,573 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\avira antivir.rar
[2010.03.28 10:28:43 | 000,920,954 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.28 10:28:43 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.28 10:28:43 | 000,389,664 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.03.28 10:28:43 | 000,068,736 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.03.28 10:28:43 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.27 00:05:38 | 000,312,832 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\MJ OKNA DVEŘE, mailing.doc
[2010.03.26 12:50:26 | 000,021,726 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Image (2).tif
[2010.03.26 12:50:22 | 000,020,434 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Image.tif
[2010.03.24 20:27:34 | 000,000,038 | ---- | M] () -- C:\{ec81ab65-9ded-4c70-bc7d-a4d9e14e361d}
[2010.03.23 22:06:32 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\OKNA, DVEŘE, vzory textu.doc

========== Files Created - No Company Name ==========

[2010.04.18 10:14:05 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Zástupce - firefox.lnk
[2010.04.18 10:12:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.04.18 10:11:56 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\Mozilla Firefox.lnk
[2010.04.17 20:35:54 | 000,060,672 | ---- | C] () -- C:\WINDOWS\asam.exe
[2010.04.17 20:34:52 | 000,060,672 | ---- | C] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\syssvc.exe
[2010.04.16 16:15:30 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Dodatek ke smlouvě č. 01010.doc
[2010.04.14 18:02:07 | 000,746,568 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\skenovat0001.tif
[2010.04.13 19:49:21 | 000,212,436 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Windows XP Service Pack 3.docx
[2010.04.12 05:38:01 | 000,589,878 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\svj jan, p. frišerová, MJ, žaluzie.bmp
[2010.04.11 19:30:48 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\vraceni_RP.doc
[2010.04.11 15:22:26 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\redukce, strava, Miroslava Hromová.doc
[2010.04.09 23:03:51 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\masáž ve sportu, blanka hošková.doc
[2010.04.08 06:32:48 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Janouskova.xls
[2010.04.07 21:48:06 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\zkrat, repertoár.doc
[2010.04.06 06:02:07 | 000,102,531 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\E0088-10 Plzák, Janouąkova.PDF
[2010.04.04 09:59:51 | 000,047,246 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\poranění měkkého kolena.rtf
[2010.04.03 12:13:53 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\základy fyziatrické léčby, capko.doc
[2010.04.02 00:21:49 | 000,942,592 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\HSS.doc
[2010.04.01 22:27:13 | 016,999,990 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\IE8-WindowsXP-x86-CSY.rar
[2010.03.28 15:41:14 | 090,552,374 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, OKNA, DVEŘE.rar
[2010.03.28 15:04:47 | 030,897,573 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\avira antivir.rar
[2010.03.27 23:02:31 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\MJ, MASÉRSKÉ, REKONDIČNÍ A REGENERAČNÍ SLUŽBY.doc
[2010.03.26 12:50:25 | 000,021,726 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Image (2).tif
[2010.03.26 12:50:22 | 000,020,434 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Image.tif
[2010.03.24 20:08:12 | 000,000,038 | ---- | C] () -- C:\{ec81ab65-9ded-4c70-bc7d-a4d9e14e361d}
[2010.03.10 20:11:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.10 20:01:48 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2010.02.23 20:08:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010.02.01 09:55:22 | 000,130,560 | RHS- | C] () -- C:\WINDOWS\System32\tsd320.dll
[2010.01.28 17:46:49 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.01.24 11:08:35 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.12.20 22:50:05 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.14 15:45:38 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.12.12 09:49:49 | 000,000,744 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.12.12 09:43:17 | 000,000,180 | -HS- | C] () -- C:\Documents and Settings\MJ\ntuser.ini
[2009.12.12 09:43:16 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\MJ\ntuser.dat.LOG
[2009.12.12 09:43:15 | 005,242,880 | -H-- | C] () -- C:\Documents and Settings\MJ\NTUSER.DAT
[2008.02.01 09:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2007.02.28 18:42:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[2003.01.07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.03.25 20:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010.02.23 20:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\DassaultSystemes
[2010.01.23 23:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ESET
[2010.04.18 10:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
[2010.02.23 20:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\DassaultSystemes
[2010.01.23 23:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\ESET
[2010.01.07 18:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\OpenOffice.org
[2010.01.16 20:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\profine

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2009.10.09 14:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.)
"mfvjgbft" = C:\Documents and Settings\MJ\Local Settings\Data aplikací\ynhcwfyab\gpvqhxvtssd.exe -- [2010.04.17 17:07:06 | 000,271,616 | ---- | M] ()
"tqremdcy" = C:\Documents and Settings\MJ\Local Settings\Data aplikací\pclaxjoey\gnbqasgtssd.exe -- [2010.04.17 17:07:06 | 000,271,616 | ---- | M] ()
"asam" = C:\WINDOWS\asam.exe -- [2010.04.17 20:34:53 | 000,060,672 | ---- | M] ()

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.03.02 23:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Adobe
[2010.03.10 20:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\CyberLink
[2010.02.23 20:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\DassaultSystemes
[2010.01.23 23:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\ESET
[2009.12.14 22:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Google
[2010.04.13 19:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Help
[2009.12.12 09:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Identities
[2009.12.14 16:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Macromedia
[2010.01.22 22:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Malwarebytes
[2010.01.28 17:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Media Player Classic
[2010.02.05 17:19:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\MJ\Data aplikací\Microsoft
[2009.12.12 09:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Microsoft Web Folders
[2010.04.18 10:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Mozilla
[2009.12.12 12:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\MSN6
[2010.01.07 18:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\OpenOffice.org
[2010.01.16 20:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\profine
[2010.04.18 11:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Skype
[2010.04.18 09:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\skypePM
[2009.12.30 13:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2007.03.05 15:40:12 | 000,585,216 | ---- | M] () -- C:\Documents and Settings\MJ\Data aplikací\profine\kbe\PAS08\WinIsoAuto\DXF.exe
[2008.05.20 14:11:28 | 001,662,976 | ---- | M] () -- C:\Documents and Settings\MJ\Data aplikací\profine\kbe\PAS08\WinIsoAuto\WinIso2.exe
[2007.03.05 15:40:12 | 000,513,024 | ---- | M] (Sommer Informatik GmbH) -- C:\Documents and Settings\MJ\Data aplikací\profine\kbe\PAS08\WinIsoAuto\WinIsoAuto.exe
[2007.03.05 15:40:12 | 000,486,912 | ---- | M] () -- C:\Documents and Settings\MJ\Data aplikací\profine\kbe\PAS08\WinIsoAuto\WinIsoAutoEditor.exe
[1 C:\Documents and Settings\MJ\Data aplikací\profine\kbe\PAS08\WinIsoAuto\*.tmp files -> C:\Documents and Settings\MJ\Data aplikací\profine\kbe\PAS08\WinIsoAuto\*.tmp -> ]


< MD5 for: ATAPI.SYS >
[2002.09.20 18:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2002.08.29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2002.09.20 18:03:40 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\WINDOWS\system32\cryptsvc.dll
[2002.09.20 18:03:40 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2002.09.20 18:03:50 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2002.09.20 18:03:50 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2002.09.20 18:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\WINDOWS\explorer.exe
[2002.09.20 18:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2002.09.20 18:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2002.08.29 01:05:04 | 000,129,920 | ---- | M] (Microsoft Corporation) MD5=308709E92843DFF3A5CDCA069F6F5C61 -- C:\WINDOWS\system32\hal.dll

< MD5 for: LSASS.EXE >
[2002.09.20 18:05:32 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=32F7074BAC9A5F899CCA9C046C9FA6EB -- C:\WINDOWS\system32\dllcache\lsass.exe
[2002.09.20 18:05:32 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=32F7074BAC9A5F899CCA9C046C9FA6EB -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2002.08.29 02:09:26 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\system32\dllcache\ndis.sys
[2002.08.29 02:09:26 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2002.09.20 18:04:34 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CF03E300B5CEEFFEFBE6F67532BD0EF1 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2002.09.20 18:04:34 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CF03E300B5CEEFFEFBE6F67532BD0EF1 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2002.09.20 18:04:42 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B2666CAB5E8C8A741D63F18D551A47FB -- C:\WINDOWS\system32\dllcache\scecli.dll
[2002.09.20 18:04:42 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B2666CAB5E8C8A741D63F18D551A47FB -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2001.10.24 04:52:12 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=0B7569ECA93964A39BEDCF763E78E22A -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2002.09.20 18:05:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7763D73255AD4046FA999D42EAF22C26 -- C:\WINDOWS\system32\dllcache\smss.exe
[2002.09.20 18:05:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7763D73255AD4046FA999D42EAF22C26 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2001.10.25 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2001.10.25 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2002.08.29 01:58:12 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2002.08.29 01:58:12 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2002.09.20 18:05:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B26871B5CE92F9D95AE6E62119799EB9 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2002.09.20 18:05:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B26871B5CE92F9D95AE6E62119799EB9 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2002.09.20 18:05:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=FF8857D1AF59071F172C0FAD0FD33E87 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2002.09.20 18:05:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=FF8857D1AF59071F172C0FAD0FD33E87 -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2001.10.25 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2001.10.25 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010.02.01 09:55:22 | 000,130,560 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\tsd320.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.12.12 10:22:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.12.12 10:22:14 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.12.12 10:22:13 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2010.02.01 09:55:22 | 000,130,560 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\tsd320.dll

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP:5C321E34
< End of report >
Nahoru
MMJJ
Návštěvník
Návštěvník
Příspěvky: 222
Registrován: 22 led 2010 17:20

Re: VIRUS, MALWARE

#33 Příspěvek od MMJJ »

OTL logfile created on: 18.4.2010 11:58:19 - Run 4
OTL by OldTimer - Version 3.2.1.2 Folder = C:\Documents and Settings\MJ\Plocha
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 014,00 Mb Total Physical Memory | 556,00 Mb Available Physical Memory | 55,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 30,13 Gb Free Space | 80,86% Space Free | Partition Type: NTFS
Drive D: | 3,99 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MJ-XUO0PUS6PEH1
Current User Name: MJ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.18 11:49:04 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\OTL(2).exe
PRC - [2010.04.17 20:34:53 | 000,060,672 | ---- | M] () -- C:\WINDOWS\asam.exe
PRC - [2010.04.01 19:59:58 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2005.07.08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2005.07.08 17:25:10 | 001,397,760 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2004.11.02 21:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2002.09.20 18:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010.04.18 11:49:04 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\OTL(2).exe
MOD - [2002.09.20 18:03:32 | 000,921,600 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.02.23 20:08:46 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.10.31 07:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) [Auto | Stopped] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4)
SRV - [2008.10.31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher)
SRV - [2005.07.08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2009.12.10 18:23:36 | 006,017,568 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.11.18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.06.05 16:16:32 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.05.11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:29:11 | 000,022,360 | ---- | M] (Avira GmbH) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys -- (avgntmgr)
DRV - [2009.02.13 12:17:49 | 000,045,416 | ---- | M] (Avira GmbH) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd)
DRV - [2008.10.31 07:09:06 | 000,270,888 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2008.06.21 04:54:54 | 000,066,600 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2008.06.21 04:54:54 | 000,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2005.07.08 18:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005.07.08 18:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005.07.08 17:17:31 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005.01.07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-1450960922-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-789336058-1450960922-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-789336058-1450960922-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-789336058-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-789336058-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-789336058-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.18 10:12:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.18 10:11:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010.04.18 10:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Mozilla\Extensions
[2010.04.18 10:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Mozilla\Firefox\Profiles\eza0l59u.default\extensions
[2010.04.18 10:11:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.01 18:51:34 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.04.01 18:51:34 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.04.01 18:51:34 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.04.01 18:51:34 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.04.01 18:51:34 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.04.18 10:06:09 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Rádio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O3 - HKU\S-1-5-21-789336058-1450960922-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.
O4 - HKLM..\Run: [asam] C:\WINDOWS\asam.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [mfvjgbft] C:\Documents and Settings\MJ\Local Settings\Data aplikací\ynhcwfyab\gpvqhxvtssd.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [tqremdcy] C:\Documents and Settings\MJ\Local Settings\Data aplikací\pclaxjoey\gnbqasgtssd.exe ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-789336058-1450960922-839522115-1003..\Run: [asam] C:\WINDOWS\asam.exe ()
O4 - HKU\S-1-5-21-789336058-1450960922-839522115-1003..\Run: [mfvjgbft] C:\Documents and Settings\MJ\Local Settings\Data aplikací\ynhcwfyab\gpvqhxvtssd.exe ()
O4 - HKU\S-1-5-21-789336058-1450960922-839522115-1003..\Run: [tqremdcy] C:\Documents and Settings\MJ\Local Settings\Data aplikací\pclaxjoey\gnbqasgtssd.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1450960922-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-1450960922-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-1450960922-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-1450960922-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-789336058-1450960922-839522115-1003\..Trusted Domains: ([]msn in Tento počítač)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 0800136140 (WUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/L ... nstall.cab (WebSDev Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.12.12 09:37:22 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2010.04.18 11:49:07 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\OTL(2).exe
[2010.04.18 10:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
[2010.04.18 10:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.18 10:21:05 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.18 10:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Dokumenty\Stažené soubory
[2010.04.18 10:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\Mozilla
[2010.04.18 10:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Data aplikací\Mozilla
[2010.04.18 10:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.04.18 10:11:24 | 008,185,280 | ---- | C] (Mozilla) -- C:\Program Files\FirefoxSetup3.6.3.exe
[2010.04.17 20:40:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MJ\Recent
[2010.04.17 17:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\pclaxjoey
[2010.04.17 17:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\ynhcwfyab
[2010.04.13 19:38:48 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\TFC.exe
[2010.04.13 19:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\Help
[2010.04.13 19:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Data aplikací\Help
[2010.04.12 23:03:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.04.12 22:17:27 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\MJ\Plocha\winsockxpfix.exe
[2010.04.12 21:44:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.04.11 15:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Nová složka
[2010.04.05 04:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\nabídky, MJ OKNA, DVEŘE, soukromí investoři
[2010.04.01 22:26:32 | 017,013,088 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\MJ\Plocha\IE8-WindowsXP-x86-CSY.exe
[2010.03.30 20:31:45 | 000,270,888 | R--- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFw.sys
[2010.03.30 20:31:45 | 000,065,576 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFwIm.sys
[2010.03.30 20:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2010.03.30 20:27:14 | 006,000,608 | ---- | C] (Sunbelt Software ) -- C:\Documents and Settings\MJ\Plocha\sunbelt-personal-firewall.exe
[2010.03.30 20:02:03 | 322,523,176 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\MJ\Plocha\WindowsXP-KB936929-SP3-x86-CSY.exe
[2010.03.29 23:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\zelená úsporám - směrnice
[2010.03.29 23:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\winamp
[2010.03.29 23:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\vgp, horní počernice
[2010.03.29 23:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\trocal
[2010.03.29 23:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\trigema
[2010.03.29 23:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Tomáš Korecký
[2010.03.29 23:42:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Realtek_LAN_PCIE_MB
[2010.03.29 23:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\pacienti
[2010.03.29 23:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\OpenOffice.org 3.0 (cs) Installation Files
[2010.03.29 23:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, REALITNÍ SLUŽBY
[2010.03.29 23:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, OKNA, DVEŘE
[2010.03.29 23:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, CV
[2010.03.29 23:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\kovosystem
[2010.03.29 23:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\koef. tep. prost U
[2010.03.29 23:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\kbe select
[2010.03.29 23:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Plocha\avira antivir
[2010.03.29 21:32:48 | 000,047,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010.03.29 20:04:37 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\MJ\Plocha\mbam-setup.exe
[2009.12.11 22:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2009.12.11 22:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2009.12.11 22:47:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.12.11 22:47:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft

========== Files - Modified Within 30 Days ==========

[2010.04.18 11:49:04 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\OTL(2).exe
[2010.04.18 11:20:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.18 10:14:05 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Zástupce - firefox.lnk
[2010.04.18 10:12:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010.04.18 10:11:56 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\Mozilla Firefox.lnk
[2010.04.18 10:10:50 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.18 10:07:33 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.18 10:07:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.18 10:07:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.18 10:07:14 | 008,185,280 | ---- | M] (Mozilla) -- C:\Program Files\FirefoxSetup3.6.3.exe
[2010.04.18 10:06:32 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\MJ\NTUSER.DAT
[2010.04.18 10:06:32 | 000,000,180 | -HS- | M] () -- C:\Documents and Settings\MJ\ntuser.ini
[2010.04.18 10:06:31 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\IconCache.db
[2010.04.18 10:06:09 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.04.17 21:14:33 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Skype.lnk
[2010.04.17 20:34:53 | 000,060,672 | ---- | M] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\syssvc.exe
[2010.04.17 20:34:53 | 000,060,672 | ---- | M] () -- C:\WINDOWS\asam.exe
[2010.04.17 17:04:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.04.17 16:53:55 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Dodatek ke smlouvě č. 01010.doc
[2010.04.16 15:38:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.14 23:28:30 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.14 18:03:00 | 000,746,568 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\skenovat0001.tif
[2010.04.13 22:26:51 | 000,046,408 | ---- | M] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.04.13 19:49:14 | 000,212,436 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Windows XP Service Pack 3.docx
[2010.04.13 19:38:54 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MJ\Plocha\TFC.exe
[2010.04.12 22:17:38 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\MJ\Plocha\winsockxpfix.exe
[2010.04.12 21:42:50 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.12 19:35:21 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\MJ, MASÉRSKÉ, REKONDIČNÍ A REGENERAČNÍ SLUŽBY.doc
[2010.04.12 05:38:02 | 000,589,878 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\svj jan, p. frišerová, MJ, žaluzie.bmp
[2010.04.11 22:10:40 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\redukce, strava, Miroslava Hromová.doc
[2010.04.11 19:44:07 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\zkrat, repertoár.doc
[2010.04.11 19:35:28 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\vraceni_RP.doc
[2010.04.10 00:33:32 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\masáž ve sportu, blanka hošková.doc
[2010.04.09 16:46:42 | 001,683,240 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\MJ\Plocha\SkypeSetup.exe
[2010.04.08 06:32:47 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Janouskova.xls
[2010.04.06 06:02:03 | 000,102,531 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\E0088-10 Plzák, Janouąkova.PDF
[2010.04.04 10:02:36 | 000,047,246 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\poranění měkkého kolena.rtf
[2010.04.04 00:45:33 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\základy fyziatrické léčby, capko.doc
[2010.04.02 00:22:49 | 000,942,592 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\HSS.doc
[2010.04.01 22:27:24 | 016,999,990 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\IE8-WindowsXP-x86-CSY.rar
[2010.04.01 22:26:32 | 017,013,088 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\MJ\Plocha\IE8-WindowsXP-x86-CSY.exe
[2010.03.30 20:27:14 | 006,000,608 | ---- | M] (Sunbelt Software ) -- C:\Documents and Settings\MJ\Plocha\sunbelt-personal-firewall.exe
[2010.03.30 20:02:03 | 322,523,176 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\MJ\Plocha\WindowsXP-KB936929-SP3-x86-CSY.exe
[2010.03.30 19:42:56 | 000,209,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.03.29 21:24:00 | 000,000,698 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2010.03.28 15:41:58 | 090,552,374 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, OKNA, DVEŘE.rar
[2010.03.28 15:05:10 | 030,897,573 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\avira antivir.rar
[2010.03.28 10:28:43 | 000,920,954 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.28 10:28:43 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.28 10:28:43 | 000,389,664 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.03.28 10:28:43 | 000,068,736 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.03.28 10:28:43 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.27 00:05:38 | 000,312,832 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\MJ OKNA DVEŘE, mailing.doc
[2010.03.26 12:50:26 | 000,021,726 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Image (2).tif
[2010.03.26 12:50:22 | 000,020,434 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\Image.tif
[2010.03.24 20:27:34 | 000,000,038 | ---- | M] () -- C:\{ec81ab65-9ded-4c70-bc7d-a4d9e14e361d}
[2010.03.23 22:06:32 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\MJ\Plocha\OKNA, DVEŘE, vzory textu.doc

========== Files Created - No Company Name ==========

[2010.04.18 10:14:05 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Zástupce - firefox.lnk
[2010.04.18 10:12:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.04.18 10:11:56 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\Mozilla Firefox.lnk
[2010.04.17 20:35:54 | 000,060,672 | ---- | C] () -- C:\WINDOWS\asam.exe
[2010.04.17 20:34:52 | 000,060,672 | ---- | C] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\syssvc.exe
[2010.04.16 16:15:30 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Dodatek ke smlouvě č. 01010.doc
[2010.04.14 18:02:07 | 000,746,568 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\skenovat0001.tif
[2010.04.13 19:49:21 | 000,212,436 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Windows XP Service Pack 3.docx
[2010.04.12 05:38:01 | 000,589,878 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\svj jan, p. frišerová, MJ, žaluzie.bmp
[2010.04.11 19:30:48 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\vraceni_RP.doc
[2010.04.11 15:22:26 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\redukce, strava, Miroslava Hromová.doc
[2010.04.09 23:03:51 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\masáž ve sportu, blanka hošková.doc
[2010.04.08 06:32:48 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Janouskova.xls
[2010.04.07 21:48:06 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\zkrat, repertoár.doc
[2010.04.06 06:02:07 | 000,102,531 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\E0088-10 Plzák, Janouąkova.PDF
[2010.04.04 09:59:51 | 000,047,246 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\poranění měkkého kolena.rtf
[2010.04.03 12:13:53 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\základy fyziatrické léčby, capko.doc
[2010.04.02 00:21:49 | 000,942,592 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\HSS.doc
[2010.04.01 22:27:13 | 016,999,990 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\IE8-WindowsXP-x86-CSY.rar
[2010.03.28 15:41:14 | 090,552,374 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Marek Jiroš, OKNA, DVEŘE.rar
[2010.03.28 15:04:47 | 030,897,573 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\avira antivir.rar
[2010.03.27 23:02:31 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\MJ, MASÉRSKÉ, REKONDIČNÍ A REGENERAČNÍ SLUŽBY.doc
[2010.03.26 12:50:25 | 000,021,726 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Image (2).tif
[2010.03.26 12:50:22 | 000,020,434 | ---- | C] () -- C:\Documents and Settings\MJ\Plocha\Image.tif
[2010.03.24 20:08:12 | 000,000,038 | ---- | C] () -- C:\{ec81ab65-9ded-4c70-bc7d-a4d9e14e361d}
[2010.03.10 20:11:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.10 20:01:48 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2010.02.23 20:08:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010.02.01 09:55:22 | 000,130,560 | RHS- | C] () -- C:\WINDOWS\System32\tsd320.dll
[2010.01.28 17:46:49 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.01.24 11:08:35 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.12.20 22:50:05 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.14 15:45:38 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.12.12 09:49:49 | 000,000,744 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.12.12 09:43:17 | 000,000,180 | -HS- | C] () -- C:\Documents and Settings\MJ\ntuser.ini
[2009.12.12 09:43:16 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\MJ\ntuser.dat.LOG
[2009.12.12 09:43:15 | 005,242,880 | -H-- | C] () -- C:\Documents and Settings\MJ\NTUSER.DAT
[2008.02.01 09:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2007.02.28 18:42:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[2003.01.07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.03.25 20:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010.02.23 20:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\DassaultSystemes
[2010.01.23 23:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ESET
[2010.04.18 10:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
[2010.02.23 20:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\DassaultSystemes
[2010.01.23 23:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\ESET
[2010.01.07 18:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\OpenOffice.org
[2010.01.16 20:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\profine

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2009.10.09 14:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.)
"mfvjgbft" = C:\Documents and Settings\MJ\Local Settings\Data aplikací\ynhcwfyab\gpvqhxvtssd.exe -- [2010.04.17 17:07:06 | 000,271,616 | ---- | M] ()
"tqremdcy" = C:\Documents and Settings\MJ\Local Settings\Data aplikací\pclaxjoey\gnbqasgtssd.exe -- [2010.04.17 17:07:06 | 000,271,616 | ---- | M] ()
"asam" = C:\WINDOWS\asam.exe -- [2010.04.17 20:34:53 | 000,060,672 | ---- | M] ()

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.03.02 23:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Adobe
[2010.03.10 20:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\CyberLink
[2010.02.23 20:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\DassaultSystemes
[2010.01.23 23:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\ESET
[2009.12.14 22:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Google
[2010.04.13 19:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Help
[2009.12.12 09:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Identities
[2009.12.14 16:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Macromedia
[2010.01.22 22:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Malwarebytes
[2010.01.28 17:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Media Player Classic
[2010.02.05 17:19:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\MJ\Data aplikací\Microsoft
[2009.12.12 09:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Microsoft Web Folders
[2010.04.18 10:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Mozilla
[2009.12.12 12:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\MSN6
[2010.01.07 18:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\OpenOffice.org
[2010.01.16 20:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\profine
[2010.04.18 11:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\Skype
[2010.04.18 09:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\skypePM
[2009.12.30 13:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2007.03.05 15:40:12 | 000,585,216 | ---- | M] () -- C:\Documents and Settings\MJ\Data aplikací\profine\kbe\PAS08\WinIsoAuto\DXF.exe
[2008.05.20 14:11:28 | 001,662,976 | ---- | M] () -- C:\Documents and Settings\MJ\Data aplikací\profine\kbe\PAS08\WinIsoAuto\WinIso2.exe
[2007.03.05 15:40:12 | 000,513,024 | ---- | M] (Sommer Informatik GmbH) -- C:\Documents and Settings\MJ\Data aplikací\profine\kbe\PAS08\WinIsoAuto\WinIsoAuto.exe
[2007.03.05 15:40:12 | 000,486,912 | ---- | M] () -- C:\Documents and Settings\MJ\Data aplikací\profine\kbe\PAS08\WinIsoAuto\WinIsoAutoEditor.exe
[1 C:\Documents and Settings\MJ\Data aplikací\profine\kbe\PAS08\WinIsoAuto\*.tmp files -> C:\Documents and Settings\MJ\Data aplikací\profine\kbe\PAS08\WinIsoAuto\*.tmp -> ]


< MD5 for: ATAPI.SYS >
[2002.09.20 18:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2002.08.29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2002.09.20 18:03:40 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\WINDOWS\system32\cryptsvc.dll
[2002.09.20 18:03:40 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2002.09.20 18:03:50 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2002.09.20 18:03:50 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2002.09.20 18:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\WINDOWS\explorer.exe
[2002.09.20 18:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2002.09.20 18:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2002.08.29 01:05:04 | 000,129,920 | ---- | M] (Microsoft Corporation) MD5=308709E92843DFF3A5CDCA069F6F5C61 -- C:\WINDOWS\system32\hal.dll

< MD5 for: LSASS.EXE >
[2002.09.20 18:05:32 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=32F7074BAC9A5F899CCA9C046C9FA6EB -- C:\WINDOWS\system32\dllcache\lsass.exe
[2002.09.20 18:05:32 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=32F7074BAC9A5F899CCA9C046C9FA6EB -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2002.08.29 02:09:26 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\system32\dllcache\ndis.sys
[2002.08.29 02:09:26 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2002.09.20 18:04:34 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CF03E300B5CEEFFEFBE6F67532BD0EF1 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2002.09.20 18:04:34 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CF03E300B5CEEFFEFBE6F67532BD0EF1 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2002.09.20 18:04:42 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B2666CAB5E8C8A741D63F18D551A47FB -- C:\WINDOWS\system32\dllcache\scecli.dll
[2002.09.20 18:04:42 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B2666CAB5E8C8A741D63F18D551A47FB -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2001.10.24 04:52:12 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=0B7569ECA93964A39BEDCF763E78E22A -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2002.09.20 18:05:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7763D73255AD4046FA999D42EAF22C26 -- C:\WINDOWS\system32\dllcache\smss.exe
[2002.09.20 18:05:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7763D73255AD4046FA999D42EAF22C26 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2001.10.25 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2001.10.25 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2002.08.29 01:58:12 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2002.08.29 01:58:12 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2002.09.20 18:05:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B26871B5CE92F9D95AE6E62119799EB9 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2002.09.20 18:05:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B26871B5CE92F9D95AE6E62119799EB9 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2002.09.20 18:05:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=FF8857D1AF59071F172C0FAD0FD33E87 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2002.09.20 18:05:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=FF8857D1AF59071F172C0FAD0FD33E87 -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2001.10.25 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2001.10.25 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010.02.01 09:55:22 | 000,130,560 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\tsd320.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.12.12 10:22:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.12.12 10:22:14 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.12.12 10:22:13 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2010.02.01 09:55:22 | 000,130,560 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\tsd320.dll

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP:5C321E34
< End of report >
Nahoru
MMJJ
Návštěvník
Návštěvník
Příspěvky: 222
Registrován: 22 led 2010 17:20

Re: VIRUS, MALWARE

#34 Příspěvek od MMJJ »

OTL Extras logfile created on: 18.4.2010 11:58:19 - Run 4
OTL by OldTimer - Version 3.2.1.2 Folder = C:\Documents and Settings\MJ\Plocha
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 014,00 Mb Total Physical Memory | 556,00 Mb Available Physical Memory | 55,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 30,13 Gb Free Space | 80,86% Space Free | Partition Type: NTFS
Drive D: | 3,99 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MJ-XUO0PUS6PEH1
Current User Name: MJ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-789336058-1450960922-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{564D0000-547B-4ED8-8070-85286CC8C9BF}" = OpenOffice.org 3.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{80000E0B-2871-4DF3-8B39-735B187AA576}" = eDrawings 2008
"{82B1150E-9B37-49FC-83EB-D52197D900D0}" = Sunbelt Personal Firewall
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3 - Czech
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 5.2
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"FileHippo.com" = FileHippo.com Update Checker
"InCD!UninstallKey" = InCD
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Planung und Ausschreibung 2008 - KBE" = Planung und Ausschreibung 2008 - KBE
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17.4.2010 14:40:45 | Computer Name = MJ-XUO0PUS6PEH1 | Source = VSS | ID = 8193
Description = Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance
došlo k neočekávané chybě. hr= 0x80040206.

Error - 17.4.2010 15:03:33 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Application Error | ID = 1000
Description = Chybující aplikace SbPFSvc.exe, verze 4.6.1861.0, chybující modul
ntdll.dll, verze 5.1.2600.1106, adresa chyby 0x00001baa.

Error - 17.4.2010 15:04:10 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Perflib | ID = 2002
Description = Procedura Open služby WmiApRpl v knihovně DLL C:\WINDOWS\System32\wbem\wmiaprpl.dll
trvala déle, než čas určený pro čekání. Pravděpodobně došlo k potížím s tímto rozšířeným
čítačem nebo se službou, od níž získává čítač data, nebo byl systém při obdržení
volání velice zaneprázdněn.

Error - 17.4.2010 15:05:14 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Userenv | ID = 1508
Description = Systém Windows nemohl načíst registr. To je často způsobeno nedostatkem
paměti nebo nedostatečnými zabezpečovacími právy. DETAIL - Klient není držitelem
požadovaného oprávnění. pro C:\Documents and Settings\MJ\Local Settings\Data
aplikací\Microsoft\Windows\\UsrClass.dat

Error - 17.4.2010 15:05:14 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Userenv | ID = 1505
Description = Systém Windows nemůže načíst profil uživatele, ale byli jste přihlášeni
pomocí výchozího profilu pro tento systém. DETAIL - Klient není držitelem požadovaného
oprávnění.

Error - 17.4.2010 15:17:39 | Computer Name = MJ-XUO0PUS6PEH1 | Source = EventSystem | ID = 4609
Description = Systém událostí modelu COM+ zjistil při vnitřním zpracovávání chybný
návratový kód. Hodnota HRESULT byla 8007043C z řádku 44 v d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.Obraťte
se na služby odborné pomoci společnosti Microsoft a informujte je o této chyb

Error - 17.4.2010 15:17:39 | Computer Name = MJ-XUO0PUS6PEH1 | Source = VSS | ID = 8193
Description = Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance
došlo k neočekávané chybě. hr= 0x80040206.

Error - 17.4.2010 17:22:58 | Computer Name = MJ-XUO0PUS6PEH1 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 17.4.2010 17:23:11 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Application Error | ID = 1000
Description = Chybující aplikace SbPFSvc.exe, verze 4.6.1861.0, chybující modul
ntdll.dll, verze 5.1.2600.1106, adresa chyby 0x00001baa.

Error - 17.4.2010 17:23:23 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Perflib | ID = 1015
Description = Časový limit čekání na shromáždění dat výkonu funkcí PerfProc v C:\WINDOWS\System32\perfproc.dll
knihovně vypršel. Potíže jsou pravděpodobně s rozšiřitelným čítačem nebo službou,
od které shromažďuje data, nebo byl systém při obdržení volání velice zaneprázdněn.

[ System Events ]
Error - 12.4.2010 12:52:04 | Computer Name = MJ-XUO0PUS6PEH1 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12.4.2010 12:52:09 | Computer Name = MJ-XUO0PUS6PEH1 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12.4.2010 13:17:42 | Computer Name = MJ-XUO0PUS6PEH1 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12.4.2010 13:17:45 | Computer Name = MJ-XUO0PUS6PEH1 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12.4.2010 13:17:48 | Computer Name = MJ-XUO0PUS6PEH1 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12.4.2010 14:30:08 | Computer Name = MJ-XUO0PUS6PEH1 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12.4.2010 14:31:29 | Computer Name = MJ-XUO0PUS6PEH1 | Source = SRService | ID = 104
Description = Proces inicializace nástroje Obnovení systému se nezdařil.

Error - 12.4.2010 14:32:44 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Service Control Manager | ID = 7023
Description = Služba Služba obnovení systému byla ukončena s následující chybou:
%%2

Error - 12.4.2010 14:32:44 | Computer Name = MJ-XUO0PUS6PEH1 | Source = Service Control Manager | ID = 7000
Description = Služba wscsvc neuspěla při spuštění v důsledku následující chyby:
%%1083

Error - 12.4.2010 14:43:17 | Computer Name = MJ-XUO0PUS6PEH1 | Source = SRService | ID = 104
Description = Proces inicializace nástroje Obnovení systému se nezdařil.


< End of report >
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: VIRUS, MALWARE

#35 Příspěvek od Caroprd111 »

Obrázek Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
O4 - HKLM..\Run: [asam] C:\WINDOWS\asam.exe ()
O4 - HKLM..\Run: [mfvjgbft] C:\Documents and Settings\MJ\Local Settings\Data aplikací\ynhcwfyab\gpvqhxvtssd.exe ()
O4 - HKLM..\Run: [tqremdcy] C:\Documents and Settings\MJ\Local Settings\Data aplikací\pclaxjoey\gnbqasgtssd.exe ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-789336058-1450960922-839522115-1003..\Run: [asam] C:\WINDOWS\asam.exe ()
O4 - HKU\S-1-5-21-789336058-1450960922-839522115-1003..\Run: [mfvjgbft] C:\Documents and Settings\MJ\Local Settings\Data aplikací\ynhcwfyab\gpvqhxvtssd.exe ()
O4 - HKU\S-1-5-21-789336058-1450960922-839522115-1003..\Run: [tqremdcy] C:\Documents and Settings\MJ\Local Settings\Data aplikací\pclaxjoey\gnbqasgtssd.exe ()
O15 - HKU\S-1-5-21-789336058-1450960922-839522115-1003\..Trusted Domains: ([]msn in Tento počítač)
[2010.04.17 17:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\pclaxjoey
[2010.04.17 17:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\ynhcwfyab
[2010.04.17 20:34:53 | 000,060,672 | ---- | M] () -- C:\Documents and Settings\MJ\Local Settings\Data aplikací\syssvc.exe
[2010.04.17 20:34:53 | 000,060,672 | ---- | M] () -- C:\WINDOWS\asam.exe
[2010.02.01 09:55:22 | 000,130,560 | RHS- | C] () -- C:\WINDOWS\System32\tsd320.dll
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP:5C321E34

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]
Poté klikněte na Opravit, PC se restartuje, log vložte sem.



Obrázek Tohle otestujte na http://www.virustotal.com/cs/
C:\WINDOWS\System32\drivers\FlashSys.sys

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)
Obrázek
Nahoru
MMJJ
Návštěvník
Návštěvník
Příspěvky: 222
Registrován: 22 led 2010 17:20

Re: VIRUS, MALWARE

#36 Příspěvek od MMJJ »

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\asam not found.
File C:\WINDOWS\asam.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mfvjgbft not found.
File C:\Documents and Settings\MJ\Local Settings\Data aplikací\ynhcwfyab\gpvqhxvtssd.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tqremdcy not found.
File C:\Documents and Settings\MJ\Local Settings\Data aplikací\pclaxjoey\gnbqasgtssd.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck not found.
Registry value HKEY_USERS\S-1-5-21-789336058-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\asam not found.
File C:\WINDOWS\asam.exe not found.
Registry value HKEY_USERS\S-1-5-21-789336058-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\mfvjgbft not found.
File C:\Documents and Settings\MJ\Local Settings\Data aplikací\ynhcwfyab\gpvqhxvtssd.exe not found.
Registry value HKEY_USERS\S-1-5-21-789336058-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\tqremdcy not found.
File C:\Documents and Settings\MJ\Local Settings\Data aplikací\pclaxjoey\gnbqasgtssd.exe not found.
Registry value HKEY_USERS\S-1-5-21-789336058-1450960922-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ not found.
Folder C:\Documents and Settings\MJ\Local Settings\Data aplikací\pclaxjoey\ not found.
Folder C:\Documents and Settings\MJ\Local Settings\Data aplikací\ynhcwfyab\ not found.
File C:\Documents and Settings\MJ\Local Settings\Data aplikací\syssvc.exe not found.
File C:\WINDOWS\asam.exe not found.
File C:\WINDOWS\System32\tsd320.dll not found.
Unable to delete ADS C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP:5C321E34 .
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Marek Jiroš
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: MJ
->Temp folder emptied: 2736184 bytes
->Temporary Internet Files folder emptied: 59794 bytes
->FireFox cache emptied: 77346887 bytes
->Flash cache emptied: 3012 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 76,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS

User: LocalService

User: LocalService.NT AUTHORITY

User: Marek Jiroš

User: MJ
->Flash cache emptied: 0 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.1.2 log created on 04182010_172546

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Nahoru
MMJJ
Návštěvník
Návštěvník
Příspěvky: 222
Registrován: 22 led 2010 17:20

Re: VIRUS, MALWARE

#37 Příspěvek od MMJJ »

http://www.virustotal.com/cs/analisis/b ... 1271605186
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: VIRUS, MALWARE

#38 Příspěvek od Caroprd111 »

Jak to vypadá s PC :???:
Obrázek
Nahoru
MMJJ
Návštěvník
Návštěvník
Příspěvky: 222
Registrován: 22 led 2010 17:20

Re: VIRUS, MALWARE

#39 Příspěvek od MMJJ »

hlavní problém byl, že přestal fungovat Int. explorer. musel jsem nainstalovat mozilu.to přetrvává.
ale ikona falešnýho antispywaru, co jsem tam měl a která mě prudila, ta zmizela.
ale přetrvává to, že s tebou musim komunikovat z nouzáku
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: VIRUS, MALWARE

#40 Příspěvek od Caroprd111 »

Obrázek Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
  • Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
  • Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna :!:
  • Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
  • Během skenování může být počítač restartován.
Obrázek
Nahoru
MMJJ
Návštěvník
Návštěvník
Příspěvky: 222
Registrován: 22 led 2010 17:20

Re: VIRUS, MALWARE

#41 Příspěvek od MMJJ »

ComboFix 10-04-17.07 - MJ 18.04.2010 18:13:31.11.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.420.1029.18.1014.650 [GMT 2:00]
Spuštěný z: c:\documents and settings\MJ\Plocha\ComboFix.exe
.
/wow section - STAGE 4


((((((((((((((((((((((((( Soubory vytvořené od 2010-03-18 do 2010-04-18 )))))))))))))))))))))))))))))))
.

2010-04-18 14:27 . 2010-04-18 14:27 -------- d-----w- C:\_OTL
2010-04-18 08:21 . 2010-04-18 08:21 -------- d-----w- C:\rsit
2010-04-18 08:21 . 2010-04-18 08:21 -------- d-----w- c:\program files\trend micro
2010-04-18 08:12 . 2010-04-18 08:12 0 ----a-w- c:\windows\nsreg.dat
2010-04-18 08:11 . 2010-04-18 08:07 8185280 ----a-w- c:\program files\FirefoxSetup3.6.3.exe
2010-03-30 18:31 . 2008-10-31 05:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2010-03-30 18:31 . 2008-06-21 02:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2010-03-30 18:31 . 2010-03-30 18:31 -------- d-----w- c:\program files\Sunbelt Software
2010-03-29 19:32 . 2002-08-28 23:27 47488 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-03-29 19:32 . 2002-08-28 23:27 47488 ----a-w- c:\windows\system32\drivers\cdrom.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 15:21 . 2010-01-24 09:48 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-13 15:45 . 2009-12-14 20:46 -------- d-----w- c:\program files\Google
2010-03-29 18:05 . 2010-01-22 20:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-28 08:28 . 2001-10-25 12:00 68736 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 08:28 . 2001-10-25 12:00 389664 ----a-w- c:\windows\system32\perfh005.dat
2010-03-10 18:06 . 2010-03-10 18:06 -------- d-----w- c:\program files\Common Files\LightScribe
2010-03-10 18:04 . 2010-03-10 18:04 -------- d-----w- c:\program files\Ahead
2010-03-10 18:04 . 2010-03-10 18:04 -------- d-----w- c:\program files\Common Files\Ahead
2010-03-10 18:03 . 2010-03-10 18:01 -------- d-----w- c:\program files\CyberLink DVD Solution
2010-03-10 18:03 . 2009-12-14 13:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 18:02 . 2010-03-10 18:02 -------- d-----w- c:\program files\CyberLink
2010-03-10 18:01 . 2009-12-15 16:44 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-04 14:15 . 2009-12-20 17:51 -------- d-----w- c:\program files\Winamp
2010-03-02 22:14 . 2010-03-02 19:36 -------- d-----w- c:\program files\GRETECH
2010-02-23 18:08 . 2010-02-23 18:08 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2010-02-23 18:08 . 2010-02-23 18:08 -------- d-----w- c:\program files\Common Files\eDrawings2008
2010-02-23 18:02 . 2010-02-23 18:02 -------- d-----w- c:\program files\IGC
2010-01-27 21:45 . 2009-12-14 18:57 737280 ----a-w- c:\windows\iun6002.exe
2010-01-22 06:51 . 2010-01-22 06:51 552 ----a-w- c:\windows\system32\d3d8caps.dat
2004-10-01 14:00 . 2010-03-10 18:01 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-10 18789920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-12-28 417792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-20 13312]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2.2.2010 10:25 22360]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2.2.2010 10:25 45416]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [30.3.2010 20:31 270888]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [30.3.2010 20:31 65576]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2.2.2010 10:25 108289]
S2 gupdate1ca8f788138d1b4;Služba Google Update (gupdate1ca8f788138d1b4);c:\program files\Google\Update\GoogleUpdate.exe [7.1.2010 11:05 133104]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [17.12.2009 23:56 1691480]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 09:04]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 09:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\MJ\Data aplikací\Mozilla\Firefox\Profiles\eza0l59u.default\
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-18 18:16
Windows 5.1.2600 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\System32\ODBC32.dll

- - - - - - - > 'lsass.exe'(952)
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(1616)
c:\windows\System32\msi.dll
.
Celkový čas: 2010-04-18 18:17:52
ComboFix-quarantined-files.txt 2010-04-18 16:17

Před spuštěním: Volných bajtů: 32 658 034 688
Po spuštění: Volných bajtů: 32 630 185 984

- - End Of File - - 2A73B1574A7B1D4E0DAF007BB70548F6
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: VIRUS, MALWARE

#42 Příspěvek od Caroprd111 »

Jak to vypadá s PC :???:
Obrázek
Nahoru
MMJJ
Návštěvník
Návštěvník
Příspěvky: 222
Registrován: 22 led 2010 17:20

Re: VIRUS, MALWARE

#43 Příspěvek od MMJJ »

ahoj, internet explorer dobrý, ten funguje, ale emaily neodcházej, jen z nouzáku.
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: VIRUS, MALWARE

#44 Příspěvek od Caroprd111 »

Zkuste použít WinSockFix http://www.viry.cz/go.php?p=spyware&t=aplikace&id=22 (ztratíte všechna nastavení sítě).
Obrázek
Nahoru
MMJJ
Návštěvník
Návštěvník
Příspěvky: 222
Registrován: 22 led 2010 17:20

Re: VIRUS, MALWARE

#45 Příspěvek od MMJJ »

super, po aplikaci winsockxpfix je to v pohodě. díky!
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“