VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Poprosím o kontrolu logu.Ďakujem

https://forum.viry.cz:443/viewtopic.php?t=102776

Stránka 4 z 7

Re: Poprosím o kontrolu logu.Ďakujem

Napsal: 28 črc 2010 17:17
od 1danab
stáhněte si HJT zde http://free.antivirus.com/hijackthis/ verzi 2.0.4
nainstalujte, na ploše se vytvoří zástupce, otevřete, klikněte na Main Menu a dále pokračujte jak jsem psala o pár řádků výše

Re: Poprosím o kontrolu logu.Ďakujem

Napsal: 28 črc 2010 17:44
od roskild
To isté :(

Re: Poprosím o kontrolu logu.Ďakujem

Napsal: 28 črc 2010 17:51
od 1danab
dobře, tak jinak

stáhněte GMER , rozbalte a spusťte

proběhne sken, po jehož ukončení se zobrazí výsledky

poté klikněte na Save a uložíte tak log, jeho obsah sem vložte

pak dle tohoto návodu absolvujte druhý sken a opět obsah logu sem :)

Re: Poprosím o kontrolu logu.Ďakujem

Napsal: 28 črc 2010 20:17
od roskild
log 1:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-28 20:24:20
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\KC\LOCALS~1\Temp\pgtdapow.sys


---- System - GMER 1.0.15 ----

SSDT spfi.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spfi.sys ZwEnumerateValueKey [0xB7ECE132]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89A5D1F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip pctfw2.sys (PC Tools TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp pctfw2.sys (PC Tools TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp pctfw2.sys (PC Tools TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctfw2.sys (PC Tools TDI Driver/PC Tools)

---- EOF - GMER 1.0.15 ----




log 2:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-28 21:13:49
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\KC\LOCALS~1\Temp\pgtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xB3032610]
SSDT spfi.sys ZwCreateKey [0xB7EB50E0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xB3032C10]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xB3032730]
SSDT spfi.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spfi.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT spfi.sys ZwOpenKey [0xB7EB50C0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xB30324B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xB3032570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xB30326D0]
SSDT spfi.sys ZwQueryKey [0xB7ECE20A]
SSDT spfi.sys ZwQueryValueKey [0xB7ECE08A]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xB3032690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xB3032650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xB30327D0]
SSDT spfi.sys ZwSetValueKey [0xB7ECE29C]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xB3032510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xB3032590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xB30324D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xB30325D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xB3032750]

INT 0x62 ? 89A5EBF8
INT 0x63 ? 8952BF00
INT 0x73 ? 89A5EBF8
INT 0x73 ? 89A5EBF8
INT 0x73 ? 8952BF00
INT 0x73 ? 89A5EBF8
INT 0x82 ? 89A5EBF8
INT 0x83 ? 8952BF00
INT 0xB4 ? 8952BF00

---- Kernel code sections - GMER 1.0.15 ----

? spfi.sys Systém nemůže nalézt uvedený soubor. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB754D360, 0x3E57A5, 0xE8000020]
.text USBPORT.SYS!DllUnload B752D8AC 5 Bytes JMP 8952B4E0
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB73D5900]
.text ah4g4q9z.SYS B7330386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ah4g4q9z.SYS B73303AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ah4g4q9z.SYS B73303C4 3 Bytes [00, 80, 02]
.text ah4g4q9z.SYS B73303C9 1 Byte [30]
.text ah4g4q9z.SYS B73303C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[676] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1652] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spfi.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spfi.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spfi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spfi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spfi.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC5B90] spfi.sys
IAT \SystemRoot\System32\Drivers\ah4g4q9z.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\ah4g4q9z.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\ah4g4q9z.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\ah4g4q9z.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\ah4g4q9z.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\ah4g4q9z.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\ah4g4q9z.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\ah4g4q9z.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\ah4g4q9z.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\ah4g4q9z.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\ah4g4q9z.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\ah4g4q9z.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\ah4g4q9z.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\ah4g4q9z.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\ah4g4q9z.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89A5D1F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip pctfw2.sys (PC Tools TDI Driver/PC Tools)

Device \Driver\usbuhci \Device\USBPDO-0 896B91F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5F9C972C-72EB-4ED8-A44E-F3EFBA6E1927} 891AE1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89ACB1F8
Device \Driver\dmio \Device\DmControl\DmConfig 89ACB1F8
Device \Driver\dmio \Device\DmControl\DmPnP 89ACB1F8
Device \Driver\dmio \Device\DmControl\DmInfo 89ACB1F8
Device \Driver\usbuhci \Device\USBPDO-1 896B91F8
Device \Driver\usbuhci \Device\USBPDO-2 896B91F8
Device \Driver\usbuhci \Device\USBPDO-3 896B91F8
Device \Driver\usbehci \Device\USBPDO-4 897E11F8

AttachedDevice \Driver\Tcpip \Device\Tcp pctfw2.sys (PC Tools TDI Driver/PC Tools)

Device \Driver\Ftdisk \Device\HarddiskVolume1 89A5F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89A5F1F8
Device \Driver\Cdrom \Device\CdRom0 8951B500
Device \Driver\Ftdisk \Device\HarddiskVolume3 89A5F1F8
Device \Driver\Cdrom \Device\CdRom1 8951B500
Device \Driver\atapi \Device\Ide\IdePort0 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\sptd \Device\1190207416 spfi.sys
Device \Driver\Ftdisk \Device\HarddiskVolume4 89A5F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume5 89A5F1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 891AE1F8
Device \Driver\PCI_PNP7416 \Device\0000004b spfi.sys
Device \Driver\NetBT \Device\NetbiosSmb 891AE1F8

AttachedDevice \Driver\Tcpip \Device\Udp pctfw2.sys (PC Tools TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctfw2.sys (PC Tools TDI Driver/PC Tools)

Device \Driver\usbuhci \Device\USBFDO-0 896B91F8
Device \Driver\usbuhci \Device\USBFDO-1 896B91F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F3439631-4525-4FAB-8865-BE12368C618C} 891AE1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 890401F8
Device \Driver\usbuhci \Device\USBFDO-2 896B91F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 890401F8
Device \Driver\usbuhci \Device\USBFDO-3 896B91F8
Device \Driver\usbehci \Device\USBFDO-4 897E11F8
Device \Driver\Ftdisk \Device\FtControl 89A5F1F8
Device \Driver\ah4g4q9z \Device\Scsi\ah4g4q9z1 8956B500
Device \Driver\ah4g4q9z \Device\Scsi\ah4g4q9z1Port4Path0Target0Lun0 8956B500
Device \FileSystem\Fastfat \Fat 89663500
Device \FileSystem\Fastfat \Fat B1249297

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \FileSystem\Cdfs \Cdfs 896253F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF3 0x7C 0x7C 0xDB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0D 0xC7 0x4C 0x46 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBA 0x79 0x81 0xEC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9C 0x23 0xB7 0xFB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0D 0xC7 0x4C 0x46 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0x13 0xE3 0x12 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4E 0x55 0x7B 0x8D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0D 0xC7 0x4C 0x46 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBA 0x79 0x81 0xEC ...

---- EOF - GMER 1.0.15 ----

Re: Poprosím o kontrolu logu.Ďakujem

Napsal: 28 črc 2010 20:38
od roskild
Sakra,akurát sa mi reštartoval PC,naskočila modrá obrazovka,niečo tam vypisalo a reštart :(

Použil som WhoCrashed a tu je log,možno to pomôže:
Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.


On Wed 28. 7. 2010 19:33:12 your computer crashed
This was likely caused by the following module: cx88vid.sys
Bugcheck code: 0x1000000A (0xAF389088, 0x2, 0x0, 0x80527EF4)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini072810-01.dmp
file path: C:\WINDOWS\system32\drivers\cx88vid.sys
product: cx88vid.sys
company: Conexant Systems, Inc.
description: CxVCap, Video Capture Driver, Official Build



On Mon 26. 7. 2010 19:40:44 your computer crashed
This was likely caused by the following module: cx88vid.sys
Bugcheck code: 0x1000000A (0xAF349088, 0x2, 0x0, 0x80527EF4)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini072610-01.dmp
file path: C:\WINDOWS\system32\drivers\cx88vid.sys
product: cx88vid.sys
company: Conexant Systems, Inc.
description: CxVCap, Video Capture Driver, Official Build

Re: Poprosím o kontrolu logu.Ďakujem

Napsal: 30 črc 2010 15:51
od 1danab
c:\windows\system32\drivers\atapi.sys otestujte na VIRUSTOTALu

jednoduchý návod: po načtení stránky, kliknout na Procházet, najít cestu k výše zmíněnému souboru a kliknout na tlačítko Odeslat soubor; pokud vyskočí hláška, že soubor byl už testován, ignorujte to a proveďte sken znova; po ukončení skenu sem vložte výsledky buď zkopírováním textu nebo vložením odkazu

Re: Poprosím o kontrolu logu.Ďakujem

Napsal: 30 črc 2010 19:02
od roskild
http://www.virustotal.com/cs/analisis/b ... 1280512783

Re: Poprosím o kontrolu logu.Ďakujem

Napsal: 30 črc 2010 19:42
od 1danab
potřebovali bysme to instalační cd jestli by vám někdo půjčil :?:

Re: Poprosím o kontrolu logu.Ďakujem

Napsal: 30 črc 2010 21:45
od roskild
No skúsim nejako a ak sa nepodarí to cd? :o

Re: Poprosím o kontrolu logu.Ďakujem

Napsal: 30 črc 2010 23:34
od 1danab
ještě to zkusíme jinak :)

stáhněte a uložte nejlépe na plochu ComboFix

spusťte aplikaci pod účtem s administrátorským oprávněním
po startu se zobrazí obrazovka s licenčními podmínkami, klikněte na tlačítko Ano:

Obrázek

může dojít k varování ohledně rezidentního štítu Vašeho antiviru a upozornění na nenainstalovanou konzoli pro zotavení; zatím jí neinstalujte

sken trvá cca 10 minut (může trvat i déle, podle množství souborů a rychlosti pc); během skenu nespouštějte žádné aplikace

během skenování může být Vaše pc restartováno, proto nepropadejte panice

upozornění: pokud používate antispyware s rezidentním štítem, deaktivujte jeho rezidentní štít, protože dochází při skenu a výmazu případného malware k nežádoucím kolizím Combofixu s rezidentem antispyware

po restartování vytvoří aplikace log, uložený na C:/Combofix.txt jeho obsah vložte sem :)

Re: Poprosím o kontrolu logu.Ďakujem

Napsal: 02 srp 2010 07:34
od roskild
tu je log:

ComboFix 10-08-01.01 - KC . 08. 2010 8:23.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1526.1167 [GMT 2:00]
Running from: d:\d_dokumenty\Data\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\taskmgr.com
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-07-02 to 2010-08-02 )))))))))))))))))))))))))))))))
.

2010-07-30 14:00 . 2010-07-30 14:00 -------- d-----w- c:\program files\Graphic Converter 2003
2010-07-30 14:00 . 2003-01-20 07:35 1040384 ----a-w- c:\windows\system32\libgfl190.dll
2010-07-30 13:53 . 2010-07-30 13:55 -------- d-----w- c:\program files\ImageConverter Plus
2010-07-29 15:00 . 2010-07-29 15:00 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-07-27 18:29 . 2010-07-27 18:29 -------- d-----w- c:\program files\Ashampoo
2010-07-25 20:30 . 2002-01-05 13:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-07-25 18:08 . 2010-07-25 18:09 5846889 ----a-w- c:\windows\REGBK06.ZIP
2010-07-23 07:41 . 2010-07-23 07:41 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-07-23 07:40 . 2010-07-23 09:51 -------- d-----w- c:\program files\DVDFab 7
2010-07-18 19:47 . 2010-07-18 19:52 -------- d-----w- c:\program files\WhoCrashed
2010-07-16 16:49 . 2010-07-28 16:42 -------- d-----w- c:\program files\trend micro
2010-07-14 19:00 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-11 17:03 . 2010-07-11 17:03 5838763 ----a-w- c:\windows\REGBK05.ZIP
2010-07-11 08:27 . 2010-07-11 08:27 -------- d-----w- c:\program files\Free WMA to MP3 Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-26 14:40 . 2010-06-29 17:55 -------- d-----w- c:\program files\Spyware Doctor
2010-07-24 08:20 . 2010-05-11 12:43 -------- d-----w- c:\program files\Opera
2010-07-18 08:44 . 2005-01-03 14:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-29 18:08 . 2010-06-29 17:56 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-29 17:57 . 2001-10-25 13:00 54194 ----a-w- c:\windows\system32\perfc005.dat
2010-06-29 17:57 . 2001-10-25 13:00 330508 ----a-w- c:\windows\system32\perfh005.dat
2010-06-27 17:37 . 2010-06-27 17:37 5819862 ----a-w- c:\windows\REGBK04.ZIP
2010-06-23 09:35 . 2010-06-23 09:35 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-06-20 10:34 . 2005-01-03 15:55 -------- d-----w- c:\program files\DivX
2010-06-16 20:19 . 2010-06-16 20:19 -------- d-----w- c:\program files\uTorrent
2010-06-16 16:49 . 2010-06-16 16:48 5818836 ----a-w- c:\windows\REGBK03.ZIP
2010-06-16 14:31 . 2010-05-26 11:54 -------- d-----w- c:\program files\ICQ7.1
2010-06-14 14:31 . 2005-01-03 12:37 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-12 11:33 . 2010-06-12 11:32 -------- d-----w- c:\program files\7-Zip
2010-06-12 06:34 . 2010-05-06 18:59 -------- d-----w- c:\program files\Winamp
2010-06-12 06:34 . 2010-05-06 19:04 -------- d-----w- c:\program files\Winamp Detect
2010-06-06 09:53 . 2010-06-05 20:55 -------- d-----w- c:\program files\Lark Anti-Spyware
2010-06-05 07:30 . 2010-06-05 05:18 -------- d-----w- c:\program files\Windows Desktop Search
2010-06-03 11:37 . 2010-06-03 11:36 5112368 ----a-w- c:\windows\REGBK02.ZIP
2010-05-26 19:53 . 2010-05-26 19:52 4914170 ----a-w- c:\windows\REGBK01.ZIP
2010-05-19 07:33 . 2010-05-19 07:32 4922052 ----a-w- c:\windows\REGBK00.ZIP
2010-05-19 07:30 . 2005-01-03 14:38 626688 ----a-w- c:\windows\system32\msvcr80.dll
2010-05-19 07:30 . 2010-05-19 07:30 548864 ----a-w- c:\windows\system32\msvcp80.dll
2010-05-19 07:30 . 2010-05-19 07:30 28672 ----a-w- c:\windows\system32\eEmpty.exe
2010-05-11 14:15 . 2005-01-03 12:39 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-11 14:15 . 2005-01-03 12:39 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-05-07 05:55 . 2010-05-07 05:55 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-06 20:10 . 2010-05-06 20:10 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-06 10:35 . 2007-11-29 13:51 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-07 39408]
"Google Update"="c:\documents and settings\KC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-02-26 2140880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [26. 2. 2010 6:41 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [26. 2. 2010 6:41 95872]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [29. 6. 2010 19:56 160792]
R2 CX88XBAR;MSI 8606 Crossbar;c:\windows\system32\drivers\CX88XBar.SYS [6. 5. 2010 15:48 9159]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [26. 2. 2010 6:41 810120]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7. 5. 2010 22:16 135664]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [29. 7. 2010 17:00 23456]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [29. 6. 2010 19:55 356920]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7. 5. 2010 7:55 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-07-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 13:13]

2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-07 20:16]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-07 20:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = socks=
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-02 08:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(752)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll

- - - - - - - > 'explorer.exe'(552)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\control.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2010-08-02 08:32:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-02 06:32

Pre-Run: Volných bajtů: 11 034 447 872
Post-Run: Volných bajtů: 10 996 482 048

- - End Of File - - 3E21F050EC99A68493206ED28A8A1495

Re: Poprosím o kontrolu logu.Ďakujem

Napsal: 03 srp 2010 09:09
od 1danab
poprosím vás o nový log z OTL, který mi sem vložte :)

Re: Poprosím o kontrolu logu.Ďakujem

Napsal: 03 srp 2010 16:08
od roskild
OTL logfile created on: 3. 8. 2010 17:02:14 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = D:\D_DOKUMENTY\Data\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,02 Gb Total Space | 10,06 Gb Free Space | 50,28% Space Free | Partition Type: NTFS
Drive D: | 209,14 Gb Total Space | 44,04 Gb Free Space | 21,06% Space Free | Partition Type: NTFS
Drive E: | 151,20 Gb Total Space | 101,30 Gb Free Space | 67,00% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: KC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/03 17:01:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\D_DOKUMENTY\Data\Desktop\OTL.exe
PRC - [2010/08/02 12:52:03 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/06/30 14:52:22 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010/05/07 22:16:31 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/02/26 06:41:12 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/02/26 06:40:58 | 002,140,880 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/01/14 00:45:58 | 001,552,736 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winamp.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/08/03 17:01:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\D_DOKUMENTY\Data\Desktop\OTL.exe
MOD - [2008/04/14 08:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/29 20:20:50 | 001,079,176 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/02/26 06:42:34 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/02/26 06:41:12 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/06/13 15:29:14 | 000,356,920 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2006/12/19 17:53:46 | 000,024,072 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/07/29 17:00:59 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/05/07 07:55:42 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/26 06:41:36 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010/02/26 06:41:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/02/26 06:39:24 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/09/28 01:12:21 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/02/09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/25 11:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/08/25 11:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/08/25 11:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/07/28 11:29:58 | 000,160,792 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctfw2.sys -- (pctfw2)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
DRV - [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005/03/04 05:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/03/01 06:01:00 | 000,392,704 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2005/01/06 17:19:08 | 000,198,598 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CX88Vid.SYS -- (CX23880)
DRV - [2005/01/06 17:14:42 | 000,097,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CX88Tune.SYS -- (CXTUNE)
DRV - [2004/09/13 18:00:00 | 000,088,960 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/29 11:25:18 | 000,009,159 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CX88XBar.SYS -- (CX88XBAR)
DRV - [2003/01/03 11:10:12 | 000,010,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88aud.sys -- (CX88AUD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/06/01 19:55:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2010/08/02 12:52:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/02 12:52:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/02 12:52:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/08/02 12:52:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/08/02 12:52:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/05/18 19:49:00 | 000,000,000 | ---D | M]

[2010/05/09 13:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KC\Data aplikací\Mozilla\Extensions
[2010/05/09 13:42:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\KC\Data aplikací\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/07/25 12:13:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/06 22:09:22 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/01/14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/06/26 15:56:33 | 000,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010/06/26 15:56:33 | 000,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2010/06/26 15:56:33 | 000,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010/06/26 15:56:33 | 000,001,473 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010/06/26 15:56:33 | 000,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010/06/26 15:56:33 | 000,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2010/08/02 08:29:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\PC Translator\webie.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: WikiKomentáře Google... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\PC Translator\webie.dll ()
O9 - Extra 'Tools' menuitem : &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator\webie.dll ()
O9 - Extra 'Tools' menuitem : Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator\webie.dll ()
O9 - Extra 'Tools' menuitem : Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator\webie.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 3561583687 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\KC\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\KC\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/03 14:40:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/03 17:01:29 | 000,574,976 | ---- | C] (OldTimer Tools) -- D:\D_DOKUMENTY\Data\Desktop\OTL.exe
[2010/08/03 14:30:13 | 000,000,000 | ---D | C] -- D:\D_DOKUMENTY\Dokumenty\zadk
[2010/08/02 12:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Real
[2010/08/02 12:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/08/02 12:52:12 | 000,185,944 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/08/02 12:52:06 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/08/02 12:52:05 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/08/02 12:52:04 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010/08/02 12:52:04 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010/08/02 12:52:04 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/08/02 12:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/08/02 12:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/08/02 12:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KC\Data aplikací\Real
[2010/08/02 10:46:41 | 008,159,232 | ---- | C] (Wondershare Software ) -- D:\D_DOKUMENTY\Dokumenty\download.exe
[2010/08/02 08:32:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/02 08:21:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/02 08:21:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/02 08:21:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/02 08:21:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/02 08:21:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/02 08:18:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/01 23:40:07 | 000,000,000 | ---D | C] -- D:\D_DOKUMENTY\Dokumenty\BN
[2010/07/30 16:00:33 | 001,040,384 | ---- | C] (XnView) -- C:\WINDOWS\System32\libgfl190.dll
[2010/07/30 15:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\ImageConverter Plus
[2010/07/30 15:53:22 | 000,000,000 | ---D | C] -- D:\D_DOKUMENTY\Dokumenty\Image Converter Plus
[2010/07/30 15:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\ImageConverter Plus
[2010/07/30 12:12:33 | 000,000,000 | ---D | C] -- D:\D_DOKUMENTY\Dokumenty\30.7
[2010/07/30 12:12:06 | 000,000,000 | ---D | C] -- D:\D_DOKUMENTY\Dokumenty\viral
[2010/07/29 21:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2010/07/29 17:00:59 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2010/07/29 17:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KC\Local Settings\Data aplikací\eSupport.com
[2010/07/29 12:19:54 | 000,000,000 | ---D | C] -- D:\D_DOKUMENTY\Dokumenty\na 30.7
[2010/07/29 12:19:42 | 000,000,000 | ---D | C] -- D:\D_DOKUMENTY\Dokumenty\29.7
[2010/07/28 21:50:36 | 000,000,000 | ---D | C] -- D:\D_DOKUMENTY\Dokumenty\Testy
[2010/07/27 20:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2010/07/26 21:45:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KC\Data aplikací\FastStone
[2010/07/26 09:54:01 | 000,000,000 | ---D | C] -- D:\D_DOKUMENTY\Dokumenty\26.7
[2010/07/25 22:30:28 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2010/07/25 20:05:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\KC\Recent
[2010/07/25 18:16:17 | 000,000,000 | ---D | C] -- D:\D_DOKUMENTY\Dokumenty\cool_wallpapers
[2010/07/25 15:44:41 | 000,000,000 | ---D | C] -- D:\D_DOKUMENTY\Dokumenty\ogr 2
[2010/07/24 11:44:15 | 000,000,000 | ---D | C] -- D:\D_DOKUMENTY\Dokumenty\obra
[2010/07/23 11:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\vsosdk
[2010/07/23 09:41:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\KC\Data aplikací\pcouffin.sys
[2010/07/23 09:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KC\Data aplikací\Vso
[2010/07/23 09:41:13 | 000,000,000 | ---D | C] -- D:\D_DOKUMENTY\Dokumenty\PcSetup
[2010/07/23 09:41:12 | 000,000,000 | ---D | C] -- D:\D_DOKUMENTY\Dokumenty\DVDFab
[2010/07/23 09:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 7
[2010/07/22 18:28:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/07/18 21:52:26 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/07/18 21:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2010/07/18 10:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KC\Data aplikací\Ashampoo
[2010/07/18 10:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KC\Local Settings\Data aplikací\ashampoo
[2010/07/18 10:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ashampoo
[2010/07/16 18:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/07/14 21:00:58 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/13 14:27:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/07/11 19:01:18 | 000,000,000 | ---D | C] -- D:\D_DOKUMENTY\Dokumenty\11.7
[2010/07/09 09:37:52 | 000,000,000 | ---D | C] -- D:\D_DOKUMENTY\Dokumenty\9.7
[2010/07/08 11:09:54 | 000,000,000 | ---D | C] -- D:\D_DOKUMENTY\Dokumenty\8.7
[2010/07/05 18:18:25 | 000,000,000 | ---D | C] -- D:\D_DOKUMENTY\Dokumenty\5.7
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/03 17:03:07 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\KC\NTUSER.DAT
[2010/08/03 17:01:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\D_DOKUMENTY\Data\Desktop\OTL.exe
[2010/08/03 16:45:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/03 16:45:25 | 000,000,988 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/03 16:45:18 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/08/03 16:45:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/03 16:45:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/03 14:38:00 | 000,000,992 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/03 09:25:11 | 003,357,116 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\ogrish.flv
[2010/08/03 09:25:04 | 005,798,615 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\Dead Bodies.flv
[2010/08/03 09:22:04 | 005,074,538 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\female.flv
[2010/08/02 15:46:43 | 000,002,443 | ---- | M] () -- D:\D_DOKUMENTY\Data\Desktop\Microsoft Office Word 2007.lnk
[2010/08/02 14:28:29 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\KC\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/02 13:08:34 | 005,493,128 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\ment.flv
[2010/08/02 13:06:54 | 002,976,279 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\mexik kartel.flv
[2010/08/02 12:52:18 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\RealPlayer.lnk
[2010/08/02 12:52:12 | 000,185,944 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/08/02 12:52:06 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/08/02 12:52:05 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/08/02 12:52:04 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010/08/02 12:52:04 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010/08/02 12:52:04 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/08/02 12:51:58 | 000,003,731 | ---- | M] () -- C:\WINDOWS\wtran32.INI
[2010/08/02 12:51:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\XXLGSC
[2010/08/02 12:42:38 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\KC\Data aplikací\inst.exe
[2010/08/02 12:42:38 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\KC\Data aplikací\pcouffin.cat
[2010/08/02 12:42:37 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\KC\Data aplikací\pcouffin.sys
[2010/08/02 12:42:37 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\KC\Data aplikací\pcouffin.inf
[2010/08/02 10:50:45 | 008,159,232 | ---- | M] (Wondershare Software ) -- D:\D_DOKUMENTY\Dokumenty\download.exe
[2010/08/02 08:29:32 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/02 08:29:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/01 23:18:23 | 006,638,209 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\flas.flv
[2010/07/30 17:16:25 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/07/30 15:55:14 | 000,033,721 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\2 (1).jpg
[2010/07/30 15:55:00 | 000,033,721 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\2.jpg
[2010/07/30 12:07:12 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/29 17:00:59 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2010/07/29 13:43:41 | 000,012,071 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\Frasier 3.docx
[2010/07/29 12:17:03 | 000,016,140 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\Facebook_directory_-_personal_details_for_100_million_users.5722635.TPB.torrent
[2010/07/29 09:22:38 | 009,246,398 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\DqIVhWkTpvGbx5MtCyru.flv
[2010/07/28 20:23:11 | 000,284,915 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\gmer.zip
[2010/07/28 17:18:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\KC\ntuser.ini
[2010/07/28 11:53:38 | 000,002,102 | ---- | M] () -- D:\D_DOKUMENTY\Data\Desktop\Google Chrome.lnk
[2010/07/28 07:03:40 | 003,199,479 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\3roc.flv
[2010/07/28 07:01:00 | 007,279,743 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\otecplač.flv
[2010/07/28 06:51:15 | 003,449,081 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\umier.flv
[2010/07/27 20:29:37 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Ashampoo Burning Studio 6 FREE.lnk
[2010/07/27 08:44:52 | 009,958,256 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\samo2.flv
[2010/07/27 08:42:15 | 006,051,223 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\polic.flv
[2010/07/27 08:41:12 | 010,553,045 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\v lese.flv
[2010/07/27 08:30:31 | 008,466,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/26 21:10:32 | 000,074,029 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\pinfect.zip
[2010/07/26 21:09:48 | 000,000,000 | ---- | M] () -- C:\23990098.$$$
[2010/07/26 20:55:48 | 000,000,054 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2010/07/26 14:12:37 | 008,492,920 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\pes2.flv
[2010/07/26 14:11:55 | 001,685,991 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\mad.flv
[2010/07/26 12:44:17 | 104,948,370 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\3D.Ultra.cool.pool.rar
[2010/07/25 22:55:17 | 000,084,656 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\[CzT]Hard_Dance_Mania_vol_1_17_Diskografie.torrent
[2010/07/25 20:09:33 | 005,846,889 | ---- | M] () -- C:\WINDOWS\REGBK06.ZIP
[2010/07/24 11:38:19 | 000,864,998 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\miami.wmv
[2010/07/24 11:36:58 | 001,650,926 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\france.wmv
[2010/07/24 11:34:22 | 002,163,774 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\uday.wmv
[2010/07/24 10:20:53 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Opera.lnk
[2010/07/23 08:36:10 | 010,355,378 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\1.flv
[2010/07/23 08:34:38 | 003,968,384 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\klgh.flv
[2010/07/23 08:31:28 | 002,463,301 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\b.flv
[2010/07/20 08:48:42 | 001,484,706 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\boom.flv
[2010/07/20 08:47:11 | 002,099,915 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\mlad.flv
[2010/07/20 08:47:01 | 001,114,896 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\kolaj.flv
[2010/07/19 12:08:12 | 000,000,162 | -H-- | M] () -- D:\D_DOKUMENTY\Data\Desktop\~$stny otec 2.docx
[2010/07/18 21:47:36 | 000,000,558 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\WhoCrashed.lnk
[2010/07/18 10:36:20 | 006,844,703 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\srdce.flv
[2010/07/18 10:36:12 | 004,875,674 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\rs.flv
[2010/07/18 10:31:58 | 003,448,436 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\samo.flv
[2010/07/17 10:26:34 | 018,372,379 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\nieco.flv
[2010/07/17 10:20:12 | 001,148,559 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\neho.flv
[2010/07/17 10:18:32 | 002,675,097 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\suici.flv
[2010/07/16 18:49:37 | 000,339,991 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\RSIT.exe
[2010/07/16 08:33:40 | 004,470,014 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\znaszavraz.wmv
[2010/07/16 08:19:27 | 004,472,761 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\scd.flv
[2010/07/16 08:10:31 | 005,561,775 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\kon.flv
[2010/07/15 16:11:05 | 000,010,497 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\krstny otec 2.docx
[2010/07/15 09:03:20 | 006,434,157 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\rusi.flv
[2010/07/15 08:59:56 | 001,376,668 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\karaok.flv
[2010/07/15 08:28:59 | 022,465,049 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\rs.mp4
[2010/07/15 08:07:51 | 000,129,677 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\cartridges.jpg
[2010/07/14 22:06:41 | 003,554,775 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\Video14_ 7_ 2010 22_06_02.flv
[2010/07/14 07:45:35 | 008,555,146 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\dp.flv
[2010/07/14 07:44:15 | 009,490,283 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\neh.flv
[2010/07/14 07:43:18 | 002,506,677 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\drug.flv
[2010/07/13 19:43:18 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010/07/13 15:19:49 | 002,799,989 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\skok.flv
[2010/07/13 15:19:34 | 003,381,425 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\shit 137.flv
[2010/07/13 15:16:45 | 001,268,480 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\les.flv
[2010/07/12 22:11:28 | 005,382,241 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\pol.flv
[2010/07/12 22:11:11 | 011,185,980 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\far.flv
[2010/07/11 19:03:57 | 005,838,763 | ---- | M] () -- C:\WINDOWS\REGBK05.ZIP
[2010/07/06 09:47:26 | 010,830,624 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\e.flv
[2010/07/06 09:35:55 | 011,942,922 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\ko2.flv
[2010/07/06 09:34:32 | 008,537,890 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\vytiahli.flv
[2010/07/05 17:59:29 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/05 17:56:39 | 000,012,575 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\Tabulka.docx
[2010/07/05 11:41:34 | 000,009,954 | ---- | M] () -- D:\D_DOKUMENTY\Dokumenty\Sazkar.docx
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/03 09:50:07 | 005,798,615 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\Dead Bodies.flv
[2010/08/03 09:50:07 | 005,074,538 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\female.flv
[2010/08/03 09:50:07 | 003,357,116 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\ogrish.flv
[2010/08/02 13:06:41 | 005,493,128 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\ment.flv
[2010/08/02 13:06:07 | 002,976,279 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\mexik kartel.flv
[2010/08/02 12:52:18 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\RealPlayer.lnk
[2010/08/02 08:21:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/02 08:21:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/02 08:21:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/02 08:21:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/01 23:17:12 | 006,638,209 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\flas.flv
[2010/07/30 15:55:14 | 000,033,721 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\2 (1).jpg
[2010/07/30 15:55:00 | 000,033,721 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\2.jpg
[2010/07/29 13:43:41 | 000,012,071 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\Frasier 3.docx
[2010/07/29 12:17:03 | 000,016,140 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\Facebook_directory_-_personal_details_for_100_million_users.5722635.TPB.torrent
[2010/07/29 09:20:26 | 009,246,398 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\DqIVhWkTpvGbx5MtCyru.flv
[2010/07/28 20:23:10 | 000,284,915 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\gmer.zip
[2010/07/28 07:02:57 | 003,199,479 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\3roc.flv
[2010/07/28 06:59:41 | 007,279,743 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\otecplač.flv
[2010/07/28 06:50:37 | 003,449,081 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\umier.flv
[2010/07/27 20:29:37 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Ashampoo Burning Studio 6 FREE.lnk
[2010/07/27 08:38:07 | 009,958,256 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\samo2.flv
[2010/07/27 08:37:36 | 006,051,223 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\polic.flv
[2010/07/27 08:36:24 | 010,553,045 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\v lese.flv
[2010/07/26 21:09:48 | 000,000,000 | ---- | C] () -- C:\23990098.$$$
[2010/07/26 14:11:07 | 001,685,991 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\mad.flv
[2010/07/26 14:09:38 | 008,492,920 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\pes2.flv
[2010/07/26 12:14:49 | 104,948,370 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\3D.Ultra.cool.pool.rar
[2010/07/25 22:55:17 | 000,084,656 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\[CzT]Hard_Dance_Mania_vol_1_17_Diskografie.torrent
[2010/07/25 20:08:24 | 005,846,889 | ---- | C] () -- C:\WINDOWS\REGBK06.ZIP
[2010/07/25 11:29:28 | 000,000,195 | ---- | C] () -- C:\Documents and Settings\KC\mbr.log
[2010/07/25 11:27:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\mbr.exe
[2010/07/24 11:38:07 | 000,864,998 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\miami.wmv
[2010/07/24 11:36:43 | 001,650,926 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\france.wmv
[2010/07/24 11:34:05 | 002,163,774 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\uday.wmv
[2010/07/23 09:41:21 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\KC\Data aplikací\pcouffin.log
[2010/07/23 09:41:13 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\KC\Data aplikací\inst.exe
[2010/07/23 09:41:13 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\KC\Data aplikací\pcouffin.cat
[2010/07/23 09:41:13 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\KC\Data aplikací\pcouffin.inf
[2010/07/23 08:32:50 | 003,968,384 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\klgh.flv
[2010/07/23 08:31:58 | 010,355,378 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\1.flv
[2010/07/23 08:30:57 | 002,463,301 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\b.flv
[2010/07/20 08:48:30 | 001,484,706 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\boom.flv
[2010/07/20 08:46:17 | 001,114,896 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\kolaj.flv
[2010/07/20 08:46:02 | 002,099,915 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\mlad.flv
[2010/07/19 12:08:12 | 000,000,162 | -H-- | C] () -- D:\D_DOKUMENTY\Data\Desktop\~$stny otec 2.docx
[2010/07/18 21:47:36 | 000,000,558 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\WhoCrashed.lnk
[2010/07/18 10:33:01 | 004,875,674 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\rs.flv
[2010/07/18 10:32:38 | 006,844,703 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\srdce.flv
[2010/07/18 10:31:14 | 003,448,436 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\samo.flv
[2010/07/17 10:20:44 | 018,372,379 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\nieco.flv
[2010/07/17 10:19:44 | 001,148,559 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\neho.flv
[2010/07/17 10:17:37 | 002,675,097 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\suici.flv
[2010/07/16 18:49:36 | 000,339,991 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\RSIT.exe
[2010/07/16 08:32:59 | 004,470,014 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\znaszavraz.wmv
[2010/07/16 08:18:29 | 004,472,761 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\scd.flv
[2010/07/16 08:07:22 | 005,561,775 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\kon.flv
[2010/07/15 16:11:05 | 000,010,497 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\krstny otec 2.docx
[2010/07/15 09:01:33 | 006,434,157 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\rusi.flv
[2010/07/15 08:59:22 | 001,376,668 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\karaok.flv
[2010/07/15 08:21:05 | 022,465,049 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\rs.mp4
[2010/07/15 08:07:51 | 000,129,677 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\cartridges.jpg
[2010/07/14 22:06:02 | 003,554,775 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\Video14_ 7_ 2010 22_06_02.flv
[2010/07/14 07:42:32 | 008,555,146 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\dp.flv
[2010/07/14 07:40:50 | 002,506,677 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\drug.flv
[2010/07/14 07:39:03 | 009,490,283 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\neh.flv
[2010/07/13 21:23:39 | 045,630,880 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\cvi__n___sk____obn___testy_pre_skupinu_c__d__a_t.pdf
[2010/07/13 15:18:20 | 002,799,989 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\skok.flv
[2010/07/13 15:17:39 | 003,381,425 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\shit 137.flv
[2010/07/13 15:15:45 | 001,268,480 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\les.flv
[2010/07/12 22:07:55 | 005,382,241 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\pol.flv
[2010/07/12 22:05:10 | 011,185,980 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\far.flv
[2010/07/11 19:03:04 | 005,838,763 | ---- | C] () -- C:\WINDOWS\REGBK05.ZIP
[2010/07/07 16:52:38 | 000,002,102 | ---- | C] () -- D:\D_DOKUMENTY\Data\Desktop\Google Chrome.lnk
[2010/07/06 09:44:06 | 010,830,624 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\e.flv
[2010/07/06 09:30:58 | 011,942,922 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\ko2.flv
[2010/07/06 09:30:32 | 008,537,890 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\vytiahli.flv
[2010/07/05 11:41:33 | 000,009,954 | ---- | C] () -- D:\D_DOKUMENTY\Dokumenty\Sazkar.docx
[2010/07/01 20:09:51 | 000,002,685 | ---- | C] () -- C:\WINDOWS\wdict32.INI
[2010/05/16 18:18:52 | 000,003,731 | ---- | C] () -- C:\WINDOWS\wtran32.INI
[2010/05/16 17:18:29 | 000,002,313 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/05/15 21:22:51 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/05/07 13:24:45 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/07 09:33:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2010/05/07 07:55:42 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/05/26 22:22:14 | 000,015,552 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 22:22:10 | 000,021,464 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 22:22:04 | 000,014,910 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2006/07/27 19:28:42 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 12:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/01/03 17:56:31 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2005/01/03 16:46:37 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Install6x.dll
[2005/01/03 16:38:48 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
[2005/01/03 16:38:44 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8
< End of report >

Re: Poprosím o kontrolu logu.Ďakujem

Napsal: 05 srp 2010 21:12
od 1danab
tak znovu zkusíme to co už jsme dělali, ale bez úspěchu

spusťte HiJackThis odtud C:\Program Files\trend micro\KC.exe


neprovádějte sken, ale klikněte na tlačítko Open the Misc Tools Section

nahoře jsou čtyři tlačítka, musí být zamáčknuté Misc Tools:

Obrázek

najděte vlevo tlačítko Open ADS Spy , klikněte na něj, v následujícím okně klikněte na Scan, chvíli vyčkejte, poté klikněte na Save log (obsah logu sem) a dále pak klik na Remove selected

po restartu sem vložte nový log z OTL

pokud to nepůjde, zkusíme to odstranit jinak :)

Re: Poprosím o kontrolu logu.Ďakujem

Napsal: 06 srp 2010 15:54
od roskild
Ach jaj,spravil som to a behom 1sekundy naskočilo scan complete,žiadny log sa neda uložiť.klikam na save log a nič,to isté ako predtým :(
Všechny časy jsou v UTC+01:00
Stránka 4 z 7

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz