podezření na virus

Zpráva

Lionelka · #1 Příspěvek od **Lionelka** » 28 čer 2010 10:51

zdravim,

nelze spustit RIST, PC hlasi RIST.exe neni platna aplikace typu WIN32.

popis potizi:

bez meho vedomi se mi odeslal e-mail
sam se mi prepsal datum na 27.6.2023 a doslo i ke zmene casu
PC zamrzl a donutil me k restartu, ihned otviram toto forum ale nemuzu spustit RIST. Mam OS Windows Vista a SP1

prosim o pomoc

#2 Příspěvek od **Caroprd111** » 28 čer 2010 12:52

Zdravím

Zkuste spustit RSIT v nouzovém režimu. Případně zkuste vytvořit log z DDS http://www.viry.cz/forum/viewtopic.php?f=24&t=81946

Lionelka · #3 Příspěvek od **Lionelka** » 29 čer 2010 10:02

Ahoj

nejde spustit RIST ani v nouzovem rezimu, dokonce nejde spustit ani DDS. Stale to hlasi ze aplikace neni platna aplikace typu WIN32. Velice podezrele male jsou instalacky obou aplikaci. DDS ma 71,5 kB a je to jen zastupce a RIST ma jen 102 kB. Nasli jsme v pocitaci jednu starsi ikonu RISTu, jde o verzi 3.2.12.1 ze dne 4.10.2009 763 kB. Pres tuto ikonu se podarilo RIST spustit. Posilam nize log vytvoreny pri vypnutem antiviru a FireWallu s nastavenim jednoho mesice. Netusim do jake miry je aktualni ale snad nejak poslouzi abychom se pohli dal

Logfile of random's system information tool 1.06 (written by random/random)
Run by Moje cesky at 2010-06-29 10:39:21
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive F: has 11 GB (28%) free of 38 GB
Total RAM: 2037 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:25, on 29.6.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
F:\Windows\system32\Dwm.exe
F:\Windows\Explorer.EXE
F:\Windows\system32\taskeng.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\Windows\System32\igfxtray.exe
F:\Windows\System32\hkcmd.exe
F:\Windows\System32\igfxpers.exe
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
F:\Program Files\ESET\ESET Smart Security\egui.exe
F:\Program Files\TrustPort Disk Protection\Bin\TDWatch.exe
F:\Program Files\Common Files\TrustPort\bin\tptray.exe
F:\Windows\WindowsMobile\wmdc.exe
F:\Program Files\Windows Sidebar\sidebar.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\Windows\ehome\ehtray.exe
F:\Program Files\Windows Media Player\wmpnscfg.exe
F:\Windows\system32\igfxsrvc.exe
F:\Windows\ehome\ehmsas.exe
F:\Windows\system32\wbem\unsecapp.exe
F:\Program Files\Skype\Plugin Manager\skypePM.exe
F:\Users\Moje cesky\Desktop\Viry\RSIT.exe
F:\Program Files\trend micro\Moje cesky.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] F:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] F:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "F:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrustPortDiskProtectionWatchDog] F:\Program Files\TrustPort Disk Protection\bin\TDWatch.exe
O4 - HKLM\..\Run: [TrustPortTray] "F:\Program Files\Common Files\TrustPort\Bin\tptray.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKCU\..\Run: [Sidebar] F:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] F:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @F:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @F:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://monstereurope.webex.com/client/ ... atgpc1.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - F:\Windows\System32\DreamScene.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - F:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - F:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - F:\Program Files\Firebird\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - F:\Program Files\Firebird\bin\fbserver.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - F:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - F:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 6165 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - F:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=F:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"IgfxTray"=F:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=F:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=F:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"GrooveMonitor"=F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"egui"=F:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]
"Adobe Reader Speed Launcher"=F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"TrustPortDiskProtectionWatchDog"=F:\Program Files\TrustPort Disk Protection\bin\TDWatch.exe [2009-06-12 155480]
"TrustPortTray"=F:\Program Files\Common Files\TrustPort\Bin\tptray.exe [2009-06-12 835416]
"Windows Mobile Device Center"=F:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=F:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"Skype"=F:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]
"ehTray.exe"=F:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"WMPNSCFG"=F:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
F:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - F:\Windows\System32\DreamScene.dll [2008-12-13 233888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=F:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"F:\Users\Moje cesky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7NU22VQU\IMAGE464-facebook.com.JPG.jpg[2].exe"="F:\Windows\infocard.exe:*:Enabled:Firewall Admin"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2023-06-27 03:16:04 ----D---- F:\ProgramData\WindowsSearch
2010-06-29 10:17:00 ----A---- F:\Windows\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2023-06-27 03:16:04 ----HD---- F:\ProgramData
2010-06-29 10:39:25 ----D---- F:\Windows\Prefetch
2010-06-29 10:39:23 ----D---- F:\Windows\Temp
2010-06-29 10:39:22 ----D---- F:\Program Files\trend micro
2010-06-29 10:28:42 ----D---- F:\Windows
2010-06-29 10:23:13 ----D---- F:\Users\Moje cesky\AppData\Roaming\Skype
2010-06-29 09:27:22 ----D---- F:\Users\Moje cesky\AppData\Roaming\skypePM
2010-06-25 16:10:02 ----D---- F:\Program Files\Mozilla Firefox
2010-06-21 12:31:17 ----SHD---- F:\System Volume Information
2010-06-09 13:31:19 ----D---- F:\Windows\System32
2010-06-09 13:31:19 ----A---- F:\Windows\system32\PerfStringBackup.INI
2010-06-09 13:31:18 ----D---- F:\Windows\inf

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; F:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R1 ehdrv;ehdrv; F:\Windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 SbFw;SbFw; F:\Windows\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; F:\Windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 eamon;eamon; F:\Windows\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 EncDisk;EncDisk; \??\F:\Program Files\TrustPort Disk Protection\bin\EncDsk.sys [2009-06-12 55128]
R2 epfw;epfw; F:\Windows\system32\DRIVERS\epfw.sys [2009-05-14 133000]
R2 epfwwfp;epfwwfp; F:\Windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 38240]
R2 rismxdp;Ricoh xD-Picture Card Driver; F:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 BthEnum;Služba Bluetooth Enumerator; F:\Windows\system32\DRIVERS\BthEnum.sys [2008-12-13 19456]
R3 BthPan;Zařízení Bluetooth (síť PAN); F:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; F:\Windows\System32\Drivers\BTHUSB.sys [2008-12-13 29184]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; F:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 E100B;Intel(R) PRO Adapter Driver; F:\Windows\system32\DRIVERS\e100b325.sys [2008-01-18 159744]
R3 Epfwndis;Eset Personal Firewall; F:\Windows\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 HBtnKey;HBtnKey; F:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; F:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HSF_DPV;HSF_DPV; F:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 HSFHWAZL;HSFHWAZL; F:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
R3 igfx;igfx; F:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; F:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); F:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-18 49664]
R3 rimmptsk;rimmptsk; F:\Windows\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; F:\Windows\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; F:\Windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 sdbus;sdbus; F:\Windows\system32\DRIVERS\sdbus.sys [2008-01-18 88576]
R3 usbvideo;Zobrazovací zařízení USB (WDM); F:\Windows\System32\Drivers\usbvideo.sys [2008-01-18 134016]
R3 winachsf;winachsf; F:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; F:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
S3 BTHPORT;Ovladač portu Bluetooth; F:\Windows\System32\Drivers\BTHport.sys [2008-12-13 220160]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; F:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 ialm;ialm; F:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; F:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; F:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; F:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; F:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; F:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 usb_rndisx;Adaptér USB RNDIS; F:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-18 15872]
S3 WpdUsb;WpdUsb; F:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; F:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; F:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; F:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ekrn;ESET Service; F:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; F:\Program Files\Firebird\bin\fbguard.exe [2007-12-12 65536]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; F:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 SbPF.Launcher;SbPF.Launcher; F:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; F:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; F:\Program Files\Firebird\bin\fbserver.exe [2007-12-12 1531989]
S2 SPF4;Sunbelt Personal Firewall 4; F:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 AppMgmt;@appmgmts.dll,-3250; F:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 EhttpSrv;ESET HTTP Server; F:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; F:\Windows\system32\fxssvc.exe [2008-01-19 523776]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; F:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; F:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; F:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; F:\Windows\system32\wbengine.exe [2008-01-19 917504]

-----------------EOF-----------------

Lionelka · #4 Příspěvek od **Lionelka** » 29 čer 2010 10:23

no vida, kdyz neukladam instalacku DDS na HDD ale dam spustit primo z aktualniho umisteni na netu tak to jde

tady posilam log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Moje cesky at 11:15:53,08 on Łt 29.06.2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.420.1029.18.2037.1192 [GMT 2:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

============== Running Processes ===============

F:\Windows\system32\wininit.exe
F:\Windows\system32\lsm.exe
F:\Windows\system32\svchost.exe -k DcomLaunch
F:\Windows\system32\svchost.exe -k rpcss
F:\Windows\System32\svchost.exe -k secsvcs
F:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
F:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
F:\Windows\system32\svchost.exe -k netsvcs
F:\Windows\system32\SLsvc.exe
F:\Windows\system32\svchost.exe -k LocalService
F:\Windows\system32\svchost.exe -k NetworkService
F:\Windows\System32\spoolsv.exe
F:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
F:\Windows\system32\Dwm.exe
F:\Windows\Explorer.EXE
F:\Windows\system32\taskeng.exe
F:\Windows\system32\svchost.exe -k bthsvcs
F:\Program Files\ESET\ESET Smart Security\ekrn.exe
F:\Windows\system32\taskeng.exe
F:\Program Files\Firebird\bin\fbguard.exe
F:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
F:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\Windows\System32\igfxtray.exe
F:\Windows\System32\igfxpers.exe
F:\Windows\system32\svchost.exe -k imgsvc
F:\Windows\System32\svchost.exe -k WerSvcGroup
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
F:\Windows\system32\SearchIndexer.exe
F:\Program Files\ESET\ESET Smart Security\egui.exe
F:\Program Files\TrustPort Disk Protection\Bin\TDWatch.exe
F:\Program Files\Common Files\TrustPort\bin\tptray.exe
F:\Windows\WindowsMobile\wmdc.exe
F:\Program Files\Windows Sidebar\sidebar.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\Windows\ehome\ehtray.exe
F:\Program Files\Windows Media Player\wmpnscfg.exe
F:\Windows\system32\igfxsrvc.exe
F:\Windows\ehome\ehmsas.exe
F:\Program Files\Firebird\bin\fbserver.exe
F:\Windows\system32\svchost.exe -k WindowsMobile
F:\Program Files\Windows Media Player\wmpnetwk.exe
F:\Windows\system32\wbem\unsecapp.exe
F:\Windows\system32\wbem\wmiprvse.exe
F:\Program Files\Skype\Plugin Manager\skypePM.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Users\Moje cesky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5M6M9T2J\dds[1].pif
F:\Windows\system32\conime.exe
F:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.cz/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - f:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - f:\progra~1\micros~2\office12\GRA8E1~1.DLL
uRun: [Sidebar] f:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "f:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ehTray.exe] f:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] f:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] f:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] f:\windows\system32\hkcmd.exe
mRun: [Persistence] f:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "f:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [egui] "f:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "f:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TrustPortDiskProtectionWatchDog] f:\program files\trustport disk protection\bin\TDWatch.exe
mRun: [TrustPortTray] "f:\program files\common files\trustport\bin\tptray.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportovat do aplikace Microsoft Excel - f:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - f:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - f:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - f:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://monstereurope.webex.com/client/T26L/webex/ieatgpc1.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - f:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - f:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - f:\progra~1\micros~2\office12\GRA8E1~1.DLL
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration

================= FIREFOX ===================

FF - ProfilePath - f:\users\mojece~1\appdata\roaming\mozilla\firefox\profiles\p2fu6rbt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/

---- FIREFOX POLICIES ----
f:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
f:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
f:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
f:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");

============= SERVICES / DRIVERS ===============

R0 MEMLOCK;Secured Memory Driver;f:\windows\system32\drivers\MemLock.sys [2009-9-28 14136]
R1 ehdrv;ehdrv;f:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 SbFw;SbFw;f:\windows\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver;f:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R2 ekrn;ESET Service;f:\program files\eset\eset smart security\ekrn.exe [2009-5-14 731840]
R2 EncDisk;EncDisk;f:\program files\trustport disk protection\bin\EncDsk.sys [2009-9-28 55128]
R2 epfwwfp;epfwwfp;f:\windows\system32\drivers\epfwwfp.sys [2009-5-14 38240]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;f:\program files\firebird\bin\fbguard.exe -s --> f:\program files\firebird\bin\fbguard.exe -s [?]
R2 SbPF.Launcher;SbPF.Launcher;f:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;f:\program files\firebird\bin\fbserver.exe -s --> f:\program files\firebird\bin\fbserver.exe -s [?]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;f:\windows\system32\drivers\SbFwIm.sys [2008-11-1 65576]
S2 SPF4;Sunbelt Personal Firewall 4;f:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]

=============== Created Last 30 ================

2023-06-27 01:16:04 0 d-----w- f:\programdata\WindowsSearch
2010-06-11 11:27:50 11723 ----a-w- f:\users\moje cesky\CV Miroslav Zemčík.mht

==================== Find3M ====================

2010-06-09 11:31:19 602144 ----a-w- f:\windows\system32\perfh005.dat
2010-06-09 11:31:19 116204 ----a-w- f:\windows\system32\perfc005.dat
2009-09-30 18:55:28 51200 ----a-w- f:\windows\inf\infpub.dat
2009-09-30 18:55:27 86016 ----a-w- f:\windows\inf\infstrng.dat
2009-09-30 18:55:27 86016 ----a-w- f:\windows\inf\infstor.dat
2008-12-13 03:23:36 174 --sha-w- f:\program files\desktop.ini
2008-12-13 03:14:00 665600 ----a-w- f:\windows\inf\drvindex.dat
2007-01-08 21:12:07 34724 ----a-w- f:\windows\inf\perflib\0405\perfd.dat
2007-01-08 21:12:07 34724 ----a-w- f:\windows\inf\perflib\0405\perfc.dat
2007-01-08 21:12:07 286912 ----a-w- f:\windows\inf\perflib\0405\perfi.dat
2007-01-08 21:12:07 286912 ----a-w- f:\windows\inf\perflib\0405\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- f:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- f:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- f:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- f:\windows\inf\perflib\0000\perfc.dat
2010-01-12 14:40:34 16384 --sha-w- f:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-01-12 14:40:34 32768 --sha-w- f:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-01-12 14:40:34 16384 --sha-w- f:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 11:17:23,05 ===============

Lionelka · #5 Příspěvek od **Lionelka** » 29 čer 2010 10:30

tak ted uz se podarilo udelat i log z noveho RISTu

Logfile of random's system information tool 1.07 (written by random/random)
Run by Moje cesky at 2010-06-29 11:28:42
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive F: has 11 GB (28%) free of 38 GB
Total RAM: 2037 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:28:47, on 29.6.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
F:\Windows\system32\Dwm.exe
F:\Windows\Explorer.EXE
F:\Windows\system32\taskeng.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\Windows\System32\igfxtray.exe
F:\Windows\System32\hkcmd.exe
F:\Windows\System32\igfxpers.exe
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
F:\Program Files\ESET\ESET Smart Security\egui.exe
F:\Program Files\TrustPort Disk Protection\Bin\TDWatch.exe
F:\Program Files\Common Files\TrustPort\bin\tptray.exe
F:\Windows\WindowsMobile\wmdc.exe
F:\Program Files\Windows Sidebar\sidebar.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\Windows\ehome\ehtray.exe
F:\Program Files\Windows Media Player\wmpnscfg.exe
F:\Windows\system32\igfxsrvc.exe
F:\Windows\ehome\ehmsas.exe
F:\Windows\system32\wbem\unsecapp.exe
F:\Program Files\Skype\Plugin Manager\skypePM.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Windows\system32\conime.exe
F:\Windows\system32\SearchFilterHost.exe
F:\Users\Moje cesky\Desktop\Viry\RIST novy\RSIT.exe
F:\Program Files\trend micro\Moje cesky.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] F:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] F:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "F:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrustPortDiskProtectionWatchDog] F:\Program Files\TrustPort Disk Protection\bin\TDWatch.exe
O4 - HKLM\..\Run: [TrustPortTray] "F:\Program Files\Common Files\TrustPort\Bin\tptray.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKCU\..\Run: [Sidebar] F:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] F:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @F:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @F:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://monstereurope.webex.com/client/ ... atgpc1.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - F:\Windows\System32\DreamScene.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - F:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - F:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - F:\Program Files\Firebird\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - F:\Program Files\Firebird\bin\fbserver.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - F:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - F:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 6413 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - F:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=F:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"IgfxTray"=F:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=F:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=F:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"GrooveMonitor"=F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"egui"=F:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]
"Adobe Reader Speed Launcher"=F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"TrustPortDiskProtectionWatchDog"=F:\Program Files\TrustPort Disk Protection\bin\TDWatch.exe [2009-06-12 155480]
"TrustPortTray"=F:\Program Files\Common Files\TrustPort\Bin\tptray.exe [2009-06-12 835416]
"Windows Mobile Device Center"=F:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=F:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"Skype"=F:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]
"ehTray.exe"=F:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"WMPNSCFG"=F:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
F:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - F:\Windows\System32\DreamScene.dll [2008-12-13 233888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=F:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"F:\Users\Moje cesky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7NU22VQU\IMAGE464-facebook.com.JPG.jpg[2].exe"="F:\Windows\infocard.exe:*:Enabled:Firewall Admin"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2023-06-27 03:16:04 ----D---- F:\ProgramData\WindowsSearch
2010-06-29 10:17:00 ----A---- F:\Windows\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2023-06-27 03:16:04 ----HD---- F:\ProgramData
2010-06-29 11:28:46 ----D---- F:\Windows\Temp
2010-06-29 11:28:46 ----D---- F:\Program Files\trend micro
2010-06-29 11:28:45 ----D---- F:\Windows\Prefetch
2010-06-29 11:27:46 ----D---- F:\Users\Moje cesky\AppData\Roaming\Skype
2010-06-29 10:28:42 ----D---- F:\Windows
2010-06-29 09:27:22 ----D---- F:\Users\Moje cesky\AppData\Roaming\skypePM
2010-06-25 16:10:02 ----D---- F:\Program Files\Mozilla Firefox
2010-06-21 12:31:17 ----SHD---- F:\System Volume Information
2010-06-09 13:31:19 ----D---- F:\Windows\System32
2010-06-09 13:31:19 ----A---- F:\Windows\system32\PerfStringBackup.INI
2010-06-09 13:31:18 ----D---- F:\Windows\inf

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; F:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R1 ehdrv;ehdrv; F:\Windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 SbFw;SbFw; F:\Windows\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; F:\Windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 eamon;eamon; F:\Windows\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 EncDisk;EncDisk; \??\F:\Program Files\TrustPort Disk Protection\bin\EncDsk.sys [2009-06-12 55128]
R2 epfw;epfw; F:\Windows\system32\DRIVERS\epfw.sys [2009-05-14 133000]
R2 epfwwfp;epfwwfp; F:\Windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 38240]
R2 rismxdp;Ricoh xD-Picture Card Driver; F:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 BthEnum;Služba Bluetooth Enumerator; F:\Windows\system32\DRIVERS\BthEnum.sys [2008-12-13 19456]
R3 BthPan;Zařízení Bluetooth (síť PAN); F:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; F:\Windows\System32\Drivers\BTHUSB.sys [2008-12-13 29184]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; F:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 E100B;Intel(R) PRO Adapter Driver; F:\Windows\system32\DRIVERS\e100b325.sys [2008-01-18 159744]
R3 Epfwndis;Eset Personal Firewall; F:\Windows\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 HBtnKey;HBtnKey; F:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; F:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HSF_DPV;HSF_DPV; F:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 HSFHWAZL;HSFHWAZL; F:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
R3 igfx;igfx; F:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; F:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); F:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-18 49664]
R3 rimmptsk;rimmptsk; F:\Windows\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; F:\Windows\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; F:\Windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 sdbus;sdbus; F:\Windows\system32\DRIVERS\sdbus.sys [2008-01-18 88576]
R3 usbvideo;Zobrazovací zařízení USB (WDM); F:\Windows\System32\Drivers\usbvideo.sys [2008-01-18 134016]
R3 winachsf;winachsf; F:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; F:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
S3 BTHPORT;Ovladač portu Bluetooth; F:\Windows\System32\Drivers\BTHport.sys [2008-12-13 220160]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; F:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 ialm;ialm; F:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; F:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; F:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; F:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; F:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; F:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 usb_rndisx;Adaptér USB RNDIS; F:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-18 15872]
S3 WpdUsb;WpdUsb; F:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; F:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; F:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; F:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ekrn;ESET Service; F:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; F:\Program Files\Firebird\bin\fbguard.exe [2007-12-12 65536]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; F:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 SbPF.Launcher;SbPF.Launcher; F:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; F:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; F:\Program Files\Firebird\bin\fbserver.exe [2007-12-12 1531989]
S2 SPF4;Sunbelt Personal Firewall 4; F:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 AppMgmt;@appmgmts.dll,-3250; F:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 EhttpSrv;ESET HTTP Server; F:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; F:\Windows\system32\fxssvc.exe [2008-01-19 523776]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; F:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; F:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; F:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; F:\Windows\system32\wbengine.exe [2008-01-19 917504]

-----------------EOF-----------------

#6 Příspěvek od **Caroprd111** » 29 čer 2010 12:19

Zkuste obnovení systému k datu, kdy korektně fungoval.

Lionelka · #7 Příspěvek od **Lionelka** » 29 čer 2010 20:51

Ahoj, jediny bod obnoveni ktery mohu zvolit je dnesni poledne takze to nema cenu obnovovat. mozna to bude tim, ze jsme hned po te udalosti pouzili CCleaner a antivirak. Mame jeste nejaky jiny postup?

#8 Příspěvek od **Caroprd111** » 29 čer 2010 21:03

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
Vložte do PC všechny flash disky, které používáte.
Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
Během skenování může být počítač restartován.

Lionelka · #9 Příspěvek od **Lionelka** » 29 čer 2010 22:09

ahoj, po pouziti Combofixu se deli atipicke veci. hned potom co mi vyskocil log jsem se nedostal na internet pres zadny prohlizec (explorer, mozila). dokud jsem nerestartoval tak mi po poklikani na ikonu prohlizece vyskakovala hlaska: Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni. Po restartu nefungovala rezidentni ochrana souboroveho systemu antiviroveho programu a nesla nijak zapnout, nyni se tvari jako kdyby fungovala aniz bych neco zapinal.

ComboFix 10-06-29.02 - Moje cesky 29.06.2010 22:21:51.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.420.1029.18.2037.1162 [GMT 2:00]
Spuštěný z: f:\users\Moje cesky\Desktop\ComboFix.exe
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\users\Moje cesky\Documents\cc_20100628_120934.reg
f:\windows\system32\Ijl11.dll
f:\windows\system32\vbpng1.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-28 do 2010-06-29 )))))))))))))))))))))))))))))))
.

2023-06-27 01:16 . 2023-06-27 01:16 -------- d-----w- f:\programdata\WindowsSearch
2010-06-29 20:31 . 2010-06-29 20:32 -------- d-----w- f:\users\Moje cesky\AppData\Local\temp
2010-06-29 20:31 . 2010-06-29 20:31 -------- d-----w- f:\users\Default\AppData\Local\temp
2010-06-15 20:34 . 2010-06-15 20:34 680 ----a-w- f:\users\Moje cesky\AppData\Local\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-29 20:32 . 2008-12-13 09:56 -------- d-----w- f:\users\Moje cesky\AppData\Roaming\Skype
2010-06-29 20:22 . 2007-01-08 21:15 602144 ----a-w- f:\windows\system32\perfh005.dat
2010-06-29 20:22 . 2007-01-08 21:15 116204 ----a-w- f:\windows\system32\perfc005.dat
2010-06-29 14:02 . 2008-12-13 09:59 -------- d-----w- f:\users\Moje cesky\AppData\Roaming\skypePM
2010-06-29 09:28 . 2009-10-04 11:20 -------- d-----w- f:\program files\trend micro
2010-06-29 08:15 . 2008-12-13 01:24 12 ----a-w- f:\windows\bthservsdp.dat
2010-05-01 18:55 . 2009-09-25 11:08 -------- d-----w- f:\users\Moje cesky\AppData\Roaming\dvdcss
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="f:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"Skype"="f:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"ehTray.exe"="f:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="f:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="f:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"IgfxTray"="f:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="f:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="f:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"egui"="f:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TrustPortDiskProtectionWatchDog"="f:\program files\TrustPort Disk Protection\bin\TDWatch.exe" [2009-06-12 155480]
"TrustPortTray"="f:\program files\Common Files\TrustPort\Bin\tptray.exe" [2009-06-12 835416]
"Windows Mobile Device Center"="f:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-237069233-1738439373-3822406637-1000]
"EnableNotificationsRef"=dword:00000001

R2 SPF4;Sunbelt Personal Firewall 4;f:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S0 MEMLOCK;Secured Memory Driver;f:\windows\system32\drivers\memlock.sys [2009-06-12 14136]
S1 ehdrv;ehdrv;f:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S1 SbFw;SbFw;f:\windows\system32\drivers\SbFw.sys [2008-10-31 270888]
S1 sbhips;Sunbelt HIPS Driver;f:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
S2 ekrn;ESET Service;f:\program files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
S2 EncDisk;EncDisk;f:\program files\TrustPort Disk Protection\bin\EncDsk.sys [2009-06-12 55128]
S2 epfwwfp;epfwwfp;f:\windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 38240]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;f:\program files\Firebird\bin\fbguard.exe [2007-12-11 65536]
S2 SbPF.Launcher;SbPF.Launcher;f:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;f:\program files\Firebird\bin\fbserver.exe [2007-12-11 1531989]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;f:\windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 16:23 38400 ----a-w- f:\windows\System32\SoundSchemes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 09:50 30720 ----a-w- f:\windows\System32\soundschemes2.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - f:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - f:\users\Moje cesky\AppData\Roaming\Mozilla\Firefox\Profiles\p2fu6rbt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/

---- NASTAVENÍ FIREFOXU ----
f:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-29 22:32
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-06-29 22:37:11
ComboFix-quarantined-files.txt 2010-06-29 20:37

Před spuštěním: Volných bajtů: 10 468 507 648
Po spuštění: Volných bajtů: 10 387 988 480

- - End Of File - - 4752B294BF56634B3D07647EA29D7EDE

#10 Příspěvek od **Caroprd111** » 30 čer 2010 07:31

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
autochk.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

Lionelka · #11 Příspěvek od **Lionelka** » 30 čer 2010 11:45

OTL.Txt

OTL logfile created on: 30.6.2010 12:01:48 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = F:\Users\Moje cesky\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files
Drive C: | 69,74 Gb Total Space | 36,85 Gb Free Space | 52,84% Space Free | Partition Type: NTFS
Drive D: | 5,20 Gb Total Space | 1,17 Gb Free Space | 22,46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 36,85 Gb Total Space | 9,52 Gb Free Space | 25,85% Space Free | Partition Type: NTFS
Drive G: | 3,73 Gb Total Space | 0,47 Gb Free Space | 12,56% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOJECESKY-PC
Current User Name: Moje cesky
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.06.30 11:16:25 | 000,574,464 | ---- | M] (OldTimer Tools) -- F:\Users\Moje cesky\Desktop\OTL.exe
PRC - [2010.06.30 11:05:44 | 000,039,408 | ---- | M] (Google Inc.) -- F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.06.12 13:05:52 | 000,835,416 | ---- | M] () -- F:\Program Files\Common Files\TrustPort\bin\tptray.exe
PRC - [2009.06.12 13:05:50 | 000,155,480 | ---- | M] () -- F:\Program Files\TrustPort Disk Protection\Bin\TDWatch.exe
PRC - [2009.05.14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- F:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009.05.14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- F:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008.12.13 03:44:30 | 002,927,104 | ---- | M] (Microsoft Corporation) -- F:\Windows\explorer.exe
PRC - [2008.10.31 08:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) -- F:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2008.01.19 00:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.19 00:33:40 | 000,117,248 | ---- | M] () -- \\?\F:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2007.12.12 01:05:04 | 001,531,989 | ---- | M] (The Firebird Project) -- F:\Program Files\Firebird\bin\fbserver.exe
PRC - [2007.12.12 01:05:04 | 000,065,536 | ---- | M] (The Firebird Project) -- F:\Program Files\Firebird\bin\fbguard.exe

========== Modules (SafeList) ==========

MOD - [2010.06.30 11:16:25 | 000,574,464 | ---- | M] (OldTimer Tools) -- F:\Users\Moje cesky\Desktop\OTL.exe
MOD - [2008.01.19 00:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\msscript.ocx
MOD - [2008.01.19 00:26:36 | 001,684,480 | ---- | M] (Microsoft Corporation) -- F:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009.05.14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- F:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.05.14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- F:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008.10.31 08:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) [Auto | Stopped] -- F:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4)
SRV - [2008.10.31 08:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- F:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.05 04:21:40 | 000,122,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.12.12 01:05:04 | 001,531,989 | ---- | M] (The Firebird Project) [On_Demand | Running] -- F:\Program Files\Firebird\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2007.12.12 01:05:04 | 000,065,536 | ---- | M] (The Firebird Project) [Auto | Running] -- F:\Program Files\Firebird\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - [2009.06.12 13:06:18 | 000,055,128 | ---- | M] () [Kernel | Auto | Running] -- F:\Program Files\TrustPort Disk Protection\Bin\EncDsk.sys -- (EncDisk)
DRV - [2009.06.12 13:06:16 | 000,014,136 | ---- | M] () [Kernel | Boot | Running] -- F:\Windows\system32\drivers\memlock.sys -- (MEMLOCK)
DRV - [2009.05.14 15:49:32 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- F:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009.05.14 15:49:26 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.05.14 15:49:22 | 000,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- F:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009.05.14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- F:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.05.14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- F:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008.10.31 08:09:06 | 000,270,888 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- F:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2008.06.21 05:54:54 | 000,066,600 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- F:\Windows\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2008.06.21 05:54:54 | 000,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2008.02.11 20:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.02.11 20:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007.10.31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Ovladač adaptéru Intel(R)
DRV - [2006.11.14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- F:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2006.11.02 09:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006.11.02 09:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.06.28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005.12.22 18:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005.11.16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-237069233-1738439373-3822406637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-237069233-1738439373-3822406637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-237069233-1738439373-3822406637-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-237069233-1738439373-3822406637-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.centrum.cz/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010.04.29 14:27:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010.04.06 10:48:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: F:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009.09.21 13:36:05 | 000,000,000 | ---D | M]

[2008.12.13 03:32:55 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\Mozilla\Extensions
[2010.06.29 13:22:25 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\Mozilla\Firefox\Profiles\p2fu6rbt.default\extensions
[2008.12.13 03:37:55 | 000,000,000 | ---D | M] (Adblock Plus) -- F:\Users\Moje cesky\AppData\Roaming\Mozilla\Firefox\Profiles\p2fu6rbt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.30 11:04:45 | 000,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions
[2010.06.30 11:04:45 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- F:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.01.04 16:04:55 | 000,000,638 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.04 16:04:55 | 000,001,687 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.04 16:04:55 | 000,001,367 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.04 16:04:55 | 000,000,654 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.04 16:04:55 | 000,001,179 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.06.29 22:32:00 | 000,000,027 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-237069233-1738439373-3822406637-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [egui] F:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [TrustPortDiskProtectionWatchDog] F:\Program Files\TrustPort Disk Protection\Bin\TDWatch.exe ()
O4 - HKLM..\Run: [TrustPortTray] F:\Program Files\Common Files\TrustPort\Bin\tptray.exe ()
O4 - HKLM..\Run: [Windows Defender] F:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-237069233-1738439373-3822406637-1000..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-237069233-1738439373-3822406637-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-237069233-1738439373-3822406637-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - F:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: WikiKomentáře Google... - F:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @F:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @F:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://monstereurope.webex.com/client/ ... atgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - F:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - F:\Windows\System32\igfxdev.dll (Intel Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - F:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: F:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: F:\Windows\Web\Wallpaper\img16.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - F:\Windows\System32\ias [2008.12.13 05:14:53 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - F:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - F:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - F:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - F:\Windows\System32\iccvid.dll (Radius Inc.)

Lionelka · #12 Příspěvek od **Lionelka** » 30 čer 2010 11:45

OTL.Txt

OTL logfile created on: 30.6.2010 12:01:48 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = F:\Users\Moje cesky\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files
Drive C: | 69,74 Gb Total Space | 36,85 Gb Free Space | 52,84% Space Free | Partition Type: NTFS
Drive D: | 5,20 Gb Total Space | 1,17 Gb Free Space | 22,46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 36,85 Gb Total Space | 9,52 Gb Free Space | 25,85% Space Free | Partition Type: NTFS
Drive G: | 3,73 Gb Total Space | 0,47 Gb Free Space | 12,56% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOJECESKY-PC
Current User Name: Moje cesky
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.06.30 11:16:25 | 000,574,464 | ---- | M] (OldTimer Tools) -- F:\Users\Moje cesky\Desktop\OTL.exe
PRC - [2010.06.30 11:05:44 | 000,039,408 | ---- | M] (Google Inc.) -- F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.06.12 13:05:52 | 000,835,416 | ---- | M] () -- F:\Program Files\Common Files\TrustPort\bin\tptray.exe
PRC - [2009.06.12 13:05:50 | 000,155,480 | ---- | M] () -- F:\Program Files\TrustPort Disk Protection\Bin\TDWatch.exe
PRC - [2009.05.14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- F:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009.05.14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- F:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008.12.13 03:44:30 | 002,927,104 | ---- | M] (Microsoft Corporation) -- F:\Windows\explorer.exe
PRC - [2008.10.31 08:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) -- F:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2008.01.19 00:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.19 00:33:40 | 000,117,248 | ---- | M] () -- \\?\F:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2007.12.12 01:05:04 | 001,531,989 | ---- | M] (The Firebird Project) -- F:\Program Files\Firebird\bin\fbserver.exe
PRC - [2007.12.12 01:05:04 | 000,065,536 | ---- | M] (The Firebird Project) -- F:\Program Files\Firebird\bin\fbguard.exe

========== Modules (SafeList) ==========

MOD - [2010.06.30 11:16:25 | 000,574,464 | ---- | M] (OldTimer Tools) -- F:\Users\Moje cesky\Desktop\OTL.exe
MOD - [2008.01.19 00:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\msscript.ocx
MOD - [2008.01.19 00:26:36 | 001,684,480 | ---- | M] (Microsoft Corporation) -- F:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009.05.14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- F:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.05.14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- F:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008.10.31 08:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) [Auto | Stopped] -- F:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4)
SRV - [2008.10.31 08:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- F:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.05 04:21:40 | 000,122,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.12.12 01:05:04 | 001,531,989 | ---- | M] (The Firebird Project) [On_Demand | Running] -- F:\Program Files\Firebird\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2007.12.12 01:05:04 | 000,065,536 | ---- | M] (The Firebird Project) [Auto | Running] -- F:\Program Files\Firebird\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - [2009.06.12 13:06:18 | 000,055,128 | ---- | M] () [Kernel | Auto | Running] -- F:\Program Files\TrustPort Disk Protection\Bin\EncDsk.sys -- (EncDisk)
DRV - [2009.06.12 13:06:16 | 000,014,136 | ---- | M] () [Kernel | Boot | Running] -- F:\Windows\system32\drivers\memlock.sys -- (MEMLOCK)
DRV - [2009.05.14 15:49:32 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- F:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009.05.14 15:49:26 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.05.14 15:49:22 | 000,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- F:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009.05.14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- F:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.05.14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- F:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008.10.31 08:09:06 | 000,270,888 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- F:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2008.06.21 05:54:54 | 000,066,600 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- F:\Windows\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2008.06.21 05:54:54 | 000,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2008.02.11 20:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.02.11 20:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007.10.31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Ovladač adaptéru Intel(R)
DRV - [2006.11.14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- F:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2006.11.02 09:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006.11.02 09:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- F:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.06.28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005.12.22 18:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005.11.16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-237069233-1738439373-3822406637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-237069233-1738439373-3822406637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-237069233-1738439373-3822406637-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-237069233-1738439373-3822406637-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.centrum.cz/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010.04.29 14:27:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010.04.06 10:48:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: F:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009.09.21 13:36:05 | 000,000,000 | ---D | M]

[2008.12.13 03:32:55 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\Mozilla\Extensions
[2010.06.29 13:22:25 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\Mozilla\Firefox\Profiles\p2fu6rbt.default\extensions
[2008.12.13 03:37:55 | 000,000,000 | ---D | M] (Adblock Plus) -- F:\Users\Moje cesky\AppData\Roaming\Mozilla\Firefox\Profiles\p2fu6rbt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.30 11:04:45 | 000,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions
[2010.06.30 11:04:45 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- F:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.01.04 16:04:55 | 000,000,638 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.04 16:04:55 | 000,001,687 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.04 16:04:55 | 000,001,367 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.04 16:04:55 | 000,000,654 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.04 16:04:55 | 000,001,179 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.06.29 22:32:00 | 000,000,027 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-237069233-1738439373-3822406637-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [egui] F:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [TrustPortDiskProtectionWatchDog] F:\Program Files\TrustPort Disk Protection\Bin\TDWatch.exe ()
O4 - HKLM..\Run: [TrustPortTray] F:\Program Files\Common Files\TrustPort\Bin\tptray.exe ()
O4 - HKLM..\Run: [Windows Defender] F:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-237069233-1738439373-3822406637-1000..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-237069233-1738439373-3822406637-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-237069233-1738439373-3822406637-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - F:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: WikiKomentáře Google... - F:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @F:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @F:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://monstereurope.webex.com/client/ ... atgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - F:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - F:\Windows\System32\igfxdev.dll (Intel Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - F:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: F:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: F:\Windows\Web\Wallpaper\img16.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - F:\Windows\System32\ias [2008.12.13 05:14:53 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - F:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - F:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - F:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - F:\Windows\System32\iccvid.dll (Radius Inc.)

Lionelka · #13 Příspěvek od **Lionelka** » 30 čer 2010 11:47

druha cast OTL.txt

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2023.06.27 03:16:04 | 000,000,000 | ---D | C] -- F:\ProgramData\WindowsSearch
[2010.06.30 11:16:05 | 000,574,464 | ---- | C] (OldTimer Tools) -- F:\Users\Moje cesky\Desktop\OTL.exe
[2010.06.30 11:04:50 | 000,000,000 | ---D | C] -- F:\ProgramData\Google
[2010.06.30 11:04:31 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\Skype
[2010.06.30 11:04:28 | 000,000,000 | R--D | C] -- F:\Program Files\Skype
[2010.06.29 22:37:18 | 000,000,000 | ---D | C] -- F:\Windows\temp
[2010.06.29 22:33:11 | 000,000,000 | -HSD | C] -- F:\$RECYCLE.BIN
[2010.06.29 22:31:13 | 000,000,000 | ---D | C] -- F:\Users\Moje cesky\AppData\Local\temp
[2010.06.29 22:20:15 | 000,161,792 | ---- | C] (SteelWerX) -- F:\Windows\SWREG.exe
[2010.06.29 22:20:15 | 000,031,232 | ---- | C] (NirSoft) -- F:\Windows\NIRCMD.exe
[2010.06.29 22:20:14 | 000,136,704 | ---- | C] (SteelWerX) -- F:\Windows\SWSC.exe
[2010.06.29 22:19:58 | 000,000,000 | ---D | C] -- F:\Windows\ERDNT
[2010.06.29 22:19:56 | 000,000,000 | ---D | C] -- F:\ComboFix
[2010.06.29 22:19:38 | 000,000,000 | ---D | C] -- F:\Qoobox
[2010.06.29 22:19:17 | 000,212,480 | ---- | C] (SteelWerX) -- F:\Windows\SWXCACLS.exe
[2010.06.28 11:35:13 | 000,000,000 | ---D | C] -- F:\Users\Moje cesky\Documents\Viry
[2010.06.08 15:24:35 | 000,000,000 | ---D | C] -- F:\Users\Moje cesky\Desktop\Scotland 2010
[3 F:\Users\Moje cesky\Documents\*.tmp files -> F:\Users\Moje cesky\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.06.30 12:04:50 | 000,602,144 | ---- | M] () -- F:\Windows\System32\perfh005.dat
[2010.06.30 12:04:50 | 000,590,082 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2010.06.30 12:04:50 | 000,116,204 | ---- | M] () -- F:\Windows\System32\perfc005.dat
[2010.06.30 12:04:50 | 000,102,094 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2010.06.30 12:04:49 | 001,402,506 | ---- | M] () -- F:\Windows\System32\PerfStringBackup.INI
[2010.06.30 12:02:54 | 000,005,552 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.30 12:02:54 | 000,005,552 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.30 12:01:29 | 002,621,440 | -HS- | M] () -- F:\Users\Moje cesky\NTUSER.DAT
[2010.06.30 11:59:57 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2010.06.30 11:16:25 | 000,574,464 | ---- | M] (OldTimer Tools) -- F:\Users\Moje cesky\Desktop\OTL.exe
[2010.06.30 11:11:23 | 000,000,948 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.30 11:10:00 | 000,000,944 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.30 10:54:35 | 000,000,006 | -H-- | M] () -- F:\Windows\tasks\SA.DAT
[2010.06.30 10:54:28 | 2137,120,768 | -HS- | M] () -- F:\hiberfil.sys
[2010.06.30 10:53:22 | 000,000,012 | ---- | M] () -- F:\Windows\bthservsdp.dat
[2010.06.30 10:53:18 | 000,524,288 | -HS- | M] () -- F:\Users\Moje cesky\NTUSER.DAT{e8697221-de06-11de-982c-001641f7171e}.TMContainer00000000000000000001.regtrans-ms
[2010.06.30 10:53:18 | 000,065,536 | -HS- | M] () -- F:\Users\Moje cesky\NTUSER.DAT{e8697221-de06-11de-982c-001641f7171e}.TM.blf
[2010.06.30 10:53:05 | 001,512,019 | -H-- | M] () -- F:\Users\Moje cesky\AppData\Local\IconCache.db
[2010.06.29 22:32:29 | 000,000,215 | ---- | M] () -- F:\Windows\system.ini
[2010.06.29 22:32:00 | 000,000,027 | ---- | M] () -- F:\Windows\System32\drivers\etc\hosts
[2010.06.29 22:17:50 | 003,723,633 | R--- | M] () -- F:\Users\Moje cesky\Desktop\ComboFix.exe
[2010.06.29 13:57:42 | 000,037,376 | ---- | M] () -- F:\Users\Moje cesky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.29 13:56:56 | 009,246,208 | ---- | M] () -- F:\Users\Moje cesky\Documents\B 2_0001_LIVE.AVI
[2010.06.29 13:56:54 | 009,246,208 | ---- | M] () -- F:\Users\Moje cesky\Documents\B 2_0001.AVI
[2010.06.25 15:18:51 | 000,002,589 | ---- | M] () -- F:\Users\Moje cesky\Desktop\Microsoft Office Excel 2007.lnk
[2010.06.23 13:56:51 | 000,261,915 | ---- | M] () -- F:\Users\Moje cesky\Documents\Obraz044.jpg
[2010.06.23 13:42:01 | 000,627,452 | ---- | M] () -- F:\Users\Moje cesky\Documents\lada kresba.jpg
[2010.06.23 13:41:18 | 000,065,619 | ---- | M] () -- F:\Users\Moje cesky\Documents\DSC01358.JPG
[2010.06.23 13:40:51 | 000,097,165 | ---- | M] () -- F:\Users\Moje cesky\Documents\DSC01365.JPG
[2010.06.23 13:40:37 | 000,049,230 | ---- | M] () -- F:\Users\Moje cesky\Documents\DSC01377.JPG
[2010.06.23 13:39:54 | 000,076,834 | ---- | M] () -- F:\Users\Moje cesky\Documents\DSC01361.JPG
[2010.06.23 13:39:34 | 000,108,119 | ---- | M] () -- F:\Users\Moje cesky\Documents\DSC01336.JPG
[2010.06.23 13:39:26 | 000,101,066 | ---- | M] () -- F:\Users\Moje cesky\Documents\DSC01339.JPG
[2010.06.23 13:39:18 | 000,057,647 | ---- | M] () -- F:\Users\Moje cesky\Documents\DSC01322.JPG
[2010.06.22 15:06:04 | 000,197,120 | ---- | M] () -- F:\Users\Moje cesky\Documents\AP_Kupcová_Tamara.xls
[2010.06.22 15:05:49 | 000,001,083 | ---- | M] () -- F:\Users\Moje cesky\Desktop\AP Kupcová Tamara.lnk
[2010.06.15 22:34:59 | 000,000,680 | ---- | M] () -- F:\Users\Moje cesky\AppData\Local\d3d9caps.dat
[2010.06.15 17:07:22 | 000,073,665 | ---- | M] () -- F:\Users\Moje cesky\Documents\Adrenalinová akce s Jihlavou (3) (2).docx
[2010.06.14 14:22:42 | 000,012,006 | ---- | M] () -- F:\Users\Moje cesky\Documents\Ceník a služby v.docx
[2010.06.11 16:10:33 | 000,010,548 | ---- | M] () -- F:\Users\Moje cesky\Documents\Sešit1.xlsx
[2010.06.11 16:10:33 | 000,000,165 | -H-- | M] () -- F:\Users\Moje cesky\Documents\~$Sešit1.xlsx
[2010.06.11 15:09:31 | 000,000,162 | -H-- | M] () -- F:\Users\Moje cesky\Documents\~$ník a služby v.docx
[2010.06.11 13:27:52 | 000,011,723 | ---- | M] () -- F:\Users\Moje cesky\CV Miroslav Zemčík.mht
[3 F:\Users\Moje cesky\Documents\*.tmp files -> F:\Users\Moje cesky\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.06.30 11:05:58 | 000,000,948 | ---- | C] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.30 11:05:56 | 000,000,944 | ---- | C] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.29 22:20:15 | 000,256,512 | ---- | C] () -- F:\Windows\PEV.exe
[2010.06.29 22:20:15 | 000,098,816 | ---- | C] () -- F:\Windows\sed.exe
[2010.06.29 22:20:15 | 000,080,412 | ---- | C] () -- F:\Windows\grep.exe
[2010.06.29 22:20:15 | 000,077,312 | ---- | C] () -- F:\Windows\MBR.exe
[2010.06.29 22:20:15 | 000,068,096 | ---- | C] () -- F:\Windows\zip.exe
[2010.06.29 22:17:36 | 003,723,633 | R--- | C] () -- F:\Users\Moje cesky\Desktop\ComboFix.exe
[2010.06.29 13:53:02 | 009,246,208 | ---- | C] () -- F:\Users\Moje cesky\Documents\B 2_0001_LIVE.AVI
[2010.06.29 13:52:52 | 009,246,208 | ---- | C] () -- F:\Users\Moje cesky\Documents\B 2_0001.AVI
[2010.06.29 10:20:54 | 2137,120,768 | -HS- | C] () -- F:\hiberfil.sys
[2010.06.23 13:56:46 | 000,261,915 | ---- | C] () -- F:\Users\Moje cesky\Documents\Obraz044.jpg
[2010.06.23 13:41:47 | 000,627,452 | ---- | C] () -- F:\Users\Moje cesky\Documents\lada kresba.jpg
[2010.06.23 13:41:16 | 000,065,619 | ---- | C] () -- F:\Users\Moje cesky\Documents\DSC01358.JPG
[2010.06.23 13:40:50 | 000,097,165 | ---- | C] () -- F:\Users\Moje cesky\Documents\DSC01365.JPG
[2010.06.23 13:40:35 | 000,049,230 | ---- | C] () -- F:\Users\Moje cesky\Documents\DSC01377.JPG
[2010.06.23 13:39:52 | 000,076,834 | ---- | C] () -- F:\Users\Moje cesky\Documents\DSC01361.JPG
[2010.06.23 13:39:32 | 000,108,119 | ---- | C] () -- F:\Users\Moje cesky\Documents\DSC01336.JPG
[2010.06.23 13:39:23 | 000,101,066 | ---- | C] () -- F:\Users\Moje cesky\Documents\DSC01339.JPG
[2010.06.23 13:39:16 | 000,057,647 | ---- | C] () -- F:\Users\Moje cesky\Documents\DSC01322.JPG
[2010.06.15 22:34:59 | 000,000,680 | ---- | C] () -- F:\Users\Moje cesky\AppData\Local\d3d9caps.dat
[2010.06.15 17:07:20 | 000,073,665 | ---- | C] () -- F:\Users\Moje cesky\Documents\Adrenalinová akce s Jihlavou (3) (2).docx
[2010.06.11 16:10:33 | 000,000,165 | -H-- | C] () -- F:\Users\Moje cesky\Documents\~$Sešit1.xlsx
[2010.06.11 16:10:32 | 000,010,548 | ---- | C] () -- F:\Users\Moje cesky\Documents\Sešit1.xlsx
[2010.06.11 15:09:31 | 000,000,162 | -H-- | C] () -- F:\Users\Moje cesky\Documents\~$ník a služby v.docx
[2010.06.11 15:09:30 | 000,012,006 | ---- | C] () -- F:\Users\Moje cesky\Documents\Ceník a služby v.docx
[2010.06.11 13:27:50 | 000,011,723 | ---- | C] () -- F:\Users\Moje cesky\CV Miroslav Zemčík.mht
[2009.09.28 16:24:25 | 000,014,136 | ---- | C] () -- F:\Windows\System32\drivers\MemLock.sys
[2009.09.14 08:52:00 | 000,010,752 | ---- | C] () -- F:\Windows\System32\KOAZXJ_L.DLL
[2008.12.13 04:33:16 | 000,081,158 | ---- | C] () -- F:\Windows\System32\manage-bde.ini.en
[2008.02.11 20:55:18 | 000,147,456 | ---- | C] () -- F:\Windows\System32\igfxCoIn_v1437.dll
[2006.11.02 14:34:20 | 000,005,632 | ---- | C] () -- F:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- F:\Windows\System32\pacerprf.ini
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- F:\Windows\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- F:\Windows\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- F:\Windows\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- F:\Windows\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- F:\Windows\System32\ogg.dll
[2005.10.14 12:56:48 | 003,223,552 | ---- | C] () -- F:\Windows\System32\libavcodec.dll
[2005.10.14 12:56:48 | 000,540,672 | ---- | C] () -- F:\Windows\System32\libmplayer.dll
[2005.10.14 12:56:48 | 000,266,240 | ---- | C] () -- F:\Windows\System32\TomsMoComp_ff.dll
[2005.10.14 12:56:48 | 000,094,208 | ---- | C] () -- F:\Windows\System32\libmpeg2_ff.dll
[2005.10.14 12:56:48 | 000,077,824 | ---- | C] () -- F:\Windows\System32\MMSwitch.dll
[2005.05.06 20:06:00 | 000,016,480 | ---- | C] () -- F:\Windows\System32\rixdicon.dll
[2001.01.12 11:49:38 | 000,021,504 | ---- | C] () -- F:\Windows\System32\zlib.dll

========== LOP Check ==========

[2008.12.13 15:02:43 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\Ashampoo
[2009.09.30 00:19:12 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\Bullzip
[2009.09.21 13:37:38 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\ESET
[2010.01.08 11:50:05 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\Simulace_2009
[2008.12.13 18:41:59 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\uTorrent
[2010.06.30 10:53:29 | 000,032,624 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = F:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2008.01.19 00:33:32 | 001,233,920 | ---- | M] (Microsoft Corporation)
"ehTray.exe" = F:\Windows\ehome\ehTray.exe -- [2008.01.19 00:33:10 | 000,125,952 | ---- | M] (Microsoft Corporation)
"WMPNSCFG" = F:\Program Files\Windows Media Player\WMPNSCFG.exe -- [2008.01.19 00:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation)
"Skype" = "F:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized -- [2010.05.13 16:12:40 | 026,192,168 | R--- | M] (Skype Technologies S.A.)
"swg" = "F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2010.06.30 11:05:44 | 000,039,408 | ---- | M] (Google Inc.)

< c:\windows\*.* /U >
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.09.28 16:06:06 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\Adobe
[2008.12.13 15:02:43 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\Ashampoo
[2009.09.30 00:19:12 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\Bullzip
[2010.05.01 20:55:11 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\dvdcss
[2009.09.21 13:37:38 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\ESET
[2010.06.30 11:23:56 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\Google
[2008.12.13 01:42:14 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\Identities
[2008.12.13 03:30:19 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\Macromedia
[2006.11.02 14:35:50 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\Media Center Programs
[2010.05.18 18:11:08 | 000,000,000 | --SD | M] -- F:\Users\Moje cesky\AppData\Roaming\Microsoft
[2008.12.13 03:32:55 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\Mozilla
[2010.01.08 11:50:05 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\Simulace_2009
[2010.06.30 12:04:46 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\Skype
[2010.06.30 08:39:28 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\skypePM
[2008.12.13 18:41:59 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\uTorrent
[2008.12.13 14:18:21 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\vlc
[2008.12.13 14:01:08 | 000,000,000 | ---D | M] -- F:\Users\Moje cesky\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2009.10.27 11:57:34 | 000,010,134 | R--- | M] () -- F:\Users\Moje cesky\AppData\Roaming\Microsoft\Installer\{D43CDC11-B6DC-4339-8EB7-6C20C2BAB336}\_50F8B18502EFE1D5BC8E37.exe
[2009.10.27 11:57:34 | 000,010,134 | R--- | M] () -- F:\Users\Moje cesky\AppData\Roaming\Microsoft\Installer\{D43CDC11-B6DC-4339-8EB7-6C20C2BAB336}\_BFBFDB79B9AA46ABD24552.exe

< MD5 for: AGP440.SYS >
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- F:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- F:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- F:\Windows\ERDNT\cache\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- F:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- F:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- F:\Windows\ERDNT\cache\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- F:\Windows\System32\drivers\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- F:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- F:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- F:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.12.13 02:50:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- F:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.12.13 02:50:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- F:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.12.13 02:50:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- F:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.01.19 00:33:02 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- F:\Windows\System32\autochk.exe
[2008.01.19 00:33:02 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- F:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006.11.02 11:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- F:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.18 22:49:52 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- F:\Windows\System32\drivers\cdrom.sys
[2008.01.18 22:49:52 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- F:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008.01.18 22:49:52 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- F:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2006.11.02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- F:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- F:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- F:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- F:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2006.11.02 11:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- F:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\cryptsvc.dll
[2008.01.19 00:34:02 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- F:\Windows\ERDNT\cache\cryptsvc.dll
[2008.01.19 00:34:02 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- F:\Windows\System32\cryptsvc.dll
[2008.01.19 00:34:02 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- F:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2008.12.13 03:44:31 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- F:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.12.13 03:44:30 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- F:\Windows\ERDNT\cache\explorer.exe
[2008.12.13 03:44:30 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- F:\Windows\explorer.exe
[2008.12.13 03:44:30 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- F:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.12.13 03:44:29 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- F:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.12.13 03:02:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- F:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.12.13 03:02:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- F:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008.12.13 03:44:30 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- F:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- F:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 00:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- F:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2008.01.19 00:42:36 | 000,177,208 | ---- | M] (Microsoft Corporation) MD5=A00B0EDD048786E30EBB2DA65D9A8F74 -- F:\Windows\System32\hal.dll

< MD5 for: IASTORV.SYS >
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- F:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- F:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- F:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- F:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- F:\Windows\System32\drivers\isapnp.sys
[2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- F:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\isapnp.sys
[2008.01.19 00:42:16 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- F:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\isapnp.sys
[2008.01.19 00:42:16 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- F:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\isapnp.sys

< MD5 for: LSASS.EXE >
[2006.11.02 11:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- F:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2008.01.19 00:33:16 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- F:\Windows\ERDNT\cache\lsass.exe
[2008.01.19 00:33:16 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- F:\Windows\System32\lsass.exe
[2008.01.19 00:33:16 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- F:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe

< MD5 for: NDIS.SYS >
[2006.11.02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- F:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008.01.19 00:43:32 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- F:\Windows\ERDNT\cache\ndis.sys
[2008.01.19 00:43:32 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- F:\Windows\System32\drivers\ndis.sys
[2008.01.19 00:43:32 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- F:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- F:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- F:\Windows\ERDNT\cache\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- F:\Windows\System32\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- F:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008.01.19 00:43:02 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008.01.19 00:43:02 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- F:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- F:\Windows\System32\drivers\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- F:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- F:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- F:\Windows\ERDNT\cache\scecli.dll
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- F:\Windows\System32\scecli.dll
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- F:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- F:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< MD5 for: SMSS.EXE >
[2008.01.19 00:33:32 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- F:\Windows\System32\smss.exe
[2008.01.19 00:33:32 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- F:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2006.11.02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- F:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe

< MD5 for: SVCHOST.EXE >
[2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- F:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008.01.19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- F:\Windows\ERDNT\cache\svchost.exe
[2008.01.19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- F:\Windows\System32\svchost.exe
[2008.01.19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- F:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.12.13 02:45:55 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- F:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2008.12.13 02:45:55 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- F:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2006.11.02 10:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- F:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2008.01.19 00:43:40 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- F:\Windows\ERDNT\cache\tcpip.sys
[2008.01.19 00:43:40 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- F:\Windows\System32\drivers\tcpip.sys
[2008.01.19 00:43:40 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- F:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- F:\Windows\ERDNT\cache\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- F:\Windows\System32\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- F:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- F:\Windows\ERDNT\cache\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- F:\Windows\System32\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- F:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.01.19 00:37:10 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- F:\Windows\ERDNT\cache\ws2_32.dll
[2006.11.02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- F:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll
[2008.01.19 00:37:10 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\System32\ws2_32.dll
[2008.01.19 00:37:10 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.19 00:34:10 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\System32\dxtmsft.dll
[2008.01.19 00:34:10 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\System32\dxtrans.dll
[2008.01.19 00:38:04 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\System32\rsaenh.dll
[2008.01.19 00:36:12 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- F:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- F:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- F:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- F:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- F:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.19 00:34:10 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\System32\dxtmsft.dll
[2008.01.19 00:34:10 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\System32\dxtrans.dll
[2008.01.19 00:38:04 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\System32\rsaenh.dll
[2008.01.19 00:36:12 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\System32\SLC.dll

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.06.30 12:02:54 | 000,005,552 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.30 12:02:54 | 000,005,552 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.30 12:04:50 | 000,116,204 | ---- | M] () -- F:\Windows\System32\perfc005.dat
[2010.06.30 12:04:50 | 000,102,094 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2010.06.30 12:04:50 | 000,602,144 | ---- | M] () -- F:\Windows\System32\perfh005.dat
[2010.06.30 12:04:50 | 000,590,082 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2010.06.30 12:04:49 | 001,402,506 | ---- | M] () -- F:\Windows\System32\PerfStringBackup.INI
< End of report >

Lionelka · #14 Příspěvek od **Lionelka** » 30 čer 2010 11:48

Extras.Txt

OTL Extras logfile created on: 30.6.2010 12:01:48 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = F:\Users\Moje cesky\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files
Drive C: | 69,74 Gb Total Space | 36,85 Gb Free Space | 52,84% Space Free | Partition Type: NTFS
Drive D: | 5,20 Gb Total Space | 1,17 Gb Free Space | 22,46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 36,85 Gb Total Space | 9,52 Gb Free Space | 25,85% Space Free | Partition Type: NTFS
Drive G: | 3,73 Gb Total Space | 0,47 Gb Free Space | 12,56% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOJECESKY-PC
Current User Name: Moje cesky
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- F:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-237069233-1738439373-3822406637-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "F:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- F:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- F:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- F:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-237069233-1738439373-3822406637-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Users\Moje cesky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7NU22VQU\IMAGE464-facebook.com.JPG.jpg[2].exe" = F:\Windows\infocard.exe:*:Enabled:Firewall Admin -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021D4C2E-4738-488F-8AFE-5D3DE64A3467}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{10F87E4E-626D-46F1-9331-CA1D275BC116}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{114D8CFE-6832-4C15-B066-E1EEFD2DCB33}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{115D45DD-0FE5-45BF-B42C-DAEB9EB5B4A0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{43CE98B0-FF84-4B95-B306-1A881545614C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4471C665-3814-4A66-A1FD-CF4ACC61C961}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{44BE02EA-6C18-404D-AD38-F5E0345C4235}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4721DA1F-708E-492A-8458-5457594B9217}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4B87F73E-EFB2-4897-95E1-091209ECEA1B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{7C7D635B-BF9A-4F9E-9A5F-5EBDD7CD20B6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7CCBF705-95F2-48A5-A8CC-C0C871EAEA95}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7EDEB422-0941-4E85-8AB8-A5D10105EA1F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9346830E-CB37-48C1-BFA0-2E6775DC8096}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{9AAFD271-E50F-41C2-9E65-27CEA9112949}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A21B6B34-6640-4F4E-8EF0-BE18A33B50CD}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A6EB62C1-4825-4D71-A870-02431ECC1A3A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B14799B6-D765-4D49-AD54-55B9FAB40BFA}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B25327C0-9414-4495-A30A-E49AEE37B726}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{BAD09857-C992-4EB1-88A0-42C2402CFFE6}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{C0F20E8F-AF3C-4B81-82B6-F234D16B2F35}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DAE6FA13-D0BC-4AA0-A309-7362EE3937AA}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{DFE8CE49-DA28-4440-8C91-BD6998061EC2}" = lport=6004 | protocol=17 | dir=in | app=f:\program files\microsoft office\office12\outlook.exe |
"{E8C4D862-36FB-4343-A936-42D6C258567C}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{EA7A5754-71FC-4A42-9699-671D2F99DF28}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F17A5AB5-67A8-41F5-A487-BD1EA204DE37}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0366912E-CD34-454A-B1B2-4979B56772FD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0B4A075E-6732-4FF6-958C-B5A97A6F90FF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0DBA6389-8501-4C11-AB89-04F7271C2746}" = protocol=6 | dir=in | app=f:\program files\microsoft office\office12\groove.exe |
"{1026EE4D-05BC-4299-99A8-9B62981B6A4F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{10F85DAF-C206-4871-80CA-80D1738B403B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{14A0C1C2-2199-4939-8E1A-176A96D64226}" = dir=in | app=f:\program files\skype\phone\skype.exe |
"{222ECFF8-CEDE-4340-8161-265CCC2FF4C0}" = dir=in | app=f:\program files\skype\plugin manager\skypepm.exe |
"{2C275ACF-1CDD-4288-9404-5BA576F3DBED}" = dir=in | app=f:\program files\skype\phone\skype.exe |
"{2CCD01F9-BDFA-4926-BAF6-08658927A19A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2CF8E572-61BA-4441-AD84-14B8F4107116}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3306C768-92B9-4D8D-A169-146285C4E4DA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{330D9BFC-9BAA-4A9B-84F2-15E742D2BF7D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{365F65B9-B5F7-4F97-977D-E0755BC07197}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{39F5AED7-F3B1-487B-A698-C3E0438BA7E9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3A81006A-F88D-40F9-8D2E-58AFD5ADEE3E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3EBDFCBF-10F1-4C5C-B7E6-AF7EB6791337}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3FB5EF70-16FB-4AC9-AD09-FA14B1119CD2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{408F1461-67C2-4819-8D6E-943D33BFBF2B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4591B3E6-3047-4869-84B0-97725B4858C3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{49DC1F50-019F-458A-A680-AAF120C26175}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{547FE2FD-0C5C-4446-B10E-51F4C5198E0E}" = protocol=6 | dir=in | app=f:\program files\microsoft office\office12\onenote.exe |
"{6B91B69F-E066-4375-9EF9-88A44186EAD7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{75A749DF-246C-4E64-A395-A119810906F6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{769ECF08-2F7C-4DF8-804B-DFF66B82BC23}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7EA11BF2-F3B3-48FF-8FBE-6E7AC3C37B3F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{82E5D611-9EEC-4444-8891-32574103F812}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8A8A354D-2A0D-4EB0-B7AF-0E3CBDC74719}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9F6D25AA-11A1-44A4-90F4-5039A5CF96CB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A67CAFE8-FB6E-4139-9538-9B78686557E7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AFA5460D-B561-4F2A-8CFD-B0C1A227F5E3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B4E93B57-5F7A-41A1-AE6B-7CDE10769B6A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B8AA4C7F-1C7C-4B80-A44B-FF7BB6953CEE}" = protocol=17 | dir=in | app=f:\program files\microsoft office\office12\onenote.exe |
"{BA348C0B-6169-43FE-AFD9-59BF72C1A5F6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BB05E8EB-48CC-4E1B-8D2B-E5E798D17C5C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BEBF60F4-475A-49DF-B674-3AA0913FDA89}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C47A3470-4F4F-4109-BC43-7A36AC071C54}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C69C8B4C-CFFC-43C1-9F77-50D1FAE4AF81}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CBE7B69C-C16D-40FB-B79D-21CB5B450D5E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CCE0B5FC-B1AE-4BF0-8A15-E73A26D0815E}" = protocol=17 | dir=in | app=f:\program files\microsoft office\office12\groove.exe |
"{E545C693-AA6C-46EE-AAC6-8F329E6C50D1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F574FC76-E633-46BD-97A2-AF32E3191239}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FD74D545-6BE4-4C42-8058-5344CE3C029B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{39CDC80C-4330-4556-990D-1975211E2370}" = OpenOffice.org 2.3
"{7515B06B-F8F1-4A5B-81C7-BAB02EEA9A81}" = Abakus
"{7B6FC9C2-C5B4-4F58-8E50-1587236285D0}" = Simulace_2009
"{8075BC83-7F8F-4FE0-9792-685723B06713}" = ESET Smart Security
"{82B1150E-9B37-49FC-83EB-D52197D900D0}" = Sunbelt Personal Firewall
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Centrum zařízení Windows Mobile
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A91000000001}" = Adobe Reader 9.1 - Czech
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D43CDC11-B6DC-4339-8EB7-6C20C2BAB336}" = Install_Simulace_2009_min
"{DEA8E609-C9C4-4525-8359-6F999C185342}_is1" = TrustPort PC Security (Pouze odebrat)
"{E7044E25-3038-4A76-9064-344AC038043E}" = Aktualizace ovladače pro aplikaci Centrum zařízení Windows Mobile
"{EB5A819A-C4E9-49b3-B3E8-5488ACD25EAA}_is1" =
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 7_is1" = Ashampoo Burning Studio 7.10
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.865
"CCleaner" = CCleaner (remove only)
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FBDBServer_1_5_is1" = Firebird 1.5.5
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"Hledik - Poradce - AWD" = Poradce - AWD, verze 1.25/1
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"UltSounds" = Zvuková schémata systému Windows
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"VLC media player" = VLC media player 0.9.4
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#15 Příspěvek od **Caroprd111** » 30 čer 2010 12:31

Vyberte si jeden firewall, zbývající odinstalujte/deaktivujte.

Obrázek

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
IE - HKU\S-1-5-21-237069233-1738439373-3822406637-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010.06.29 22:31:13 | 000,000,000 | ---D | C] -- F:\Users\Moje cesky\AppData\Local\temp
[3 F:\Users\Moje cesky\Documents\*.tmp files -> F:\Users\Moje cesky\Documents\*.tmp -> ]

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

Klikněte na Opravit, PC se restartuje, log vložte sem.

VIRY.CZ

podezření na virus

podezření na virus

Re: podezření na virus

Re: podezření na virus

Re: podezření na virus

Re: podezření na virus

Re: podezření na virus

Re: podezření na virus

Re: podezření na virus

Re: podezření na virus

Re: podezření na virus

Re: podezření na virus

Re: podezření na virus

Re: podezření na virus

Re: podezření na virus

Re: podezření na virus