Dobrý večer,
prosím o kontrolu logu velmi pomalé PC, dochází k vytuhnutí a podobným věcem, pokud jsou třeba další informace, rád je dodám,ale nevím co je vše třeba. \předem díky
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:56:30, on 11.12.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17103)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\PDF Complete\pdfsvc.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\accelerometerST.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\System32\accelerometerST.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [zCpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0132421266410611) (0132421266410611mcinstcleanup) - Unknown owner - C:\DOCUME~1\admin\LOCALS~1\Temp\013242~1.EXE (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe
--
End of file - 10280 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kntrolu logu HJT
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
radekradek@seznam.cz
- Návštěvník
- Příspěvky: 36
- Registrován: 11 pro 2011 23:02
Prosím o kntrolu logu HJT
Naposledy upravil(a) vyosek dne 12 pro 2011 12:10, celkem upraveno 1 x.
Důvod: log odstranen z quote
Důvod: log odstranen z quote
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Prosím o kntrolu logu HJT
Zdravím. 
Dej mi minutku, hnedle se na to mrknu.
Dej mi minutku, hnedle se na to mrknu.
-
-
- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Prosím o kntrolu logu HJT
Tak jako první by bylo dobré, aby sis pročetl pravidla našeho fóra. Zjistili bys totiž, mimo jiné, že už delší dobu nepoužíváme jako úvodní scan HJT, ale RSIT, je podrobnější. Mno ale něco s tím uděláme. Takže v nabídce Přidat nebo odebrat programy odinstaluj všechny nepotřebné toolbary! Jsou to veliká "zdržovadla" systému a v případě například Ask.com Toolbar, Conduit Engine a dalších se dá hovořit už i o havěti. Máš jich tam na můj vkus dost. Aktualizuj MS Internet Explorer na poslední verzi. I když používáš prohlížeč Mozilla Firefox, aktualizace řeší spoustu problémů i v systému samotném. Spyware Terminator odeber v jeho nastaveních ze spouštění po startu a ponech si jej pouze na občasné scany. Jako antivir tam máš MSE, tak doufám, že u Spyware Terminator nemáš aktivovanou antivirovou ochranu - dva antiviry v počítači způsobují kolize. Odeber program Skype v jeho nastaveních ze spouštění po startu systému a spouštěj ho ručně podle potřeby.
Logy prosím nevkládej do Quote ani do Code, nedá se to číst!! Fixni v HJT tyto položky:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [zCpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
"Fixnout" znamená, že spustíš HJT, zvolíš možnost [Do a system scan only] a zaškrtneš čtvereček vlevo od mnou vypsaných položek. Poté klikneš na [Fix checked] a odsouhlasíš [ANO].
HJT najdeš zde: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
Dále stáhni a nainstaluj Malwarebytes' Anti-Malware (zkráceně MBAM) podle návodu z tohoto topicu.
- Proveď aktualizaci virové databáze.
- V záložce Kontrolor zvol Úplná kontrola a zaškrtni všechny pevné disky, které máš na počítači.
- Předem nic nemaž!!
- MBAM mívá občas falešné detekce, proto vlož jeho log do příspěvku a počkej na posouzení!
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
-
radekradek@seznam.cz
- Návštěvník
- Příspěvky: 36
- Registrován: 11 pro 2011 23:02
Re: Prosím o kntrolu logu HJT
díky díky, vrhám se na to 
..a omlouvám se za to vložení..
..a omlouvám se za to vložení..-
radekradek@seznam.cz
- Návštěvník
- Příspěvky: 36
- Registrován: 11 pro 2011 23:02
Re: Prosím o kntrolu logu HJT
tak jsem udělal snad vše co je zde napsáno.
zde je log.Malwarebytes' Anti-Malware
www.malwarebytes.org
Verze databáze:
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
24.12.2011 17:08:26
mbam-log-2011-12-24 (17-08-12).txt
Typ: Úplná kontrola (C:\|)
Kontrolované objekty: 224320
Uplynulý čas: 41 minut, 53 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 1
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
zde je log.Malwarebytes' Anti-Malware
www.malwarebytes.org
Verze databáze:
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
24.12.2011 17:08:26
mbam-log-2011-12-24 (17-08-12).txt
Typ: Úplná kontrola (C:\|)
Kontrolované objekty: 224320
Uplynulý čas: 41 minut, 53 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 1
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Prosím o kntrolu logu HJT
Nález MBAMu dej odstranit a poté můžeš MBAM odinstalovat.
Provedl jsi vše, co jsem Ti psal? Jestli ano, hoď mi sem ještě log z OTL. Stáhni OTL z tohoto odkazu a ulož jej na Plochu.
- Pokud používáš Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
- Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej.
- Zaškrtni okénko Pro všechny uživatele.
- Zaškrtni okénko Kontrola na havěť "LOP".
- Zaškrtni okénko Kontrola na havěť "Purity".
- Stáři souborů změň z 30 dnů na 7 dnů!
- Do spodního okénka Vlastní skenování/opravy vlož tento script:
Kód: Vybrat vše
CREATERESTOREPOINT
netsvc
drivers32
savembr:0
/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
%userprofile%\Plocha\*.*
%userprofile%\Desktop\*.*
%ALLUSERSPROFILE%\Plocha\*.*
%ALLUSERSPROFILE%\Desktop\*.*
*crack* /s
*keygen* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*KMSEmulator* /s
*activator* /s
*serial* /s
*w7lxe* /s
*AutoRearm* /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5- Klikni na tlačítko [Prohledat].
- Po dokončení skenu se objeví logy OTL.txt a Extras.txt, oba mi sem vlož.
- Logy se nevejdou do jednoho, rozděl je tedy prosím do více příspěvků.
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
-
radekradek@seznam.cz
- Návštěvník
- Příspěvky: 36
- Registrován: 11 pro 2011 23:02
Re: Prosím o kntrolu logu HJT
tak OTL je zde
OTL logfile created on: 25.12.2011 15:48:58 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Marek\Dokumenty\Stažené soubory
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1015,36 Mb Total Physical Memory | 475,35 Mb Available Physical Memory | 46,82% Memory free
2,38 Gb Paging File | 1,92 Gb Available in Paging File | 80,57% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 115,77 Gb Free Space | 77,68% Space Free | Partition Type: NTFS
Drive D: | 3,73 Gb Total Space | 0,13 Gb Free Space | 3,41% Space Free | Partition Type: FAT32
Computer Name: SKBARTONI-NOTAS | User Name: Marek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2011.12.25 15:45:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marek\Dokumenty\Stažené soubory\OTL(2).exe
PRC - [2011.11.25 22:42:53 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.11.22 04:21:02 | 003,621,040 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2011.11.22 04:20:52 | 002,779,824 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2011.11.22 04:19:58 | 000,482,992 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\st_rsser.exe
PRC - [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010.12.08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2009.06.18 08:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009.04.07 16:53:06 | 000,070,200 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2008.12.16 18:37:46 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.12.16 18:37:36 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.12.11 14:23:08 | 001,456,768 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008.12.11 14:23:08 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.08.11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
========== Modules (No Company Name) ==========
MOD - [2011.12.24 15:45:54 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011.11.25 22:42:54 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011.10.15 12:19:14 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011.10.15 12:16:36 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011.10.15 12:07:34 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011.10.15 12:07:21 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011.10.15 12:06:41 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011.10.15 12:03:18 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011.10.15 12:02:47 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2008.12.11 14:22:10 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008.12.11 14:20:20 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2008.04.14 07:51:48 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (0132421266410611mcinstcleanup) McAfee Application Installer Cleanup (0132421266410611)
SRV - [2011.11.22 04:19:58 | 000,482,992 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)
SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.12.08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010.12.08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010.11.08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009.06.18 08:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009.06.04 09:10:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\WINDOWS\system32\yk51x86.dll -- (yksvc)
SRV - [2008.12.16 18:37:46 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
========== Driver Services (SafeList) ==========
DRV - [2011.12.25 15:39:44 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{549C137D-439D-4F71-BD6A-9DE35D5041E8}\MpKsl77ebd8e2.sys -- (MpKsl77ebd8e2)
DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010.12.08 13:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010.02.17 15:11:54 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009.06.04 09:10:00 | 000,297,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2009.03.26 14:39:14 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009.03.19 10:40:10 | 000,009,216 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009.01.14 16:16:20 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2009.01.14 16:16:20 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009.01.14 16:16:18 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009.01.14 16:16:18 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009.01.14 16:16:18 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008.08.11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008.08.11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008.05.23 12:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008.05.23 12:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.03.28 12:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2001.10.24 11:04:44 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60747
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60747
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60747
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..keyword.URL: "http://www.crawler.com/search/dispatche ... 60747&qkw="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
OTL logfile created on: 25.12.2011 15:48:58 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Marek\Dokumenty\Stažené soubory
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1015,36 Mb Total Physical Memory | 475,35 Mb Available Physical Memory | 46,82% Memory free
2,38 Gb Paging File | 1,92 Gb Available in Paging File | 80,57% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 115,77 Gb Free Space | 77,68% Space Free | Partition Type: NTFS
Drive D: | 3,73 Gb Total Space | 0,13 Gb Free Space | 3,41% Space Free | Partition Type: FAT32
Computer Name: SKBARTONI-NOTAS | User Name: Marek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2011.12.25 15:45:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marek\Dokumenty\Stažené soubory\OTL(2).exe
PRC - [2011.11.25 22:42:53 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.11.22 04:21:02 | 003,621,040 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2011.11.22 04:20:52 | 002,779,824 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2011.11.22 04:19:58 | 000,482,992 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\st_rsser.exe
PRC - [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010.12.08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2009.06.18 08:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009.04.07 16:53:06 | 000,070,200 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2008.12.16 18:37:46 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.12.16 18:37:36 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.12.11 14:23:08 | 001,456,768 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008.12.11 14:23:08 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.08.11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
========== Modules (No Company Name) ==========
MOD - [2011.12.24 15:45:54 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011.11.25 22:42:54 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011.10.15 12:19:14 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011.10.15 12:16:36 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011.10.15 12:07:34 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011.10.15 12:07:21 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011.10.15 12:06:41 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011.10.15 12:03:18 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011.10.15 12:02:47 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2008.12.11 14:22:10 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008.12.11 14:20:20 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2008.04.14 07:51:48 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (0132421266410611mcinstcleanup) McAfee Application Installer Cleanup (0132421266410611)
SRV - [2011.11.22 04:19:58 | 000,482,992 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)
SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.12.08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010.12.08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010.11.08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009.06.18 08:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009.06.04 09:10:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\WINDOWS\system32\yk51x86.dll -- (yksvc)
SRV - [2008.12.16 18:37:46 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
========== Driver Services (SafeList) ==========
DRV - [2011.12.25 15:39:44 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{549C137D-439D-4F71-BD6A-9DE35D5041E8}\MpKsl77ebd8e2.sys -- (MpKsl77ebd8e2)
DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010.12.08 13:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010.02.17 15:11:54 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009.06.04 09:10:00 | 000,297,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2009.03.26 14:39:14 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009.03.19 10:40:10 | 000,009,216 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009.01.14 16:16:20 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2009.01.14 16:16:20 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009.01.14 16:16:18 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009.01.14 16:16:18 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009.01.14 16:16:18 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008.08.11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008.08.11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008.05.23 12:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008.05.23 12:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.03.28 12:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2001.10.24 11:04:44 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60747
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60747
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60747
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..keyword.URL: "http://www.crawler.com/search/dispatche ... 60747&qkw="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Naposledy upravil(a) radekradek@seznam.cz dne 25 pro 2011 16:25, celkem upraveno 1 x.
-
radekradek@seznam.cz
- Návštěvník
- Příspěvky: 36
- Registrován: 11 pro 2011 23:02
Re: Prosím o kntrolu logu HJT
a extras je tady:
OTL Extras logfile created on: 25.12.2011 15:48:58 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Marek\Dokumenty\Stažené soubory
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1015,36 Mb Total Physical Memory | 475,35 Mb Available Physical Memory | 46,82% Memory free
2,38 Gb Paging File | 1,92 Gb Available in Paging File | 80,57% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 115,77 Gb Free Space | 77,68% Space Free | Partition Type: NTFS
Drive D: | 3,73 Gb Total Space | 0,13 Gb Free Space | 3,41% Space Free | Partition Type: FAT32
Computer Name: SKBARTONI-NOTAS | User Name: Marek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Spyware Terminator\SpywareTerminator.exe" = C:\Program Files\Spyware Terminator\SpywareTerminator.exe:*:Enabled:Spyware Terminator 2012 -- (Crawler.com)
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator 2012 -- (Crawler.com)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office 5.0.59
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{39FE455F-9478-451B-9420-73C15143DF8E}" = Corel Home Office - IPM
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{484B100E-6FBE-4631-BC55-5F872FD8E020}" = HP Wireless Assistant
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A3881D0-E64A-4416-8019-8A993CDAAB39}" = HP Wallpaper
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_PROHYBRIDR_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_PROHYBRIDR_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_PROHYBRIDR_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EBC9CBC-F0F4-4BA3-A5FD-A034A5C2388D}" = HP Software Setup
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.6 - Czech
"{AFE31552-7CF5-4521-B2CE-4B5E136A1726}" = HP 3D DriveGuard
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD86C297-41C7-4DB5-82C4-98DE3399A2EF}" = Asistent pro přihlášení ke službě Windows Live
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{F4ABF514-E8EC-425C-B715-FD134231ECAA}" = HP User Guides 0145
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FA3215C7-7032-4D4D-B21F-C9D941749283}" = Corel Home Office 5.0.59
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bezdrátový adaptér Broadcom 802.11 LAN" = Bezdrátový adaptér Broadcom 802.11 LAN
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware verze 1.51.2.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDF Complete" = PDF Complete Special Edition
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"uTorrent" = µTorrent
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.11.2011 3:27:49 | Computer Name = SKBARTONI-NOTAS | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
Error - 26.11.2011 17:21:09 | Computer Name = SKBARTONI-NOTAS | Source = Application Error | ID = 1000
Description = Chybující aplikace spywareterminatorshield.exe, verze 3.0.0.30, chybující
modul kernel32.dll, verze 5.1.2600.5781, adresa chyby 0x00012afb.
Error - 4.12.2011 8:49:11 | Computer Name = SKBARTONI-NOTAS | Source = Application Error | ID = 1000
Description = Chybující aplikace spywareterminatorshield.exe, verze 3.0.0.30, chybující
modul kernel32.dll, verze 5.1.2600.5781, adresa chyby 0x00012afb.
Error - 12.12.2011 6:13:34 | Computer Name = SKBARTONI-NOTAS | Source = Application Error | ID = 1000
Description = Chybující aplikace spywareterminatorshield.exe, verze 3.0.0.30, chybující
modul kernel32.dll, verze 5.1.2600.5781, adresa chyby 0x00012afb.
Error - 17.12.2011 8:29:29 | Computer Name = SKBARTONI-NOTAS | Source = Application Error | ID = 1000
Description = Chybující aplikace spywareterminatorshield.exe, verze 3.0.0.30, chybující
modul kernel32.dll, verze 5.1.2600.5781, adresa chyby 0x00012afb.
Error - 21.12.2011 3:12:02 | Computer Name = SKBARTONI-NOTAS | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.
Error - 23.12.2011 19:49:03 | Computer Name = SKBARTONI-NOTAS | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 3.0.8402.0, P3 timeout, P4 1.1.7903.0, P5 fixed, P6 2 _ 1024, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.
Error - 23.12.2011 19:49:07 | Computer Name = SKBARTONI-NOTAS | Source = Application Error | ID = 1000
Description = Chybující aplikace spywareterminatorshield.exe, verze 3.0.0.30, chybující
modul kernel32.dll, verze 5.1.2600.5781, adresa chyby 0x00012afb.
Error - 23.12.2011 19:49:08 | Computer Name = SKBARTONI-NOTAS | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 3.0.8402.0, P3 timeout, P4 1.1.7903.0, P5 fixed, P6 2 _ 1024, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.
Error - 24.12.2011 10:44:34 | Computer Name = SKBARTONI-NOTAS | Source = Application Error | ID = 1000
Description = Chybující aplikace spywareterminatorshield.exe, verze 3.0.0.30, chybující
modul kernel32.dll, verze 5.1.2600.5781, adresa chyby 0x00012afb.
[ OSession Events ]
Error - 8.11.2011 15:37:55 | Computer Name = SKBARTONI-NOTAS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1443
seconds with 180 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 24.12.2011 9:34:02 | Computer Name = SKBARTONI-NOTAS | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126
Error - 24.12.2011 9:34:02 | Computer Name = SKBARTONI-NOTAS | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126
Error - 24.12.2011 9:34:02 | Computer Name = SKBARTONI-NOTAS | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126
Error - 24.12.2011 9:34:02 | Computer Name = SKBARTONI-NOTAS | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126
Error - 24.12.2011 9:34:02 | Computer Name = SKBARTONI-NOTAS | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126
Error - 24.12.2011 9:34:02 | Computer Name = SKBARTONI-NOTAS | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126
Error - 24.12.2011 11:23:56 | Computer Name = SKBARTONI-NOTAS | Source = Service Control Manager | ID = 7000
Description = Služba MBAMSwissArmy neuspěla při spuštění v důsledku následující
chyby: %%2
Error - 24.12.2011 13:28:16 | Computer Name = SKBARTONI-NOTAS | Source = PlugPlayManager | ID = 12
Description = Zařízení Marvell Yukon 88E8072 PCI-E Gigabit Ethernet Controller (PCI\VEN_11AB&DEV_436C&SUBSYS_3632103C&REV_10\4&31492cb6&0&00E3)
se již v systému nenachází, aniž by bylo nejdříve připraveno k odstranění.
Error - 25.12.2011 9:53:30 | Computer Name = SKBARTONI-NOTAS | Source = Service Control Manager | ID = 7000
Description = Služba MBAMSwissArmy neuspěla při spuštění v důsledku následující
chyby: %%2
Error - 25.12.2011 10:37:48 | Computer Name = SKBARTONI-NOTAS | Source = Service Control Manager | ID = 7000
Description = Služba MBAMSwissArmy neuspěla při spuštění v důsledku následující
chyby: %%2
< End of report >
OTL Extras logfile created on: 25.12.2011 15:48:58 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Marek\Dokumenty\Stažené soubory
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1015,36 Mb Total Physical Memory | 475,35 Mb Available Physical Memory | 46,82% Memory free
2,38 Gb Paging File | 1,92 Gb Available in Paging File | 80,57% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 115,77 Gb Free Space | 77,68% Space Free | Partition Type: NTFS
Drive D: | 3,73 Gb Total Space | 0,13 Gb Free Space | 3,41% Space Free | Partition Type: FAT32
Computer Name: SKBARTONI-NOTAS | User Name: Marek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Spyware Terminator\SpywareTerminator.exe" = C:\Program Files\Spyware Terminator\SpywareTerminator.exe:*:Enabled:Spyware Terminator 2012 -- (Crawler.com)
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator 2012 -- (Crawler.com)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office 5.0.59
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{39FE455F-9478-451B-9420-73C15143DF8E}" = Corel Home Office - IPM
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{484B100E-6FBE-4631-BC55-5F872FD8E020}" = HP Wireless Assistant
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A3881D0-E64A-4416-8019-8A993CDAAB39}" = HP Wallpaper
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_PROHYBRIDR_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_PROHYBRIDR_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_PROHYBRIDR_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EBC9CBC-F0F4-4BA3-A5FD-A034A5C2388D}" = HP Software Setup
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.6 - Czech
"{AFE31552-7CF5-4521-B2CE-4B5E136A1726}" = HP 3D DriveGuard
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD86C297-41C7-4DB5-82C4-98DE3399A2EF}" = Asistent pro přihlášení ke službě Windows Live
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{F4ABF514-E8EC-425C-B715-FD134231ECAA}" = HP User Guides 0145
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FA3215C7-7032-4D4D-B21F-C9D941749283}" = Corel Home Office 5.0.59
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bezdrátový adaptér Broadcom 802.11 LAN" = Bezdrátový adaptér Broadcom 802.11 LAN
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware verze 1.51.2.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDF Complete" = PDF Complete Special Edition
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"uTorrent" = µTorrent
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.11.2011 3:27:49 | Computer Name = SKBARTONI-NOTAS | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
Error - 26.11.2011 17:21:09 | Computer Name = SKBARTONI-NOTAS | Source = Application Error | ID = 1000
Description = Chybující aplikace spywareterminatorshield.exe, verze 3.0.0.30, chybující
modul kernel32.dll, verze 5.1.2600.5781, adresa chyby 0x00012afb.
Error - 4.12.2011 8:49:11 | Computer Name = SKBARTONI-NOTAS | Source = Application Error | ID = 1000
Description = Chybující aplikace spywareterminatorshield.exe, verze 3.0.0.30, chybující
modul kernel32.dll, verze 5.1.2600.5781, adresa chyby 0x00012afb.
Error - 12.12.2011 6:13:34 | Computer Name = SKBARTONI-NOTAS | Source = Application Error | ID = 1000
Description = Chybující aplikace spywareterminatorshield.exe, verze 3.0.0.30, chybující
modul kernel32.dll, verze 5.1.2600.5781, adresa chyby 0x00012afb.
Error - 17.12.2011 8:29:29 | Computer Name = SKBARTONI-NOTAS | Source = Application Error | ID = 1000
Description = Chybující aplikace spywareterminatorshield.exe, verze 3.0.0.30, chybující
modul kernel32.dll, verze 5.1.2600.5781, adresa chyby 0x00012afb.
Error - 21.12.2011 3:12:02 | Computer Name = SKBARTONI-NOTAS | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.
Error - 23.12.2011 19:49:03 | Computer Name = SKBARTONI-NOTAS | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 3.0.8402.0, P3 timeout, P4 1.1.7903.0, P5 fixed, P6 2 _ 1024, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.
Error - 23.12.2011 19:49:07 | Computer Name = SKBARTONI-NOTAS | Source = Application Error | ID = 1000
Description = Chybující aplikace spywareterminatorshield.exe, verze 3.0.0.30, chybující
modul kernel32.dll, verze 5.1.2600.5781, adresa chyby 0x00012afb.
Error - 23.12.2011 19:49:08 | Computer Name = SKBARTONI-NOTAS | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 3.0.8402.0, P3 timeout, P4 1.1.7903.0, P5 fixed, P6 2 _ 1024, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.
Error - 24.12.2011 10:44:34 | Computer Name = SKBARTONI-NOTAS | Source = Application Error | ID = 1000
Description = Chybující aplikace spywareterminatorshield.exe, verze 3.0.0.30, chybující
modul kernel32.dll, verze 5.1.2600.5781, adresa chyby 0x00012afb.
[ OSession Events ]
Error - 8.11.2011 15:37:55 | Computer Name = SKBARTONI-NOTAS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1443
seconds with 180 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 24.12.2011 9:34:02 | Computer Name = SKBARTONI-NOTAS | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126
Error - 24.12.2011 9:34:02 | Computer Name = SKBARTONI-NOTAS | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126
Error - 24.12.2011 9:34:02 | Computer Name = SKBARTONI-NOTAS | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126
Error - 24.12.2011 9:34:02 | Computer Name = SKBARTONI-NOTAS | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126
Error - 24.12.2011 9:34:02 | Computer Name = SKBARTONI-NOTAS | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126
Error - 24.12.2011 9:34:02 | Computer Name = SKBARTONI-NOTAS | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126
Error - 24.12.2011 11:23:56 | Computer Name = SKBARTONI-NOTAS | Source = Service Control Manager | ID = 7000
Description = Služba MBAMSwissArmy neuspěla při spuštění v důsledku následující
chyby: %%2
Error - 24.12.2011 13:28:16 | Computer Name = SKBARTONI-NOTAS | Source = PlugPlayManager | ID = 12
Description = Zařízení Marvell Yukon 88E8072 PCI-E Gigabit Ethernet Controller (PCI\VEN_11AB&DEV_436C&SUBSYS_3632103C&REV_10\4&31492cb6&0&00E3)
se již v systému nenachází, aniž by bylo nejdříve připraveno k odstranění.
Error - 25.12.2011 9:53:30 | Computer Name = SKBARTONI-NOTAS | Source = Service Control Manager | ID = 7000
Description = Služba MBAMSwissArmy neuspěla při spuštění v důsledku následující
chyby: %%2
Error - 25.12.2011 10:37:48 | Computer Name = SKBARTONI-NOTAS | Source = Service Control Manager | ID = 7000
Description = Služba MBAMSwissArmy neuspěla při spuštění v důsledku následující
chyby: %%2
< End of report >
-
radekradek@seznam.cz
- Návštěvník
- Příspěvky: 36
- Registrován: 11 pro 2011 23:02
Re: Prosím o kntrolu logu HJT
OTL druhá část:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.25 22:43:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.25 22:43:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6173\FF\
[2010.07.02 14:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Extensions
[2011.12.25 15:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions
[2010.07.23 20:58:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.10 07:24:29 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011.01.27 22:26:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\engine@conduit.com
[2011.12.24 01:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.11.14 22:42:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2011.03.13 17:23:26 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.03.13 17:23:26 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2011.03.13 17:23:26 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.03.13 17:23:26 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.03.13 17:23:26 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2004.08.18 09:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E41EB5B8-965E-4163-B089-737454CCE0AB}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O21 - SSODL: PostBootReminder - - - No CLSID value found.
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\HP Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Wallpaper.bmp
O32 - Unable to read "AutoRun" value or value not present!
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2011.12.24 16:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Data aplikací\Malwarebytes
[2011.12.24 16:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.12.24 16:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.12.24 16:22:06 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.24 16:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.24 15:50:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Marek\PrivacIE
[2011.12.24 15:42:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Marek\IETldCache
[2011.12.24 15:34:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011.12.24 15:28:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.12.24 15:17:56 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011.12.24 01:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Plocha\displayecard.php_soubory
[2010.02.17 13:28:23 | 000,203,312 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010.02.17 13:28:20 | 000,256,560 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2011.12.25 15:52:05 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.12.25 15:44:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.12.25 15:43:17 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.25 15:39:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.25 15:39:28 | 1064,751,104 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.25 09:03:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.12.24 16:22:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.12.24 15:46:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.12.24 15:01:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.24 01:19:50 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\displayecard.php.htm
[2011.12.24 00:49:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.12.18 19:38:10 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.12.25 15:52:05 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.12.24 16:22:14 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.12.24 01:19:49 | 000,002,155 | ---- | C] () -- C:\Documents and Settings\Marek\Plocha\displayecard.php.htm
[2011.11.05 12:28:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011.08.26 19:45:03 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.30 20:44:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.03.08 10:10:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.03.07 21:08:52 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
[2010.07.02 14:51:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.02.21 20:26:46 | 000,001,056 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\KGyGaAvL.sys
[2010.02.17 17:40:12 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\fusioncache.dat
[2010.02.17 16:44:02 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.02.17 13:28:23 | 001,765,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010.02.17 13:28:23 | 000,034,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010.02.17 13:28:23 | 000,027,184 | ---- | C] () -- C:\WINDOWS\snuvcdsm.exe
[2010.02.17 13:28:23 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2009.07.11 03:44:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.07.11 03:44:22 | 000,029,132 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.12.11 14:22:10 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2004.09.08 11:27:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004.09.08 11:26:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.09.08 11:22:54 | 000,444,810 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.09.08 11:22:54 | 000,441,772 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2004.09.08 11:22:54 | 000,084,388 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2004.09.08 11:22:54 | 000,072,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.09.08 11:16:56 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.09.08 11:11:36 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.09.08 11:09:04 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.18 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.18 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.18 09:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2004.08.18 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.18 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.18 09:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2004.08.18 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.18 09:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.18 09:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.18 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.05.28 09:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002.05.28 09:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2011.12.24 17:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LogMeIn
[2011.12.21 07:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PDFC
[2011.12.25 14:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2011.01.22 13:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Mikrotik
[2011.05.04 19:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\PriceGong
[2011.11.05 12:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Spyware Terminator
[2011.07.21 12:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\uTorrent
[2011.12.25 15:44:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ==========
========== Custom Scans ==========
< >
< VIRY.CZ >
< * Odhlásit [ radekradek@seznam.cz ] * 0 nových zpráv * FAQ * Hledat * Členové * Uživatelský panel >
< Poslední návštěva: včera, 17:10 Právě je 25 pro 2011 15:45 >
< >
< Vyhledat témata bez odpovědí | Zobrazit aktivní témata Zobrazit nepřečtené příspěvky | Zobrazit nové příspěvky | Zobrazit vaše příspěvky >
< >
< Obsah fóra » Havěť - viry, spyware, rootkity » Řešení problémů, logy >
< >
< Všechny časy jsou v UTC + 1 hodina >
< >
< Pravidla fóra >
< >
< Pokud chcete pomoc, vložte log z RSIT: viewtopic.php?f=13&t=105895 >
< >
< Prosím o kntrolu logu HJT >
< >
< Moderátor: Moderátoři >
< >
< >
< Odeslat nové téma Odpovědět na téma Stránka 1 z 1 >
< [ Příspěvků: 6 ] >
< Ukončit sledování tohoto tématu | Přidat do záložek | Verze pro tisk | Napsat e-mail Předchozí téma | Následující téma >
< Autor Zpráva >
< radekradek@seznam.cz >
< Předmět příspěvku: Prosím o kntrolu logu HJT >
< PříspěvekNapsal: 11 pro 2011 23:09 >
< Online >
< Návštěvník >
< Návštěvník >
< >
< Registrován: 11 pro 2011 23:02 >
< Příspěvky: 3 >
< Dobrý večer, >
< >
< prosím o kontrolu logu velmi pomalé PC, dochází k vytuhnutí a podobným věcem, pokud jsou třeba další informace, rád je dodám,ale nevím co je vše třeba. \předem díky >
< >
< Logfile of Trend Micro HijackThis v2.0.4 >
< Scan saved at 22:56:30, on 11.12.2011 >
< Platform: Windows XP SP3 (WinNT 5.01.2600) >
< MSIE: Internet Explorer v7.00 (7.00.6000.17103) >
< Boot mode: Normal >
< >
< Running processes: >
< C:\WINDOWS\System32\smss.exe >
[2008.04.14 07:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smss.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
< C:\WINDOWS\system32\winlogon.exe >
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\WINDOWS\system32\services.exe >
[2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\WINDOWS\system32\lsass.exe >
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\WINDOWS\system32\svchost.exe >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe >
[2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
< C:\WINDOWS\System32\svchost.exe >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
< C:\WINDOWS\System32\svchost.exe >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
< C:\WINDOWS\system32\spoolsv.exe >
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe >
[2010.12.08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
< C:\Program Files\PDF Complete\pdfsvc.exe >
[2009.06.18 08:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
< c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe >
[2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
< C:\Program Files\Spyware Terminator\st_rsser.exe >
[2011.11.22 04:19:58 | 000,482,992 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\st_rsser.exe
< C:\WINDOWS\system32\svchost.exe >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe >
[2008.12.16 18:37:46 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
< C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe >
[2008.12.11 14:23:08 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
< C:\WINDOWS\Explorer.EXE >
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
< C:\WINDOWS\System32\accelerometerST.exe >
[2009.04.07 16:53:06 | 000,070,200 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\accelerometerST.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
< C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe >
[2008.12.16 18:37:36 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
< C:\WINDOWS\system32\hkcmd.exe >
[2008.02.28 16:00:04 | 000,166,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\WINDOWS\system32\igfxpers.exe >
[2008.02.28 16:00:14 | 000,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\Program Files\Synaptics\SynTP\SynTPEnh.exe >
[2009.06.08 19:18:16 | 001,434,920 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
< C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe >
[2009.05.11 14:19:34 | 000,513,080 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
< C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe >
[2009.04.15 07:57:32 | 000,181,816 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
< C:\Program Files\Analog Devices\Core\smax4pnp.exe >
[2009.04.14 16:58:24 | 001,044,480 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
< C:\WINDOWS\system32\igfxsrvc.exe >
[2008.02.28 16:00:16 | 000,256,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\Program Files\LogMeIn\x86\LogMeInSystray.exe >
[2008.08.11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
< C:\Program Files\Microsoft Security Client\msseces.exe >
[2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
< C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe >
[2008.10.23 11:46:02 | 000,223,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
< C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe >
[2011.11.22 04:20:52 | 002,779,824 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
< C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe >
[2009.04.23 15:48:56 | 000,239,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
< C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe >
[2011.11.22 04:21:02 | 003,621,040 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
< C:\WINDOWS\system32\ctfmon.exe >
[2008.04.14 07:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\Program Files\Skype\Phone\Skype.exe >
[2011.10.13 09:27:14 | 017,351,304 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
< C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe >
[2008.12.11 14:23:08 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
< C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe >
[2008.10.22 09:32:20 | 000,628,016 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
< C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE >
[2008.12.11 14:23:08 | 001,456,768 | ---- | M] (Broadcom Corporation.) -- C:\PROGRA~1\WIDCOMM\BLUETO~1\BTStackServer.exe
< C:\Program Files\Mozilla Firefox\firefox.exe >
[2011.11.25 22:42:53 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
< C:\Program Files\Mozilla Firefox\plugin-container.exe >
[2011.11.25 22:42:57 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
< C:\WINDOWS\system32\msiexec.exe >
[2008.05.19 00:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msiexec.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe >
[2010.03.25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
< >
< R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com >
Invalid Switch: search.live.com
< R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb >
Invalid Switch: rdr?TYPE= ... ll&pf=cmnb
< R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 >
Invalid Switch: ?LinkId=69157
< R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 >
Invalid Switch: ?LinkId=54896
< R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 >
Invalid Switch: ?LinkId=54896
< R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 >
Invalid Switch: ?LinkId=69157
< R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx >
Invalid Switch: sphome.aspx
< R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb >
Invalid Switch: rdr?TYPE= ... ll&pf=cmnb
< R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy >
< R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll >
< O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll >
< O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll >
< O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) >
< O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll >
< O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll >
< O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll >
< O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll >
< O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) >
< O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll >
< O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll >
< O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll >
< O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\System32\accelerometerST.exe >
< O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe >
< O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe >
< O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe >
< O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe >
< O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe >
< O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe >
< O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe >
< O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start >
Invalid Switch: Start
< O4 - HKLM\..\Run: [zCpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe >
< O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe >
< O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray >
Invalid Switch: tray
< O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" >
< O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" >
< O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" >
< O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey >
< O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" >
< O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe >
< O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe >
< O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe >
< O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized >
< O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') >
< O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') >
< O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') >
< O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') >
< O4 - Global Startup: Bluetooth.lnk = ? >
< O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 >
< O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm >
< O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm >
< O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll >
< O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll >
< O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL >
< O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm >
< O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm >
< O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe >
< O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe >
< O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe >
< O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe >
< O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb >
Invalid Switch: rdr?TYPE=3&tp=iehome&locale=cs_cz&c=92&bd=all&pf=cmnb
< O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll >
< O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll >
< O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll >
< O23 - Service: McAfee Application Installer Cleanup (0132421266410611) (0132421266410611mcinstcleanup) - Unknown owner - C:\DOCUME~1\admin\LOCALS~1\Temp\013242~1.EXE (file missing) >
< O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe >
< O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe >
< O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe >
< O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe >
< O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe >
< O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe >
< O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe >
< O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe >
< >
< -- >
< End of file - 10280 bytes >
< >
< >
< Naposledy upravil vyosek dne 12 pro 2011 12:10, celkově upraveno 1 >
< log odstranen z quote >
< >
< >
< Ohlásit tento příspěvek >
< Nahoru >
< Profil Poslat soukromou zprávu >
< Upravit příspěvek Odpovědět s citací >
< Mc_Murphy >
< Předmět příspěvku: Re: Prosím o kntrolu logu HJT >
< PříspěvekNapsal: 12 pro 2011 06:35 >
< Online >
< Rádce >
< Rádce >
< Uživatelský avatar >
< >
< Registrován: 03 lis 2008 15:55 >
< Příspěvky: 2248 >
< Bydliště: Plzeň [ZČ] >
< Zdravím. >
< >
< Dej mi minutku, hnedle se na to mrknu. >
< >
< _________________ >
< Obrázek >> členem od 24. prosince 2011 << >
< Obrázek Obrázek >
< >
< >> We are the folk and we have the right to stand up and to fight for an independent life. >
< >> We are the force, we are the might and we will stand up for an independent life. >
< >> Ve Vánočním čase jsem aktivní jen sporadicky. Mám Vánoce stejně jako VY a stejně jako mí vážení kolegové, tak to prosím tolerujte, buďte tak mlaskavi.
>
< >
< >
< Ohlásit tento příspěvek >
< Nahoru >
< Profil Poslat soukromou zprávu >
< Odpovědět s citací >
< Mc_Murphy >
< Předmět příspěvku: Re: Prosím o kntrolu logu HJT >
< PříspěvekNapsal: 12 pro 2011 06:51 >
< Online >
< Rádce >
< Rádce >
< Uživatelský avatar >
< >
< Registrován: 03 lis 2008 15:55 >
< Příspěvky: 2248 >
< Bydliště: Plzeň [ZČ] >
< Tak jako první by bylo dobré, aby sis pročetl pravidla našeho fóra. Zjistili bys totiž, mimo jiné, že už delší dobu nepoužíváme jako úvodní scan HJT, ale RSIT, je podrobnější. Mno ale něco s tím uděláme. >
< Takže v nabídce Přidat nebo odebrat programy odinstaluj všechny nepotřebné toolbary! Jsou to veliká "zdržovadla" systému a v případě například Ask.com Toolbar, Conduit Engine a dalších se dá hovořit už i o havěti. Máš jich tam na můj vkus dost. >
< Aktualizuj MS Internet Explorer na poslední verzi. I když používáš prohlížeč Mozilla Firefox, aktualizace řeší spoustu problémů i v systému samotném. >
< Spyware Terminator odeber v jeho nastaveních ze spouštění po startu a ponech si jej pouze na občasné scany. Jako antivir tam máš MSE, tak doufám, že u Spyware Terminator nemáš aktivovanou antivirovou ochranu - dva antiviry v počítači způsobují kolize. >
< Odeber program Skype v jeho nastaveních ze spouštění po startu systému a spouštěj ho ručně podle potřeby. >
< >
< Logy prosím nevkládej do Quote ani do Code, nedá se to číst!! >
< >
< >
< Fixni v HJT tyto položky: >
< >
< R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com >
Invalid Switch: search.live.com
< R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb >
Invalid Switch: rdr?TYPE= ... ll&pf=cmnb
< R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx >
Invalid Switch: sphome.aspx
< R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb >
Invalid Switch: rdr?TYPE= ... ll&pf=cmnb
< R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll >
< O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll >
< O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll >
< O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) >
< O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll >
< O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll >
< O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) >
< O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll >
< O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll >
< O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll >
< O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe >
< O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe >
< O4 - HKLM\..\Run: [zCpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe >
< O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray >
Invalid Switch: tray
< O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" >
< O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" >
< O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" >
< O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') >
< O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') >
< O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') >
< O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') >
< O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb >
Invalid Switch: rdr?TYPE=3&tp=iehome&locale=cs_cz&c=92&bd=all&pf=cmnb
< >
< "Fixnout" znamená, že spustíš HJT, zvolíš možnost [Do a system scan only] a zaškrtneš čtvereček vlevo od mnou vypsaných položek. Poté klikneš na [Fix checked] a odsouhlasíš [ANO]. >
< HJT najdeš zde: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe >
< >
< Dále stáhni a nainstaluj Malwarebytes' Anti-Malware (zkráceně MBAM) podle návodu z tohoto topicu. >
< >
< * Proveď aktualizaci virové databáze. >
< * V záložce Kontrolor zvol Úplná kontrola a zaškrtni všechny pevné disky, které máš na počítači. >
< * Předem nic nemaž!! >
< * MBAM mívá občas falešné detekce, proto vlož jeho log do příspěvku a počkej na posouzení! >
< >
< >
< _________________ >
< Obrázek >> členem od 24. prosince 2011 << >
< Obrázek Obrázek >
< >
< >> We are the folk and we have the right to stand up and to fight for an independent life. >
< >> We are the force, we are the might and we will stand up for an independent life. >
< >> Ve Vánočním čase jsem aktivní jen sporadicky. Mám Vánoce stejně jako VY a stejně jako mí vážení kolegové, tak to prosím tolerujte, buďte tak mlaskavi. >
< >
< >
< Ohlásit tento příspěvek >
< Nahoru >
< Profil Poslat soukromou zprávu >
< Odpovědět s citací >
< radekradek@seznam.cz >
< Předmět příspěvku: Re: Prosím o kntrolu logu HJT >
< PříspěvekNapsal: včera, 14:27 >
< Online >
< Návštěvník >
< Návštěvník >
< >
< Registrován: 11 pro 2011 23:02 >
< Příspěvky: 3 >
< díky díky, vrhám se na to..a omlouvám se za to vložení.. >
< >
< >
< Ohlásit tento příspěvek >
< Nahoru >
< Profil Poslat soukromou zprávu >
< Upravit příspěvek Odpovědět s citací >
< radekradek@seznam.cz >
< Předmět příspěvku: Re: Prosím o kntrolu logu HJT >
< PříspěvekNapsal: včera, 17:10 >
< Online >
< Návštěvník >
< Návštěvník >
< >
< Registrován: 11 pro 2011 23:02 >
< Příspěvky: 3 >
< tak jsem udělal snad vše co je zde napsáno. >
< zde je log.Malwarebytes' Anti-Malware >
< http://www.malwarebytes.org >
< >
< Verze databáze: >
< >
< Windows 5.1.2600 Service Pack 3 >
< Internet Explorer 8.0.6001.18702 >
< >
< 24.12.2011 17:08:26 >
< mbam-log-2011-12-24 (17-08-12).txt >
< >
< Typ: Úplná kontrola (C:\|) >
< Kontrolované objekty: 224320 >
< Uplynulý čas: 41 minut, 53 sekund >
< >
< Infikované procesy v paměti: 0 >
< Infikované moduly v paměti: 0 >
< Infikované klíče v registru: 0 >
< Infikované hodnoty v registru: 0 >
< Infikované datové položky v registru: 1 >
< Infikované složky: 0 >
< Infikované soubory: 0 >
< >
< Infikované procesy v paměti: >
< (Žádné škodlivé položky nebyly zjištěny) >
< >
< Infikované moduly v paměti: >
< (Žádné škodlivé položky nebyly zjištěny) >
< >
< Infikované klíče v registru: >
< (Žádné škodlivé položky nebyly zjištěny) >
< >
< Infikované hodnoty v registru: >
< (Žádné škodlivé položky nebyly zjištěny) >
< >
< Infikované datové položky v registru: >
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken. >
< >
< Infikované složky: >
< (Žádné škodlivé položky nebyly zjištěny) >
< >
< Infikované soubory: >
< (Žádné škodlivé položky nebyly zjištěny) >
< >
< >
< Ohlásit tento příspěvek >
< Nahoru >
< Profil Poslat soukromou zprávu >
< Upravit příspěvek Odpovědět s citací >
< Mc_Murphy >
< Předmět příspěvku: Re: Prosím o kntrolu logu HJT >
< PříspěvekNapsal: dnes, 10:01 >
< Online >
< Rádce >
< Rádce >
< Uživatelský avatar >
< >
< Registrován: 03 lis 2008 15:55 >
< Příspěvky: 2248 >
< Bydliště: Plzeň [ZČ] >
< Nález MBAMu dej odstranit a poté můžeš MBAM odinstalovat. >
< >
< Provedl jsi vše, co jsem Ti psal? Jestli ano, hoď mi sem ještě log z OTL. >
< >
< Stáhni OTL z tohoto odkazu a ulož jej na Plochu. >
< >
< * Pokud používáš Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce. >
< * Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej. >
< * Zaškrtni okénko Pro všechny uživatele. >
< * Zaškrtni okénko Kontrola na havěť "LOP". >
< * Zaškrtni okénko Kontrola na havěť "Purity". >
< * Stáři souborů změň z 30 dnů na 7 dnů! >
< * Do spodního okénka Vlastní skenování/opravy vlož tento script: >
Invalid Switch: opravy vlož tento script:
< >
< Kód: >
< >
< netsvc >
< >
< MD5 for: ATAPI.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004.08.18 09:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 07:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 07:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.18 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\i386\AUTOCHK.EXE
< MD5 for: CDROM.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\i386\sp2.cab:cdrom.sys
[2004.08.18 09:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\i386\sp2.cab:hal.dll
[2004.08.18 09:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 23:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 23:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SVCHOST.EXE >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.13 23:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 23:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< >
< %systemroot%*.* /U /s >
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\2be75d48d60d2d28e1d2cbc37ef44d0b\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\2be75d48d60d2d28e1d2cbc37ef44d0b\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\4679b1e98cd28b74c9df52151673233c\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\4679b1e98cd28b74c9df52151673233c\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\5f2e4a582e1005e1c41168befca21fcc\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\5f2e4a582e1005e1c41168befca21fcc\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.09.20 09:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Adobe
[2010.02.21 20:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\CorelHomeOffice
[2009.07.11 04:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\hpqLog
[2009.07.11 12:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Identities
[2009.07.11 04:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\InstallShield
[2010.02.18 13:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Macromedia
[2011.12.24 16:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Malwarebytes
[2011.12.11 22:55:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Marek\Data aplikací\Microsoft
[2011.01.22 13:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Mikrotik
[2010.07.02 14:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Mozilla
[2011.05.04 19:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\PriceGong
[2009.07.11 04:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\SiteAdvisor
[2011.12.24 14:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Skype
[2011.07.08 19:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\skypePM
[2011.11.05 12:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Spyware Terminator
[2011.07.21 12:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\uTorrent
[2010.03.16 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
[2011.12.11 22:55:55 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Marek\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job >
[2011.12.25 15:44:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004.09.08 13:00:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004.09.08 13:00:50 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004.09.08 13:00:50 | 000,471,040 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2011.12.24 00:49:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\system32\d3d9caps.dat
[2011.12.24 15:46:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
[2011.12.24 15:01:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %userprofile%\Plocha\*.* >
[2011.11.08 20:18:49 | 001,849,306 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\A5 publikace_web.pdf
[2011.08.25 10:31:44 | 461,842,026 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Barbie a tri muskatyti.cz.avi
[2011.08.25 11:01:46 | 733,968,004 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Barbie Tajemství víl Novinky 2011 cz dabing.avi
[2011.10.04 10:54:00 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Cíle práce.doc
[2011.12.24 01:19:50 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\displayecard.php.htm
[2011.10.11 07:23:34 | 000,085,550 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\ec-cernymost.pdf
[2011.11.16 21:23:44 | 000,072,949 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\H4152295064511_101147962.pdf
[2011.12.11 22:55:50 | 000,001,978 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\HiJackThis.lnk
[2011.12.11 21:03:33 | 004,662,784 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Katka BAK konecna.doc
[2011.11.07 20:10:00 | 004,423,680 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\katka bakalářka důležité.doc 2.doc3.doc
[2011.10.30 10:47:00 | 003,757,056 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\katka bakalářka.doc odeslat.doc
[2011.08.26 19:56:07 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\KMPlayer.lnk
[2011.11.21 19:05:05 | 000,066,119 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\kupon_6643470818.pdf
[2011.12.24 17:08:26 | 000,001,138 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\mbam-log-2011-12-24 (17-08-12).txt
[2011.11.23 08:29:36 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Metodika práce.doc
[2010.07.02 14:51:12 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Mozilla Firefox.lnk
[2010.07.02 21:31:13 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Outlook.lnk
[2011.10.23 21:20:46 | 000,067,812 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\resource.pdf
[2010.02.21 15:58:01 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Tento počítač.lnk
[2011.12.12 21:31:27 | 000,188,185 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\voucher-1050526.pdf
[2010.06.22 08:00:58 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Marek\Plocha\~$26_AN120064_002_CS- Návod k obsluhe pre koncový vypína zdvihu ABUS.doc
[2010.06.22 07:56:43 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Marek\Plocha\~$26_AN120064_002_CS.doc
[2010.06.22 07:50:22 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Marek\Plocha\~$nové.doc
[2011.01.25 14:20:18 | 733,325,046 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Čarodějův učeň 2010.avi
< %userprofile%\Desktop\*.* >
< %ALLUSERSPROFILE%\Plocha\*.* >
[2011.10.10 07:21:39 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2011.12.24 16:22:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.11.21 19:46:35 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2011.12.12 21:20:02 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Spyware Terminator 2012.lnk
< %ALLUSERSPROFILE%\Desktop\*.* >
< *crack* /s >
[2011.01.27 22:29:35 | 000,000,698 | ---- | M] () -- \Documents and Settings\Marek\Data aplikací\uTorrent\Kaspersky.Mobile.Secuirty.v8.0.51.S60v3.SymbianOS9.x.Unsigned.Cracked.iNTERNAL.Read.NFO-CODePDA.torrent
< *keygen* /s >
< *loader* /s >
[2011.10.02 11:57:40 | 000,010,144 | ---- | M] () -- \Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\ExternalLibraryLoader.jsm
[2004.08.18 14:00:00 | 000,017,423 | ---- | M] () -- \i386\DMLOADER.DL_
[2004.08.18 14:00:00 | 000,115,153 | ---- | M] () -- \i386\OSLOADER.EX_
[2004.08.18 14:00:00 | 000,132,757 | ---- | M] () -- \i386\OSLOADER.NT_
[2006.10.26 12:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.dll
[2006.10.26 12:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.tlb
[2008.02.25 07:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2009.12.12 15:12:04 | 000,045,056 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2008.10.07 18:53:46 | 000,200,704 | ---- | M] () -- \Swsetup\HPQATTAgent\program files\AT&T\Service Activation\loader.dll
[2008.10.07 18:53:50 | 000,196,608 | ---- | M] () -- \Swsetup\HPQATTAgent\program files\AT&T\Service Activation\nwtcdmaloader.dll
[2008.10.07 18:53:46 | 000,200,704 | ---- | M] () -- \Swsetup\wwandrv1\HPQATTAgent\program files\AT&T\Service Activation\loader.dll
[2008.10.07 18:53:50 | 000,196,608 | ---- | M] () -- \Swsetup\wwandrv1\HPQATTAgent\program files\AT&T\Service Activation\nwtcdmaloader.dll
[2008.04.14 07:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 23:01:48 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 23:01:50 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 07:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *KMSEmulator* /s >
< *activator* /s >
< *serial* /s >
[2004.08.18 14:00:00 | 000,024,957 | ---- | M] () -- \i386\DPSERIAL.DL_
[2004.08.18 14:00:00 | 000,030,301 | ---- | M] () -- \i386\SERIAL.SY_
[2004.08.18 14:00:00 | 000,006,549 | ---- | M] () -- \i386\SERIALUI.DL_
[2010.04.07 22:48:30 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2008.10.07 18:53:52 | 000,143,360 | ---- | M] () -- \Swsetup\HPQATTAgent\program files\AT&T\Service Activation\rim_serial.dll
[2008.10.07 18:53:52 | 000,167,936 | ---- | M] () -- \Swsetup\HPQATTAgent\program files\AT&T\Service Activation\rim_serialV2.dll
[2008.10.07 18:53:52 | 000,143,360 | ---- | M] () -- \Swsetup\wwandrv1\HPQATTAgent\program files\AT&T\Service Activation\rim_serial.dll
[2008.10.07 18:53:52 | 000,167,936 | ---- | M] () -- \Swsetup\wwandrv1\HPQATTAgent\program files\AT&T\Service Activation\rim_serialV2.dll
[2004.09.08 11:20:12 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.5000.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.02.18 16:46:59 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2011.10.15 12:00:48 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.07.02 15:16:12 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2011.08.13 22:56:56 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\21248037960cf6dfa2ce401d355bd6c9\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2011.10.15 12:19:12 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2011.10.15 12:15:18 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
[2011.08.13 20:51:38 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dece01bd9e9c32e47630fdfc78d3bd32\System.Runtime.Serialization.ni.dll
[2004.07.15 14:31:54 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
[2003.04.07 13:24:52 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2008.07.25 10:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.04.07 22:48:30 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2008.04.14 06:47:26 | 000,028,416 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\grserial.sys
[2008.04.14 06:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\serial.sys
[2004.08.18 09:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2004.08.18 09:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2008.04.14 06:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys
< *w7lxe* /s >
< *AutoRearm* /s >
< >
< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /s >
"AccelerometerSysTrayApplet" = C:\WINDOWS\System32\accelerometerST.exe -- [2009.04.07 16:53:06 | 000,070,200 | ---- | M] (Hewlett-Packard Corporation)
"IAAnotif" = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe -- [2008.12.16 18:37:36 | 000,186,904 | ---- | M] (Intel Corporation)
"PDF Complete" = C:\Program Files\PDF Complete\pdfsty.exe -- [2009.06.18 08:07:04 | 000,563,736 | ---- | M] (PDF Complete Inc)
"HotKeysCmds" = C:\WINDOWS\system32\hkcmd.exe -- [2008.02.28 16:00:04 | 000,166,424 | ---- | M] (Intel Corporation)
"SynTPEnh" = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -- [2009.06.08 19:18:16 | 001,434,920 | ---- | M] (Synaptics Incorporated)
"WirelessAssistant" = C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe -- [2009.05.11 14:19:34 | 000,513,080 | ---- | M] (Hewlett-Packard)
"QlbCtrl.exe" = C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start -- [2009.04.15 07:57:32 | 000,181,816 | ---- | M] ( Hewlett-Packard Development Company, L.P.)
"SoundMAXPnP" = C:\Program Files\Analog Devices\Core\smax4pnp.exe -- [2009.04.14 16:58:24 | 001,044,480 | ---- | M] (Analog Devices, Inc.)
"LogMeIn GUI" = "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -- [2008.08.11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.)
"MSC" = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey -- [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation)
"SpywareTerminatorShield" = C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe -- [2011.11.22 04:20:52 | 002,779,824 | ---- | M] (Crawler.com)
"SpywareTerminatorUpdater" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe -- [2011.11.22 04:21:02 | 003,621,040 | ---- | M] (Crawler.com)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
"" =
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"" =
"Installed" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"" =
"Installed" = 1
"NoChange" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"" =
"Installed" = 1
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 07:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /s >
< >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
No captured output from command...
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
No captured output from command...
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
No captured output from command...
< type c:\boot.ini >> test.txt /c >
No captured output from command...]
< End of report >
moc tomu nerozumím,ale co to otl přesně je..a lavně koukám, že to sem napsalo něco co asi nemělo?
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.25 22:43:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.25 22:43:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6173\FF\
[2010.07.02 14:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Extensions
[2011.12.25 15:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions
[2010.07.23 20:58:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.10 07:24:29 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011.01.27 22:26:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\engine@conduit.com
[2011.12.24 01:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.11.14 22:42:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2011.03.13 17:23:26 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.03.13 17:23:26 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2011.03.13 17:23:26 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.03.13 17:23:26 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.03.13 17:23:26 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2004.08.18 09:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E41EB5B8-965E-4163-B089-737454CCE0AB}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O21 - SSODL: PostBootReminder - - - No CLSID value found.
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\HP Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Wallpaper.bmp
O32 - Unable to read "AutoRun" value or value not present!
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2011.12.24 16:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Data aplikací\Malwarebytes
[2011.12.24 16:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.12.24 16:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.12.24 16:22:06 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.24 16:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.24 15:50:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Marek\PrivacIE
[2011.12.24 15:42:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Marek\IETldCache
[2011.12.24 15:34:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011.12.24 15:28:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.12.24 15:17:56 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011.12.24 01:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Plocha\displayecard.php_soubory
[2010.02.17 13:28:23 | 000,203,312 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010.02.17 13:28:20 | 000,256,560 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2011.12.25 15:52:05 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.12.25 15:44:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.12.25 15:43:17 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.25 15:39:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.25 15:39:28 | 1064,751,104 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.25 09:03:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.12.24 16:22:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.12.24 15:46:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.12.24 15:01:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.24 01:19:50 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\displayecard.php.htm
[2011.12.24 00:49:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.12.18 19:38:10 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.12.25 15:52:05 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.12.24 16:22:14 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.12.24 01:19:49 | 000,002,155 | ---- | C] () -- C:\Documents and Settings\Marek\Plocha\displayecard.php.htm
[2011.11.05 12:28:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011.08.26 19:45:03 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.30 20:44:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.03.08 10:10:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.03.07 21:08:52 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
[2010.07.02 14:51:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.02.21 20:26:46 | 000,001,056 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\KGyGaAvL.sys
[2010.02.17 17:40:12 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\fusioncache.dat
[2010.02.17 16:44:02 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.02.17 13:28:23 | 001,765,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010.02.17 13:28:23 | 000,034,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010.02.17 13:28:23 | 000,027,184 | ---- | C] () -- C:\WINDOWS\snuvcdsm.exe
[2010.02.17 13:28:23 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2009.07.11 03:44:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.07.11 03:44:22 | 000,029,132 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.12.11 14:22:10 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2004.09.08 11:27:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004.09.08 11:26:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.09.08 11:22:54 | 000,444,810 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.09.08 11:22:54 | 000,441,772 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2004.09.08 11:22:54 | 000,084,388 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2004.09.08 11:22:54 | 000,072,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.09.08 11:16:56 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.09.08 11:11:36 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.09.08 11:09:04 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.18 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.18 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.18 09:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2004.08.18 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.18 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.18 09:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2004.08.18 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.18 09:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.18 09:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.18 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.05.28 09:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002.05.28 09:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2011.12.24 17:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LogMeIn
[2011.12.21 07:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PDFC
[2011.12.25 14:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2011.01.22 13:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Mikrotik
[2011.05.04 19:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\PriceGong
[2011.11.05 12:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Spyware Terminator
[2011.07.21 12:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\uTorrent
[2011.12.25 15:44:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ==========
========== Custom Scans ==========
< >
< VIRY.CZ >
< * Odhlásit [ radekradek@seznam.cz ] * 0 nových zpráv * FAQ * Hledat * Členové * Uživatelský panel >
< Poslední návštěva: včera, 17:10 Právě je 25 pro 2011 15:45 >
< >
< Vyhledat témata bez odpovědí | Zobrazit aktivní témata Zobrazit nepřečtené příspěvky | Zobrazit nové příspěvky | Zobrazit vaše příspěvky >
< >
< Obsah fóra » Havěť - viry, spyware, rootkity » Řešení problémů, logy >
< >
< Všechny časy jsou v UTC + 1 hodina >
< >
< Pravidla fóra >
< >
< Pokud chcete pomoc, vložte log z RSIT: viewtopic.php?f=13&t=105895 >
< >
< Prosím o kntrolu logu HJT >
< >
< Moderátor: Moderátoři >
< >
< >
< Odeslat nové téma Odpovědět na téma Stránka 1 z 1 >
< [ Příspěvků: 6 ] >
< Ukončit sledování tohoto tématu | Přidat do záložek | Verze pro tisk | Napsat e-mail Předchozí téma | Následující téma >
< Autor Zpráva >
< radekradek@seznam.cz >
< Předmět příspěvku: Prosím o kntrolu logu HJT >
< PříspěvekNapsal: 11 pro 2011 23:09 >
< Online >
< Návštěvník >
< Návštěvník >
< >
< Registrován: 11 pro 2011 23:02 >
< Příspěvky: 3 >
< Dobrý večer, >
< >
< prosím o kontrolu logu velmi pomalé PC, dochází k vytuhnutí a podobným věcem, pokud jsou třeba další informace, rád je dodám,ale nevím co je vše třeba. \předem díky >
< >
< Logfile of Trend Micro HijackThis v2.0.4 >
< Scan saved at 22:56:30, on 11.12.2011 >
< Platform: Windows XP SP3 (WinNT 5.01.2600) >
< MSIE: Internet Explorer v7.00 (7.00.6000.17103) >
< Boot mode: Normal >
< >
< Running processes: >
< C:\WINDOWS\System32\smss.exe >
[2008.04.14 07:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smss.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
< C:\WINDOWS\system32\winlogon.exe >
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\WINDOWS\system32\services.exe >
[2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\WINDOWS\system32\lsass.exe >
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\WINDOWS\system32\svchost.exe >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe >
[2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
< C:\WINDOWS\System32\svchost.exe >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
< C:\WINDOWS\System32\svchost.exe >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
< C:\WINDOWS\system32\spoolsv.exe >
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe >
[2010.12.08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
< C:\Program Files\PDF Complete\pdfsvc.exe >
[2009.06.18 08:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
< c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe >
[2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
< C:\Program Files\Spyware Terminator\st_rsser.exe >
[2011.11.22 04:19:58 | 000,482,992 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\st_rsser.exe
< C:\WINDOWS\system32\svchost.exe >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe >
[2008.12.16 18:37:46 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
< C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe >
[2008.12.11 14:23:08 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
< C:\WINDOWS\Explorer.EXE >
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
< C:\WINDOWS\System32\accelerometerST.exe >
[2009.04.07 16:53:06 | 000,070,200 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\accelerometerST.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
< C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe >
[2008.12.16 18:37:36 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
< C:\WINDOWS\system32\hkcmd.exe >
[2008.02.28 16:00:04 | 000,166,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\WINDOWS\system32\igfxpers.exe >
[2008.02.28 16:00:14 | 000,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\Program Files\Synaptics\SynTP\SynTPEnh.exe >
[2009.06.08 19:18:16 | 001,434,920 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
< C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe >
[2009.05.11 14:19:34 | 000,513,080 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
< C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe >
[2009.04.15 07:57:32 | 000,181,816 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
< C:\Program Files\Analog Devices\Core\smax4pnp.exe >
[2009.04.14 16:58:24 | 001,044,480 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
< C:\WINDOWS\system32\igfxsrvc.exe >
[2008.02.28 16:00:16 | 000,256,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\Program Files\LogMeIn\x86\LogMeInSystray.exe >
[2008.08.11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
< C:\Program Files\Microsoft Security Client\msseces.exe >
[2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
< C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe >
[2008.10.23 11:46:02 | 000,223,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
< C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe >
[2011.11.22 04:20:52 | 002,779,824 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
< C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe >
[2009.04.23 15:48:56 | 000,239,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
< C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe >
[2011.11.22 04:21:02 | 003,621,040 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
< C:\WINDOWS\system32\ctfmon.exe >
[2008.04.14 07:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\Program Files\Skype\Phone\Skype.exe >
[2011.10.13 09:27:14 | 017,351,304 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
< C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe >
[2008.12.11 14:23:08 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
< C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe >
[2008.10.22 09:32:20 | 000,628,016 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
< C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE >
[2008.12.11 14:23:08 | 001,456,768 | ---- | M] (Broadcom Corporation.) -- C:\PROGRA~1\WIDCOMM\BLUETO~1\BTStackServer.exe
< C:\Program Files\Mozilla Firefox\firefox.exe >
[2011.11.25 22:42:53 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
< C:\Program Files\Mozilla Firefox\plugin-container.exe >
[2011.11.25 22:42:57 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
< C:\WINDOWS\system32\msiexec.exe >
[2008.05.19 00:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msiexec.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe >
[2010.03.25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
< >
< R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com >
Invalid Switch: search.live.com
< R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb >
Invalid Switch: rdr?TYPE= ... ll&pf=cmnb
< R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 >
Invalid Switch: ?LinkId=69157
< R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 >
Invalid Switch: ?LinkId=54896
< R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 >
Invalid Switch: ?LinkId=54896
< R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 >
Invalid Switch: ?LinkId=69157
< R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx >
Invalid Switch: sphome.aspx
< R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb >
Invalid Switch: rdr?TYPE= ... ll&pf=cmnb
< R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy >
< R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll >
< O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll >
< O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll >
< O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) >
< O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll >
< O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll >
< O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll >
< O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll >
< O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) >
< O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll >
< O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll >
< O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll >
< O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\System32\accelerometerST.exe >
< O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe >
< O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe >
< O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe >
< O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe >
< O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe >
< O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe >
< O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe >
< O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start >
Invalid Switch: Start
< O4 - HKLM\..\Run: [zCpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe >
< O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe >
< O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray >
Invalid Switch: tray
< O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" >
< O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" >
< O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" >
< O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey >
< O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" >
< O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe >
< O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe >
< O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe >
< O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized >
< O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') >
< O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') >
< O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') >
< O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') >
< O4 - Global Startup: Bluetooth.lnk = ? >
< O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 >
< O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm >
< O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm >
< O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll >
< O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll >
< O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL >
< O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm >
< O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm >
< O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe >
< O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe >
< O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe >
< O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe >
< O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb >
Invalid Switch: rdr?TYPE=3&tp=iehome&locale=cs_cz&c=92&bd=all&pf=cmnb
< O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll >
< O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll >
< O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll >
< O23 - Service: McAfee Application Installer Cleanup (0132421266410611) (0132421266410611mcinstcleanup) - Unknown owner - C:\DOCUME~1\admin\LOCALS~1\Temp\013242~1.EXE (file missing) >
< O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe >
< O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe >
< O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe >
< O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe >
< O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe >
< O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe >
< O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe >
< O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe >
< >
< -- >
< End of file - 10280 bytes >
< >
< >
< Naposledy upravil vyosek dne 12 pro 2011 12:10, celkově upraveno 1 >
< log odstranen z quote >
< >
< >
< Ohlásit tento příspěvek >
< Nahoru >
< Profil Poslat soukromou zprávu >
< Upravit příspěvek Odpovědět s citací >
< Mc_Murphy >
< Předmět příspěvku: Re: Prosím o kntrolu logu HJT >
< PříspěvekNapsal: 12 pro 2011 06:35 >
< Online >
< Rádce >
< Rádce >
< Uživatelský avatar >
< >
< Registrován: 03 lis 2008 15:55 >
< Příspěvky: 2248 >
< Bydliště: Plzeň [ZČ] >
< Zdravím.
>< >
< Dej mi minutku, hnedle se na to mrknu.
>< >
< _________________ >
< Obrázek >> členem od 24. prosince 2011 << >
< Obrázek Obrázek >
< >
< >> We are the folk and we have the right to stand up and to fight for an independent life. >
< >> We are the force, we are the might and we will stand up for an independent life. >
< >> Ve Vánočním čase jsem aktivní jen sporadicky. Mám Vánoce stejně jako VY a stejně jako mí vážení kolegové, tak to prosím tolerujte, buďte tak mlaskavi.
>< >
< >
< Ohlásit tento příspěvek >
< Nahoru >
< Profil Poslat soukromou zprávu >
< Odpovědět s citací >
< Mc_Murphy >
< Předmět příspěvku: Re: Prosím o kntrolu logu HJT >
< PříspěvekNapsal: 12 pro 2011 06:51 >
< Online >
< Rádce >
< Rádce >
< Uživatelský avatar >
< >
< Registrován: 03 lis 2008 15:55 >
< Příspěvky: 2248 >
< Bydliště: Plzeň [ZČ] >
<
Tak jako první by bylo dobré, aby sis pročetl pravidla našeho fóra. Zjistili bys totiž, mimo jiné, že už delší dobu nepoužíváme jako úvodní scan HJT, ale RSIT, je podrobnější. Mno ale něco s tím uděláme. ><
Takže v nabídce Přidat nebo odebrat programy odinstaluj všechny nepotřebné toolbary! Jsou to veliká "zdržovadla" systému a v případě například Ask.com Toolbar, Conduit Engine a dalších se dá hovořit už i o havěti. Máš jich tam na můj vkus dost. ><
Aktualizuj MS Internet Explorer na poslední verzi. I když používáš prohlížeč Mozilla Firefox, aktualizace řeší spoustu problémů i v systému samotném. ><
Spyware Terminator odeber v jeho nastaveních ze spouštění po startu a ponech si jej pouze na občasné scany. Jako antivir tam máš MSE, tak doufám, že u Spyware Terminator nemáš aktivovanou antivirovou ochranu - dva antiviry v počítači způsobují kolize. ><
Odeber program Skype v jeho nastaveních ze spouštění po startu systému a spouštěj ho ručně podle potřeby. >< >
<
Logy prosím nevkládej do Quote ani do Code, nedá se to číst!! >< >
< >
<
Fixni v HJT tyto položky: >< >
< R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com >
Invalid Switch: search.live.com
< R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb >
Invalid Switch: rdr?TYPE= ... ll&pf=cmnb
< R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx >
Invalid Switch: sphome.aspx
< R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb >
Invalid Switch: rdr?TYPE= ... ll&pf=cmnb
< R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll >
< O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll >
< O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll >
< O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) >
< O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll >
< O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll >
< O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) >
< O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll >
< O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll >
< O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll >
< O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe >
< O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe >
< O4 - HKLM\..\Run: [zCpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe >
< O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray >
Invalid Switch: tray
< O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" >
< O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" >
< O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" >
< O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') >
< O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') >
< O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') >
< O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') >
< O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb >
Invalid Switch: rdr?TYPE=3&tp=iehome&locale=cs_cz&c=92&bd=all&pf=cmnb
< >
< "Fixnout" znamená, že spustíš HJT, zvolíš možnost [Do a system scan only] a zaškrtneš čtvereček vlevo od mnou vypsaných položek. Poté klikneš na [Fix checked] a odsouhlasíš [ANO]. >
< HJT najdeš zde: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe >
< >
<
Dále stáhni a nainstaluj Malwarebytes' Anti-Malware (zkráceně MBAM) podle návodu z tohoto topicu. >< >
< * Proveď aktualizaci virové databáze. >
< * V záložce Kontrolor zvol Úplná kontrola a zaškrtni všechny pevné disky, které máš na počítači. >
< * Předem nic nemaž!! >
< * MBAM mívá občas falešné detekce, proto vlož jeho log do příspěvku a počkej na posouzení! >
< >
< >
< _________________ >
< Obrázek >> členem od 24. prosince 2011 << >
< Obrázek Obrázek >
< >
< >> We are the folk and we have the right to stand up and to fight for an independent life. >
< >> We are the force, we are the might and we will stand up for an independent life. >
< >> Ve Vánočním čase jsem aktivní jen sporadicky. Mám Vánoce stejně jako VY a stejně jako mí vážení kolegové, tak to prosím tolerujte, buďte tak mlaskavi.
>< >
< >
< Ohlásit tento příspěvek >
< Nahoru >
< Profil Poslat soukromou zprávu >
< Odpovědět s citací >
< radekradek@seznam.cz >
< Předmět příspěvku: Re: Prosím o kntrolu logu HJT >
< PříspěvekNapsal: včera, 14:27 >
< Online >
< Návštěvník >
< Návštěvník >
< >
< Registrován: 11 pro 2011 23:02 >
< Příspěvky: 3 >
< díky díky, vrhám se na to
..a omlouvám se za to vložení.. >< >
< >
< Ohlásit tento příspěvek >
< Nahoru >
< Profil Poslat soukromou zprávu >
< Upravit příspěvek Odpovědět s citací >
< radekradek@seznam.cz >
< Předmět příspěvku: Re: Prosím o kntrolu logu HJT >
< PříspěvekNapsal: včera, 17:10 >
< Online >
< Návštěvník >
< Návštěvník >
< >
< Registrován: 11 pro 2011 23:02 >
< Příspěvky: 3 >
< tak jsem udělal snad vše co je zde napsáno. >
< zde je log.Malwarebytes' Anti-Malware >
< http://www.malwarebytes.org >
< >
< Verze databáze: >
< >
< Windows 5.1.2600 Service Pack 3 >
< Internet Explorer 8.0.6001.18702 >
< >
< 24.12.2011 17:08:26 >
< mbam-log-2011-12-24 (17-08-12).txt >
< >
< Typ: Úplná kontrola (C:\|) >
< Kontrolované objekty: 224320 >
< Uplynulý čas: 41 minut, 53 sekund >
< >
< Infikované procesy v paměti: 0 >
< Infikované moduly v paměti: 0 >
< Infikované klíče v registru: 0 >
< Infikované hodnoty v registru: 0 >
< Infikované datové položky v registru: 1 >
< Infikované složky: 0 >
< Infikované soubory: 0 >
< >
< Infikované procesy v paměti: >
< (Žádné škodlivé položky nebyly zjištěny) >
< >
< Infikované moduly v paměti: >
< (Žádné škodlivé položky nebyly zjištěny) >
< >
< Infikované klíče v registru: >
< (Žádné škodlivé položky nebyly zjištěny) >
< >
< Infikované hodnoty v registru: >
< (Žádné škodlivé položky nebyly zjištěny) >
< >
< Infikované datové položky v registru: >
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken. >
< >
< Infikované složky: >
< (Žádné škodlivé položky nebyly zjištěny) >
< >
< Infikované soubory: >
< (Žádné škodlivé položky nebyly zjištěny) >
< >
< >
< Ohlásit tento příspěvek >
< Nahoru >
< Profil Poslat soukromou zprávu >
< Upravit příspěvek Odpovědět s citací >
< Mc_Murphy >
< Předmět příspěvku: Re: Prosím o kntrolu logu HJT >
< PříspěvekNapsal: dnes, 10:01 >
< Online >
< Rádce >
< Rádce >
< Uživatelský avatar >
< >
< Registrován: 03 lis 2008 15:55 >
< Příspěvky: 2248 >
< Bydliště: Plzeň [ZČ] >
<
Nález MBAMu dej odstranit a poté můžeš MBAM odinstalovat. >< >
<
Provedl jsi vše, co jsem Ti psal? Jestli ano, hoď mi sem ještě log z OTL. >< >
<
Stáhni OTL z tohoto odkazu a ulož jej na Plochu. >< >
< * Pokud používáš Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce. >
< * Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej. >
< * Zaškrtni okénko Pro všechny uživatele. >
< * Zaškrtni okénko Kontrola na havěť "LOP". >
< * Zaškrtni okénko Kontrola na havěť "Purity". >
< * Stáři souborů změň z 30 dnů na 7 dnů! >
< * Do spodního okénka Vlastní skenování/opravy vlož tento script: >
Invalid Switch: opravy vlož tento script:
< >
< Kód: >
< >
< netsvc >
< >
< MD5 for: ATAPI.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004.08.18 09:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 07:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 07:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.18 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\i386\AUTOCHK.EXE
< MD5 for: CDROM.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\i386\sp2.cab:cdrom.sys
[2004.08.18 09:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\i386\sp2.cab:hal.dll
[2004.08.18 09:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 23:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 23:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SVCHOST.EXE >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.13 23:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 23:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< >
< %systemroot%*.* /U /s >
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\2be75d48d60d2d28e1d2cbc37ef44d0b\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\2be75d48d60d2d28e1d2cbc37ef44d0b\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\4679b1e98cd28b74c9df52151673233c\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\4679b1e98cd28b74c9df52151673233c\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\5f2e4a582e1005e1c41168befca21fcc\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\5f2e4a582e1005e1c41168befca21fcc\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.09.20 09:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Adobe
[2010.02.21 20:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\CorelHomeOffice
[2009.07.11 04:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\hpqLog
[2009.07.11 12:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Identities
[2009.07.11 04:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\InstallShield
[2010.02.18 13:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Macromedia
[2011.12.24 16:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Malwarebytes
[2011.12.11 22:55:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Marek\Data aplikací\Microsoft
[2011.01.22 13:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Mikrotik
[2010.07.02 14:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Mozilla
[2011.05.04 19:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\PriceGong
[2009.07.11 04:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\SiteAdvisor
[2011.12.24 14:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Skype
[2011.07.08 19:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\skypePM
[2011.11.05 12:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Spyware Terminator
[2011.07.21 12:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\uTorrent
[2010.03.16 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
[2011.12.11 22:55:55 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Marek\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job >
[2011.12.25 15:44:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004.09.08 13:00:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004.09.08 13:00:50 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004.09.08 13:00:50 | 000,471,040 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2011.12.24 00:49:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\system32\d3d9caps.dat
[2011.12.24 15:46:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
[2011.12.24 15:01:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %userprofile%\Plocha\*.* >
[2011.11.08 20:18:49 | 001,849,306 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\A5 publikace_web.pdf
[2011.08.25 10:31:44 | 461,842,026 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Barbie a tri muskatyti.cz.avi
[2011.08.25 11:01:46 | 733,968,004 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Barbie Tajemství víl Novinky 2011 cz dabing.avi
[2011.10.04 10:54:00 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Cíle práce.doc
[2011.12.24 01:19:50 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\displayecard.php.htm
[2011.10.11 07:23:34 | 000,085,550 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\ec-cernymost.pdf
[2011.11.16 21:23:44 | 000,072,949 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\H4152295064511_101147962.pdf
[2011.12.11 22:55:50 | 000,001,978 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\HiJackThis.lnk
[2011.12.11 21:03:33 | 004,662,784 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Katka BAK konecna.doc
[2011.11.07 20:10:00 | 004,423,680 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\katka bakalářka důležité.doc 2.doc3.doc
[2011.10.30 10:47:00 | 003,757,056 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\katka bakalářka.doc odeslat.doc
[2011.08.26 19:56:07 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\KMPlayer.lnk
[2011.11.21 19:05:05 | 000,066,119 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\kupon_6643470818.pdf
[2011.12.24 17:08:26 | 000,001,138 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\mbam-log-2011-12-24 (17-08-12).txt
[2011.11.23 08:29:36 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Metodika práce.doc
[2010.07.02 14:51:12 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Mozilla Firefox.lnk
[2010.07.02 21:31:13 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Outlook.lnk
[2011.10.23 21:20:46 | 000,067,812 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\resource.pdf
[2010.02.21 15:58:01 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Tento počítač.lnk
[2011.12.12 21:31:27 | 000,188,185 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\voucher-1050526.pdf
[2010.06.22 08:00:58 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Marek\Plocha\~$26_AN120064_002_CS- Návod k obsluhe pre koncový vypína zdvihu ABUS.doc
[2010.06.22 07:56:43 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Marek\Plocha\~$26_AN120064_002_CS.doc
[2010.06.22 07:50:22 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Marek\Plocha\~$nové.doc
[2011.01.25 14:20:18 | 733,325,046 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Čarodějův učeň 2010.avi
< %userprofile%\Desktop\*.* >
< %ALLUSERSPROFILE%\Plocha\*.* >
[2011.10.10 07:21:39 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2011.12.24 16:22:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.11.21 19:46:35 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2011.12.12 21:20:02 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Spyware Terminator 2012.lnk
< %ALLUSERSPROFILE%\Desktop\*.* >
< *crack* /s >
[2011.01.27 22:29:35 | 000,000,698 | ---- | M] () -- \Documents and Settings\Marek\Data aplikací\uTorrent\Kaspersky.Mobile.Secuirty.v8.0.51.S60v3.SymbianOS9.x.Unsigned.Cracked.iNTERNAL.Read.NFO-CODePDA.torrent
< *keygen* /s >
< *loader* /s >
[2011.10.02 11:57:40 | 000,010,144 | ---- | M] () -- \Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\ExternalLibraryLoader.jsm
[2004.08.18 14:00:00 | 000,017,423 | ---- | M] () -- \i386\DMLOADER.DL_
[2004.08.18 14:00:00 | 000,115,153 | ---- | M] () -- \i386\OSLOADER.EX_
[2004.08.18 14:00:00 | 000,132,757 | ---- | M] () -- \i386\OSLOADER.NT_
[2006.10.26 12:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.dll
[2006.10.26 12:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.tlb
[2008.02.25 07:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2009.12.12 15:12:04 | 000,045,056 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2008.10.07 18:53:46 | 000,200,704 | ---- | M] () -- \Swsetup\HPQATTAgent\program files\AT&T\Service Activation\loader.dll
[2008.10.07 18:53:50 | 000,196,608 | ---- | M] () -- \Swsetup\HPQATTAgent\program files\AT&T\Service Activation\nwtcdmaloader.dll
[2008.10.07 18:53:46 | 000,200,704 | ---- | M] () -- \Swsetup\wwandrv1\HPQATTAgent\program files\AT&T\Service Activation\loader.dll
[2008.10.07 18:53:50 | 000,196,608 | ---- | M] () -- \Swsetup\wwandrv1\HPQATTAgent\program files\AT&T\Service Activation\nwtcdmaloader.dll
[2008.04.14 07:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 23:01:48 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 23:01:50 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 07:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *KMSEmulator* /s >
< *activator* /s >
< *serial* /s >
[2004.08.18 14:00:00 | 000,024,957 | ---- | M] () -- \i386\DPSERIAL.DL_
[2004.08.18 14:00:00 | 000,030,301 | ---- | M] () -- \i386\SERIAL.SY_
[2004.08.18 14:00:00 | 000,006,549 | ---- | M] () -- \i386\SERIALUI.DL_
[2010.04.07 22:48:30 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2008.10.07 18:53:52 | 000,143,360 | ---- | M] () -- \Swsetup\HPQATTAgent\program files\AT&T\Service Activation\rim_serial.dll
[2008.10.07 18:53:52 | 000,167,936 | ---- | M] () -- \Swsetup\HPQATTAgent\program files\AT&T\Service Activation\rim_serialV2.dll
[2008.10.07 18:53:52 | 000,143,360 | ---- | M] () -- \Swsetup\wwandrv1\HPQATTAgent\program files\AT&T\Service Activation\rim_serial.dll
[2008.10.07 18:53:52 | 000,167,936 | ---- | M] () -- \Swsetup\wwandrv1\HPQATTAgent\program files\AT&T\Service Activation\rim_serialV2.dll
[2004.09.08 11:20:12 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.5000.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.02.18 16:46:59 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2011.10.15 12:00:48 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.07.02 15:16:12 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2011.08.13 22:56:56 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\21248037960cf6dfa2ce401d355bd6c9\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2011.10.15 12:19:12 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2011.10.15 12:15:18 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
[2011.08.13 20:51:38 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dece01bd9e9c32e47630fdfc78d3bd32\System.Runtime.Serialization.ni.dll
[2004.07.15 14:31:54 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
[2003.04.07 13:24:52 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2008.07.25 10:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.04.07 22:48:30 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2008.04.14 06:47:26 | 000,028,416 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\grserial.sys
[2008.04.14 06:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\serial.sys
[2004.08.18 09:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2004.08.18 09:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2008.04.14 06:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys
< *w7lxe* /s >
< *AutoRearm* /s >
< >
< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /s >
"AccelerometerSysTrayApplet" = C:\WINDOWS\System32\accelerometerST.exe -- [2009.04.07 16:53:06 | 000,070,200 | ---- | M] (Hewlett-Packard Corporation)
"IAAnotif" = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe -- [2008.12.16 18:37:36 | 000,186,904 | ---- | M] (Intel Corporation)
"PDF Complete" = C:\Program Files\PDF Complete\pdfsty.exe -- [2009.06.18 08:07:04 | 000,563,736 | ---- | M] (PDF Complete Inc)
"HotKeysCmds" = C:\WINDOWS\system32\hkcmd.exe -- [2008.02.28 16:00:04 | 000,166,424 | ---- | M] (Intel Corporation)
"SynTPEnh" = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -- [2009.06.08 19:18:16 | 001,434,920 | ---- | M] (Synaptics Incorporated)
"WirelessAssistant" = C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe -- [2009.05.11 14:19:34 | 000,513,080 | ---- | M] (Hewlett-Packard)
"QlbCtrl.exe" = C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start -- [2009.04.15 07:57:32 | 000,181,816 | ---- | M] ( Hewlett-Packard Development Company, L.P.)
"SoundMAXPnP" = C:\Program Files\Analog Devices\Core\smax4pnp.exe -- [2009.04.14 16:58:24 | 001,044,480 | ---- | M] (Analog Devices, Inc.)
"LogMeIn GUI" = "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -- [2008.08.11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.)
"MSC" = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey -- [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation)
"SpywareTerminatorShield" = C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe -- [2011.11.22 04:20:52 | 002,779,824 | ---- | M] (Crawler.com)
"SpywareTerminatorUpdater" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe -- [2011.11.22 04:21:02 | 003,621,040 | ---- | M] (Crawler.com)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
"" =
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"" =
"Installed" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"" =
"Installed" = 1
"NoChange" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"" =
"Installed" = 1
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 07:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /s >
< >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
No captured output from command...
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
No captured output from command...
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
No captured output from command...
< type c:\boot.ini >> test.txt /c >
No captured output from command...]
< End of report >
moc tomu nerozumím,ale co to otl přesně je..a lavně koukám, že to sem napsalo něco co asi nemělo?
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Prosím o kntrolu logu HJT
Proč jsi vložil do OTL všechno, prosím Tě?! 
"Vlož tento script" znamená, abys vložil tento script, ne půlku naší konverzace. 
Kdo to má pak luštit, tohleto... Cracky nejsou zrovna dobrou cestou k bezpečnosti počítače. O autorských zákonech ani nemluvě. Spyware Terminator jsi neodebral ze spouštění po startu systému. Neodinstaloval jsi ten MBAM. Já ty návody nepíšu pro srandu králíkům. Uvolni místo na Ploše, máš tam příliš velké a příliš mnoho souborů. Adresář C:\Documents and Settings\Marek\Plocha by měl mít maximálně tak 300 MB, jinak Ti to bude dost brzdit systém. Přesuň si velké soubory jinam a na Ploše si nech jen zástupce. Znovu spusť OTL.
- Pokud používáš Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
- Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej.
- Do spodního okénka Vlastní skenování/opravy vlož tento skript:
Kód: Vybrat vše
:Commands
[emptytemp]
[emptyflash]
[resethosts]
[purity]
[clearallrestorepoints]
:OTL
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (0132421266410611mcinstcleanup) McAfee Application Installer Cleanup (0132421266410611)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60747
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60747
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60747
FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.7.0.6
FF - prefs.js..keyword.URL: "http://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60747&qkw="
[2011.10.10 07:24:29 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011.01.27 22:26:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\engine@conduit.com
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O21 - SSODL: PostBootReminder - - - No CLSID value found.
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\2be75d48d60d2d28e1d2cbc37ef44d0b\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\2be75d48d60d2d28e1d2cbc37ef44d0b\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\4679b1e98cd28b74c9df52151673233c\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\4679b1e98cd28b74c9df52151673233c\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\5f2e4a582e1005e1c41168befca21fcc\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\5f2e4a582e1005e1c41168befca21fcc\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
:Files
C:\Program Files\uTorrentBar
C:\Program Files\ConduitEngine
C:\Program Files\Ask.com
C:\WINDOWS\Tasks\MP Scheduled Scan.job
C:\Documents and Settings\Marek\Data aplikací\uTorrent\Kaspersky.Mobile.Secuirty.v8.0.51.S60v3.SymbianOS9.x.Unsigned.Cracked.iNTERNAL.Read.NFO-CODePDA.torrent /d
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
""=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
""=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
""=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
""=-
- Klikni na tlačítko [Opravit].
- Po dokončení skenu se objeví log, ten mi sem vlož.
- Pokud se log nevejde do jednoho příspěvku, rozděl jej na více částí.
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
-
radekradek@seznam.cz
- Návštěvník
- Příspěvky: 36
- Registrován: 11 pro 2011 23:02
Re: Prosím o kntrolu logu HJT
sorry,ale taky mi to bylo nějaký divný )..a už vím, kde se stala chyba.mimochodem..vše je jeak jsi mi řekl...odisntalovaný..a ten terminátor jsem zkoušel vypnout,ale nešlo to.¨vím, že to nepíšeš z legrace..a moc ti taky díky za pomoc
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Prosím o kntrolu logu HJT
Jo, já vím taky, kde se stala chyba. 
Ten Spyware Terminator musí jít odebrat z rezidentní ochrany někde v jeho vnitřních nastaveních.
Ten Spyware Terminator musí jít odebrat z rezidentní ochrany někde v jeho vnitřních nastaveních.
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
-
radekradek@seznam.cz
- Návštěvník
- Příspěvky: 36
- Registrován: 11 pro 2011 23:02
Re: Prosím o kntrolu logu HJT
OTL logfile created on: 25.12.2011 19:36:45 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Marek\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1015,36 Mb Total Physical Memory | 315,68 Mb Available Physical Memory | 31,09% Memory free
2,38 Gb Paging File | 1,82 Gb Available in Paging File | 76,35% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 115,68 Gb Free Space | 77,62% Space Free | Partition Type: NTFS
tak ted už by to mohlo být tak jak má..vrhám se na tu složku a na terminátor
Computer Name: SKBARTONI-NOTAS | User Name: Marek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2011.12.25 19:32:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marek\Plocha\OTL(3).exe
PRC - [2011.11.25 22:42:53 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.11.22 04:21:02 | 003,621,040 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2011.11.22 04:20:52 | 002,779,824 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2011.11.22 04:19:58 | 000,482,992 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\st_rsser.exe
PRC - [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010.12.08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2009.06.18 08:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009.04.07 16:53:06 | 000,070,200 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2008.12.16 18:37:46 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.12.16 18:37:36 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.12.11 14:23:08 | 001,456,768 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008.12.11 14:23:08 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.08.11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
========== Modules (No Company Name) ==========
MOD - [2011.12.24 15:45:54 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011.11.25 22:42:54 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011.10.15 12:19:14 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011.10.15 12:16:36 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011.10.15 12:07:34 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011.10.15 12:07:21 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011.10.15 12:06:41 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011.10.15 12:03:18 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011.10.15 12:02:47 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2009.12.20 18:46:40 | 000,327,680 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2009.12.12 15:12:04 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008.12.11 14:22:10 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008.12.11 14:20:20 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2008.04.14 07:51:48 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (0132421266410611mcinstcleanup) McAfee Application Installer Cleanup (0132421266410611)
SRV - [2011.11.22 04:19:58 | 000,482,992 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)
SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.12.08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010.12.08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010.11.08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009.06.18 08:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009.06.04 09:10:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\WINDOWS\system32\yk51x86.dll -- (yksvc)
SRV - [2008.12.16 18:37:46 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
========== Driver Services (SafeList) ==========
DRV - [2011.12.25 15:39:44 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{549C137D-439D-4F71-BD6A-9DE35D5041E8}\MpKsl77ebd8e2.sys -- (MpKsl77ebd8e2)
DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010.12.08 13:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010.02.17 15:11:54 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009.06.04 09:10:00 | 000,297,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2009.03.26 14:39:14 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009.03.19 10:40:10 | 000,009,216 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009.01.14 16:16:20 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2009.01.14 16:16:20 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009.01.14 16:16:18 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009.01.14 16:16:18 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009.01.14 16:16:18 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008.08.11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008.08.11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008.05.23 12:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008.05.23 12:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.03.28 12:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2001.10.24 11:04:44 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60747
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60747
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-692985342-3062466104-2030654951-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60747
IE - HKU\S-1-5-21-692985342-3062466104-2030654951-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-692985342-3062466104-2030654951-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..keyword.URL: "http://www.crawler.com/search/dispatche ... 60747&qkw="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.25 22:43:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.25 22:43:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6173\FF\
[2010.07.02 14:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Extensions
[2011.12.25 15:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions
[2010.07.23 20:58:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.10 07:24:29 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011.01.27 22:26:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\engine@conduit.com
[2011.12.24 01:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.11.14 22:42:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2011.03.13 17:23:26 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.03.13 17:23:26 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2011.03.13 17:23:26 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.03.13 17:23:26 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.03.13 17:23:26 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2004.08.18 09:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-692985342-3062466104-2030654951-1009\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-692985342-3062466104-2030654951-1009\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-692985342-3062466104-2030654951-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E41EB5B8-965E-4163-B089-737454CCE0AB}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O21 - SSODL: PostBootReminder - - - No CLSID value found.
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\HP Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Wallpaper.bmp
O32 - Unable to read "AutoRun" value or value not present!
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[CLEARALLRESTOREPOINTS]
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 7 Days ==========
[2011.12.25 19:32:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marek\Plocha\OTL(3).exe
[2011.12.24 16:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Data aplikací\Malwarebytes
[2011.12.24 16:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.12.24 15:50:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Marek\PrivacIE
[2011.12.24 15:42:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Marek\IETldCache
[2011.12.24 15:34:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011.12.24 15:28:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.12.24 15:17:56 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011.12.24 01:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Plocha\displayecard.php_soubory
[2010.02.17 13:28:23 | 000,203,312 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010.02.17 13:28:20 | 000,256,560 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2011.12.25 19:32:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marek\Plocha\OTL(3).exe
[2011.12.25 15:52:05 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.12.25 15:44:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.12.25 15:43:17 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.25 15:39:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.25 15:39:28 | 1064,751,104 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.25 09:03:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.12.24 15:46:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.12.24 15:01:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.24 01:19:50 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\displayecard.php.htm
[2011.12.24 00:49:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.12.25 15:52:05 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.12.24 01:19:49 | 000,002,155 | ---- | C] () -- C:\Documents and Settings\Marek\Plocha\displayecard.php.htm
[2011.11.05 12:28:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011.08.26 19:45:03 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.30 20:44:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.03.08 10:10:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.03.07 21:08:52 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
[2010.07.02 14:51:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.02.21 20:26:46 | 000,001,056 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\KGyGaAvL.sys
[2010.02.17 17:40:12 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\fusioncache.dat
[2010.02.17 16:44:02 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.02.17 13:28:23 | 001,765,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010.02.17 13:28:23 | 000,034,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010.02.17 13:28:23 | 000,027,184 | ---- | C] () -- C:\WINDOWS\snuvcdsm.exe
[2010.02.17 13:28:23 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2009.07.11 03:44:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.07.11 03:44:22 | 000,029,132 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.12.11 14:22:10 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2004.09.08 11:27:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004.09.08 11:26:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.09.08 11:22:54 | 000,444,810 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.09.08 11:22:54 | 000,441,772 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2004.09.08 11:22:54 | 000,084,388 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2004.09.08 11:22:54 | 000,072,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.09.08 11:16:56 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.09.08 11:11:36 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.09.08 11:09:04 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.18 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.18 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.18 09:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2004.08.18 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.18 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.18 09:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2004.08.18 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.18 09:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.18 09:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.18 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.05.28 09:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002.05.28 09:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== Custom Scans ==========
< :Commands >
< [emptytemp] >
< [emptyflash] >
< [resethosts] >
< [purity] >
< >
< :OTL >
< SRV - File not found [Disabled | Stopped] -- -- (HidServ) >
< SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) >
< SRV - File not found [Auto | Stopped] -- -- (0132421266410611mcinstcleanup) McAfee Application Installer Cleanup (0132421266410611) >
< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60747 >
Invalid Switch: sa_custo ... TbId=60747
< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60747 >
Invalid Switch: ie.aspx?tb_id=60747
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60747 >
Invalid Switch: dispatche ... p=aus&qkw=%s&tbid=60747
< FF - prefs.js..browser.search.defaultenginename: "Crawler Search" >
< FF - prefs.js..browser.search.order.1: "Crawler Search" >
< FF - prefs.js..browser.search.selectedEngine: "" >
< FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 >
< FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.7.0.6 >
< FF - prefs.js..keyword.URL: "http://www.crawler.com/search/dispatche ... 60747&qkw=" >
< [2011.10.10 07:24:29 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} >
< [2011.01.27 22:26:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\engine@conduit.com >
< File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B} >
< File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} >
< File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM >
< [2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml >
< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. >
< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. >
< O21 - SSODL: PostBootReminder - - - No CLSID value found. >
< [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] >
< [13 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ] >
< [1 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ] >
< [1 C:\WINDOWS\SoftwareDistribution\Download\2be75d48d60d2d28e1d2cbc37ef44d0b\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\2be75d48d60d2d28e1d2cbc37ef44d0b\*.tmp -> ] >
< [1 C:\WINDOWS\SoftwareDistribution\Download\4679b1e98cd28b74c9df52151673233c\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\4679b1e98cd28b74c9df52151673233c\*.tmp -> ] >
< [1 C:\WINDOWS\SoftwareDistribution\Download\5f2e4a582e1005e1c41168befca21fcc\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\5f2e4a582e1005e1c41168befca21fcc\*.tmp -> ] >
< [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] >
< >
< :Files >
< C:\Program Files\uTorrentBar >
< C:\Program Files\ConduitEngine >
< C:\Program Files\Ask.com >
< C:\WINDOWS\Tasks\MP Scheduled Scan.job >
[2011.12.25 15:44:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
< C:\Documents and Settings\Marek\Data aplikací\uTorrent\Kaspersky.Mobile.Secuirty.v8.0.51.S60v3.SymbianOS9.x.Unsigned.Cracked.iNTERNAL.Read.NFO-CODePDA.torrent /d >
Invalid Switch: d
< %windir%\system32\*.tmp.dll /s >
< %windir%\system32\SET*.tmp /s >
< %windir%\*.tmp /s >
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\2be75d48d60d2d28e1d2cbc37ef44d0b\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\2be75d48d60d2d28e1d2cbc37ef44d0b\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\4679b1e98cd28b74c9df52151673233c\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\4679b1e98cd28b74c9df52151673233c\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\5f2e4a582e1005e1c41168befca21fcc\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\5f2e4a582e1005e1c41168befca21fcc\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< >
< :Reg >
< [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] >
< ""=- >
< [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] >
< ""=- >
< [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] >
< ""=- >
< [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] >
< ""=- >
< End of report >
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Marek\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1015,36 Mb Total Physical Memory | 315,68 Mb Available Physical Memory | 31,09% Memory free
2,38 Gb Paging File | 1,82 Gb Available in Paging File | 76,35% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 115,68 Gb Free Space | 77,62% Space Free | Partition Type: NTFS
tak ted už by to mohlo být tak jak má..vrhám se na tu složku a na terminátor
Computer Name: SKBARTONI-NOTAS | User Name: Marek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2011.12.25 19:32:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marek\Plocha\OTL(3).exe
PRC - [2011.11.25 22:42:53 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.11.22 04:21:02 | 003,621,040 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2011.11.22 04:20:52 | 002,779,824 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2011.11.22 04:19:58 | 000,482,992 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\st_rsser.exe
PRC - [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010.12.08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2009.06.18 08:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009.04.07 16:53:06 | 000,070,200 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2008.12.16 18:37:46 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.12.16 18:37:36 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.12.11 14:23:08 | 001,456,768 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008.12.11 14:23:08 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.08.11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
========== Modules (No Company Name) ==========
MOD - [2011.12.24 15:45:54 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011.11.25 22:42:54 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011.10.15 12:19:14 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011.10.15 12:16:36 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011.10.15 12:07:34 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011.10.15 12:07:21 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011.10.15 12:06:41 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011.10.15 12:03:18 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011.10.15 12:02:47 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2009.12.20 18:46:40 | 000,327,680 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2009.12.12 15:12:04 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008.12.11 14:22:10 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008.12.11 14:20:20 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2008.04.14 07:51:48 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (0132421266410611mcinstcleanup) McAfee Application Installer Cleanup (0132421266410611)
SRV - [2011.11.22 04:19:58 | 000,482,992 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)
SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.12.08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010.12.08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010.11.08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009.06.18 08:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009.06.04 09:10:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\WINDOWS\system32\yk51x86.dll -- (yksvc)
SRV - [2008.12.16 18:37:46 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
========== Driver Services (SafeList) ==========
DRV - [2011.12.25 15:39:44 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{549C137D-439D-4F71-BD6A-9DE35D5041E8}\MpKsl77ebd8e2.sys -- (MpKsl77ebd8e2)
DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010.12.08 13:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010.02.17 15:11:54 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009.06.04 09:10:00 | 000,297,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2009.03.26 14:39:14 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009.03.19 10:40:10 | 000,009,216 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009.01.14 16:16:20 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2009.01.14 16:16:20 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009.01.14 16:16:18 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009.01.14 16:16:18 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009.01.14 16:16:18 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008.08.11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008.08.11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008.05.23 12:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008.05.23 12:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.03.28 12:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2001.10.24 11:04:44 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60747
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60747
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-692985342-3062466104-2030654951-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60747
IE - HKU\S-1-5-21-692985342-3062466104-2030654951-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-692985342-3062466104-2030654951-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..keyword.URL: "http://www.crawler.com/search/dispatche ... 60747&qkw="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.25 22:43:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.25 22:43:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6173\FF\
[2010.07.02 14:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Extensions
[2011.12.25 15:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions
[2010.07.23 20:58:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.10 07:24:29 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011.01.27 22:26:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\engine@conduit.com
[2011.12.24 01:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.11.14 22:42:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2011.03.13 17:23:26 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.03.13 17:23:26 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2011.03.13 17:23:26 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.03.13 17:23:26 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.03.13 17:23:26 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2004.08.18 09:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-692985342-3062466104-2030654951-1009\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-692985342-3062466104-2030654951-1009\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-692985342-3062466104-2030654951-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E41EB5B8-965E-4163-B089-737454CCE0AB}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O21 - SSODL: PostBootReminder - - - No CLSID value found.
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\HP Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Wallpaper.bmp
O32 - Unable to read "AutoRun" value or value not present!
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[CLEARALLRESTOREPOINTS]
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 7 Days ==========
[2011.12.25 19:32:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marek\Plocha\OTL(3).exe
[2011.12.24 16:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Data aplikací\Malwarebytes
[2011.12.24 16:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.12.24 15:50:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Marek\PrivacIE
[2011.12.24 15:42:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Marek\IETldCache
[2011.12.24 15:34:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011.12.24 15:28:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.12.24 15:17:56 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011.12.24 01:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Plocha\displayecard.php_soubory
[2010.02.17 13:28:23 | 000,203,312 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010.02.17 13:28:20 | 000,256,560 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2011.12.25 19:32:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marek\Plocha\OTL(3).exe
[2011.12.25 15:52:05 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.12.25 15:44:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.12.25 15:43:17 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.25 15:39:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.25 15:39:28 | 1064,751,104 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.25 09:03:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.12.24 15:46:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.12.24 15:01:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.24 01:19:50 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\displayecard.php.htm
[2011.12.24 00:49:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.12.25 15:52:05 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.12.24 01:19:49 | 000,002,155 | ---- | C] () -- C:\Documents and Settings\Marek\Plocha\displayecard.php.htm
[2011.11.05 12:28:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011.08.26 19:45:03 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.30 20:44:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.03.08 10:10:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.03.07 21:08:52 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
[2010.07.02 14:51:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.02.21 20:26:46 | 000,001,056 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\KGyGaAvL.sys
[2010.02.17 17:40:12 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\fusioncache.dat
[2010.02.17 16:44:02 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.02.17 13:28:23 | 001,765,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010.02.17 13:28:23 | 000,034,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010.02.17 13:28:23 | 000,027,184 | ---- | C] () -- C:\WINDOWS\snuvcdsm.exe
[2010.02.17 13:28:23 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2009.07.11 03:44:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.07.11 03:44:22 | 000,029,132 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.12.11 14:22:10 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2004.09.08 11:27:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004.09.08 11:26:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.09.08 11:22:54 | 000,444,810 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.09.08 11:22:54 | 000,441,772 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2004.09.08 11:22:54 | 000,084,388 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2004.09.08 11:22:54 | 000,072,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.09.08 11:16:56 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.09.08 11:11:36 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.09.08 11:09:04 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.18 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.18 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.18 09:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2004.08.18 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.18 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.18 09:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2004.08.18 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.18 09:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.18 09:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.18 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.05.28 09:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002.05.28 09:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== Custom Scans ==========
< :Commands >
< [emptytemp] >
< [emptyflash] >
< [resethosts] >
< [purity] >
< >
< :OTL >
< SRV - File not found [Disabled | Stopped] -- -- (HidServ) >
< SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) >
< SRV - File not found [Auto | Stopped] -- -- (0132421266410611mcinstcleanup) McAfee Application Installer Cleanup (0132421266410611) >
< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60747 >
Invalid Switch: sa_custo ... TbId=60747
< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60747 >
Invalid Switch: ie.aspx?tb_id=60747
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60747 >
Invalid Switch: dispatche ... p=aus&qkw=%s&tbid=60747
< FF - prefs.js..browser.search.defaultenginename: "Crawler Search" >
< FF - prefs.js..browser.search.order.1: "Crawler Search" >
< FF - prefs.js..browser.search.selectedEngine: "" >
< FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 >
< FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.7.0.6 >
< FF - prefs.js..keyword.URL: "http://www.crawler.com/search/dispatche ... 60747&qkw=" >
< [2011.10.10 07:24:29 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} >
< [2011.01.27 22:26:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\engine@conduit.com >
< File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B} >
< File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} >
< File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM >
< [2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml >
< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. >
< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. >
< O21 - SSODL: PostBootReminder - - - No CLSID value found. >
< [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] >
< [13 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ] >
< [1 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ] >
< [1 C:\WINDOWS\SoftwareDistribution\Download\2be75d48d60d2d28e1d2cbc37ef44d0b\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\2be75d48d60d2d28e1d2cbc37ef44d0b\*.tmp -> ] >
< [1 C:\WINDOWS\SoftwareDistribution\Download\4679b1e98cd28b74c9df52151673233c\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\4679b1e98cd28b74c9df52151673233c\*.tmp -> ] >
< [1 C:\WINDOWS\SoftwareDistribution\Download\5f2e4a582e1005e1c41168befca21fcc\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\5f2e4a582e1005e1c41168befca21fcc\*.tmp -> ] >
< [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] >
< >
< :Files >
< C:\Program Files\uTorrentBar >
< C:\Program Files\ConduitEngine >
< C:\Program Files\Ask.com >
< C:\WINDOWS\Tasks\MP Scheduled Scan.job >
[2011.12.25 15:44:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
< C:\Documents and Settings\Marek\Data aplikací\uTorrent\Kaspersky.Mobile.Secuirty.v8.0.51.S60v3.SymbianOS9.x.Unsigned.Cracked.iNTERNAL.Read.NFO-CODePDA.torrent /d >
Invalid Switch: d
< %windir%\system32\*.tmp.dll /s >
< %windir%\system32\SET*.tmp /s >
< %windir%\*.tmp /s >
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\2be75d48d60d2d28e1d2cbc37ef44d0b\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\2be75d48d60d2d28e1d2cbc37ef44d0b\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\4679b1e98cd28b74c9df52151673233c\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\4679b1e98cd28b74c9df52151673233c\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\5f2e4a582e1005e1c41168befca21fcc\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\5f2e4a582e1005e1c41168befca21fcc\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< >
< :Reg >
< [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] >
< ""=- >
< [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] >
< ""=- >
< [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] >
< ""=- >
< [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] >
< ""=- >
< End of report >
-
radekradek@seznam.cz
- Návštěvník
- Příspěvky: 36
- Registrován: 11 pro 2011 23:02
Re: Prosím o kntrolu logu HJT
jo mezi klávesnicí a židlíMc_Murphy píše:Jo, já vím taky, kde se stala chyba.
Ten Spyware Terminator musí jít odebrat z rezidentní ochrany někde v jeho vnitřních nastaveních.
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Prosím o kntrolu logu HJT
Ano, to je... vůbec nečteš, co Ti píšu... klinul jsi na [Prohledat], ne na [Opravit]...radekradek@seznam.cz píše:jo mezi klávesnicí a židlí
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Přispějete na provoz fóra?