OTL druhá část:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.25 22:43:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.25 22:43:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6173\FF\
[2010.07.02 14:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Extensions
[2011.12.25 15:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions
[2010.07.23 20:58:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.10 07:24:29 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011.01.27 22:26:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\
engine@conduit.com
[2011.12.24 01:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.11.14 22:42:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\MO03I2F3.DEFAULT\EXTENSIONS\
ENGINE@CONDUIT.COM
[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2011.03.13 17:23:26 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.03.13 17:23:26 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2011.03.13 17:23:26 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.03.13 17:23:26 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.03.13 17:23:26 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2004.08.18 09:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E41EB5B8-965E-4163-B089-737454CCE0AB}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O21 - SSODL: PostBootReminder - - - No CLSID value found.
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\HP Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Wallpaper.bmp
O32 - Unable to read "AutoRun" value or value not present!
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2011.12.24 16:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Data aplikací\Malwarebytes
[2011.12.24 16:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.12.24 16:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.12.24 16:22:06 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.24 16:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.24 15:50:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Marek\PrivacIE
[2011.12.24 15:42:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Marek\IETldCache
[2011.12.24 15:34:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011.12.24 15:28:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.12.24 15:17:56 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011.12.24 01:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Plocha\displayecard.php_soubory
[2010.02.17 13:28:23 | 000,203,312 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010.02.17 13:28:20 | 000,256,560 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2011.12.25 15:52:05 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.12.25 15:44:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.12.25 15:43:17 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.25 15:39:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.25 15:39:28 | 1064,751,104 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.25 09:03:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.12.24 16:22:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.12.24 15:46:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.12.24 15:01:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.24 01:19:50 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\displayecard.php.htm
[2011.12.24 00:49:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.12.18 19:38:10 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.12.25 15:52:05 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.12.24 16:22:14 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.12.24 01:19:49 | 000,002,155 | ---- | C] () -- C:\Documents and Settings\Marek\Plocha\displayecard.php.htm
[2011.11.05 12:28:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011.08.26 19:45:03 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.30 20:44:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.03.08 10:10:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.03.07 21:08:52 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
[2010.07.02 14:51:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.02.21 20:26:46 | 000,001,056 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\KGyGaAvL.sys
[2010.02.17 17:40:12 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\fusioncache.dat
[2010.02.17 16:44:02 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.02.17 13:28:23 | 001,765,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010.02.17 13:28:23 | 000,034,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010.02.17 13:28:23 | 000,027,184 | ---- | C] () -- C:\WINDOWS\snuvcdsm.exe
[2010.02.17 13:28:23 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2009.07.11 03:44:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.07.11 03:44:22 | 000,029,132 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.12.11 14:22:10 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2004.09.08 11:27:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004.09.08 11:26:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.09.08 11:22:54 | 000,444,810 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.09.08 11:22:54 | 000,441,772 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2004.09.08 11:22:54 | 000,084,388 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2004.09.08 11:22:54 | 000,072,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.09.08 11:16:56 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.09.08 11:11:36 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.09.08 11:09:04 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.18 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.18 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.18 09:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2004.08.18 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.18 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.18 09:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2004.08.18 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.18 09:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.18 09:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.18 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.05.28 09:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002.05.28 09:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2011.12.24 17:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LogMeIn
[2011.12.21 07:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PDFC
[2011.12.25 14:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2011.01.22 13:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Mikrotik
[2011.05.04 19:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\PriceGong
[2011.11.05 12:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Spyware Terminator
[2011.07.21 12:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\uTorrent
[2011.12.25 15:44:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ==========
========== Custom Scans ==========
< >
< VIRY.CZ >
< * Odhlásit [ radekradek@seznam.cz ] * 0 nových zpráv * FAQ * Hledat * Členové * Uživatelský panel >
< Poslední návštěva: včera, 17:10 Právě je 25 pro 2011 15:45 >
< >
< Vyhledat témata bez odpovědí | Zobrazit aktivní témata Zobrazit nepřečtené příspěvky | Zobrazit nové příspěvky | Zobrazit vaše příspěvky >
< >
< Obsah fóra » Havěť - viry, spyware, rootkity » Řešení problémů, logy >
< >
< Všechny časy jsou v UTC + 1 hodina >
< >
< Pravidla fóra >
< >
< Pokud chcete pomoc, vložte log z RSIT: viewtopic.php?f=13&t=105895 >
< >
< Prosím o kntrolu logu HJT >
< >
< Moderátor: Moderátoři >
< >
< >
< Odeslat nové téma Odpovědět na téma Stránka 1 z 1 >
< [ Příspěvků: 6 ] >
< Ukončit sledování tohoto tématu | Přidat do záložek | Verze pro tisk | Napsat e-mail Předchozí téma | Následující téma >
< Autor Zpráva >
< radekradek@seznam.cz >
< Předmět příspěvku: Prosím o kntrolu logu HJT >
< PříspěvekNapsal: 11 pro 2011 23:09 >
< Online >
< Návštěvník >
< Návštěvník >
< >
< Registrován: 11 pro 2011 23:02 >
< Příspěvky: 3 >
< Dobrý večer, >
< >
< prosím o kontrolu logu velmi pomalé PC, dochází k vytuhnutí a podobným věcem, pokud jsou třeba další informace, rád je dodám,ale nevím co je vše třeba. \předem díky >
< >
< Logfile of Trend Micro HijackThis v2.0.4 >
< Scan saved at 22:56:30, on 11.12.2011 >
< Platform: Windows XP SP3 (WinNT 5.01.2600) >
< MSIE: Internet Explorer v7.00 (7.00.6000.17103) >
< Boot mode: Normal >
< >
< Running processes: >
< C:\WINDOWS\System32\smss.exe >
[2008.04.14 07:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smss.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
< C:\WINDOWS\system32\winlogon.exe >
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\WINDOWS\system32\services.exe >
[2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\WINDOWS\system32\lsass.exe >
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\WINDOWS\system32\svchost.exe >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe >
[2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
< C:\WINDOWS\System32\svchost.exe >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
< C:\WINDOWS\System32\svchost.exe >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
< C:\WINDOWS\system32\spoolsv.exe >
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe >
[2010.12.08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
< C:\Program Files\PDF Complete\pdfsvc.exe >
[2009.06.18 08:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
< c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe >
[2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
< C:\Program Files\Spyware Terminator\st_rsser.exe >
[2011.11.22 04:19:58 | 000,482,992 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\st_rsser.exe
< C:\WINDOWS\system32\svchost.exe >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe >
[2008.12.16 18:37:46 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
< C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe >
[2008.12.11 14:23:08 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
< C:\WINDOWS\Explorer.EXE >
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
< C:\WINDOWS\System32\accelerometerST.exe >
[2009.04.07 16:53:06 | 000,070,200 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\accelerometerST.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
< C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe >
[2008.12.16 18:37:36 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
< C:\WINDOWS\system32\hkcmd.exe >
[2008.02.28 16:00:04 | 000,166,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\WINDOWS\system32\igfxpers.exe >
[2008.02.28 16:00:14 | 000,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\Program Files\Synaptics\SynTP\SynTPEnh.exe >
[2009.06.08 19:18:16 | 001,434,920 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
< C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe >
[2009.05.11 14:19:34 | 000,513,080 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
< C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe >
[2009.04.15 07:57:32 | 000,181,816 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
< C:\Program Files\Analog Devices\Core\smax4pnp.exe >
[2009.04.14 16:58:24 | 001,044,480 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
< C:\WINDOWS\system32\igfxsrvc.exe >
[2008.02.28 16:00:16 | 000,256,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\Program Files\LogMeIn\x86\LogMeInSystray.exe >
[2008.08.11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
< C:\Program Files\Microsoft Security Client\msseces.exe >
[2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
< C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe >
[2008.10.23 11:46:02 | 000,223,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
< C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe >
[2011.11.22 04:20:52 | 002,779,824 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
< C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe >
[2009.04.23 15:48:56 | 000,239,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
< C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe >
[2011.11.22 04:21:02 | 003,621,040 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
< C:\WINDOWS\system32\ctfmon.exe >
[2008.04.14 07:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\Program Files\Skype\Phone\Skype.exe >
[2011.10.13 09:27:14 | 017,351,304 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
< C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe >
[2008.12.11 14:23:08 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
< C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe >
[2008.10.22 09:32:20 | 000,628,016 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
< C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE >
[2008.12.11 14:23:08 | 001,456,768 | ---- | M] (Broadcom Corporation.) -- C:\PROGRA~1\WIDCOMM\BLUETO~1\BTStackServer.exe
< C:\Program Files\Mozilla Firefox\firefox.exe >
[2011.11.25 22:42:53 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
< C:\Program Files\Mozilla Firefox\plugin-container.exe >
[2011.11.25 22:42:57 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
< C:\WINDOWS\system32\msiexec.exe >
[2008.05.19 00:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msiexec.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe >
[2010.03.25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
< >
< R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com >
Invalid Switch: search.live.com
< R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb >
Invalid Switch: rdr?TYPE= ... ll&pf=cmnb
< R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 >
Invalid Switch: ?LinkId=69157
< R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 >
Invalid Switch: ?LinkId=54896
< R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 >
Invalid Switch: ?LinkId=54896
< R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 >
Invalid Switch: ?LinkId=69157
< R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx >
Invalid Switch: sphome.aspx
< R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb >
Invalid Switch: rdr?TYPE= ... ll&pf=cmnb
< R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy >
< R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll >
< O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll >
< O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll >
< O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) >
< O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll >
< O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll >
< O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll >
< O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll >
< O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) >
< O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll >
< O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll >
< O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll >
< O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\System32\accelerometerST.exe >
< O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe >
< O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe >
< O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe >
< O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe >
< O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe >
< O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe >
< O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe >
< O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start >
Invalid Switch: Start
< O4 - HKLM\..\Run: [zCpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe >
< O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe >
< O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray >
Invalid Switch: tray
< O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" >
< O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" >
< O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" >
< O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey >
< O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" >
< O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe >
< O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe >
< O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe >
< O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized >
< O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') >
< O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') >
< O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') >
< O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') >
< O4 - Global Startup: Bluetooth.lnk = ? >
< O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 >
< O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm >
< O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm >
< O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll >
< O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll >
< O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL >
< O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm >
< O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm >
< O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe >
< O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe >
< O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe >
< O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe >
< O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb >
Invalid Switch: rdr?TYPE=3&tp=iehome&locale=cs_cz&c=92&bd=all&pf=cmnb
< O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll >
< O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll >
< O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll >
< O23 - Service: McAfee Application Installer Cleanup (0132421266410611) (0132421266410611mcinstcleanup) - Unknown owner - C:\DOCUME~1\admin\LOCALS~1\Temp\013242~1.EXE (file missing) >
< O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe >
< O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe >
< O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe >
< O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe >
< O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe >
< O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe >
< O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe >
< O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe >
< >
< -- >
< End of file - 10280 bytes >
< >
< >
< Naposledy upravil vyosek dne 12 pro 2011 12:10, celkově upraveno 1 >
< log odstranen z quote >
< >
< >
< Ohlásit tento příspěvek >
< Nahoru >
< Profil Poslat soukromou zprávu >
< Upravit příspěvek Odpovědět s citací >
< Mc_Murphy >
< Předmět příspěvku: Re: Prosím o kntrolu logu HJT >
< PříspěvekNapsal: 12 pro 2011 06:35 >
< Online >
< Rádce >
< Rádce >
< Uživatelský avatar >
< >
< Registrován: 03 lis 2008 15:55 >
< Příspěvky: 2248 >
< Bydliště: Plzeň [ZČ] >
< Zdravím. 
>
< >
< Dej mi minutku, hnedle se na to mrknu. 
>
< >
< _________________ >
< Obrázek >> členem od 24. prosince 2011 << >
< Obrázek Obrázek >
< >
< >> We are the folk and we have the right to stand up and to fight for an independent life. >
< >> We are the force, we are the might and we will stand up for an independent life. >
< >> Ve Vánočním čase jsem aktivní jen sporadicky. Mám Vánoce stejně jako VY a stejně jako mí vážení kolegové, tak to prosím tolerujte, buďte tak mlaskavi. 
>
< >
< >
< Ohlásit tento příspěvek >
< Nahoru >
< Profil Poslat soukromou zprávu >
< Odpovědět s citací >
< Mc_Murphy >
< Předmět příspěvku: Re: Prosím o kntrolu logu HJT >
< PříspěvekNapsal: 12 pro 2011 06:51 >
< Online >
< Rádce >
< Rádce >
< Uživatelský avatar >
< >
< Registrován: 03 lis 2008 15:55 >
< Příspěvky: 2248 >
< Bydliště: Plzeň [ZČ] >
< 
Tak jako první by bylo dobré, aby sis pročetl pravidla našeho fóra. Zjistili bys totiž, mimo jiné, že už delší dobu nepoužíváme jako úvodní scan HJT, ale RSIT, je podrobnější. Mno ale něco s tím uděláme. >
< Takže v nabídce Přidat nebo odebrat programy odinstaluj všechny nepotřebné toolbary! Jsou to veliká "zdržovadla" systému a v případě například Ask.com Toolbar, Conduit Engine a dalších se dá hovořit už i o havěti. Máš jich tam na můj vkus dost. >
< Aktualizuj MS Internet Explorer na poslední verzi. I když používáš prohlížeč Mozilla Firefox, aktualizace řeší spoustu problémů i v systému samotném. >
< Spyware Terminator odeber v jeho nastaveních ze spouštění po startu a ponech si jej pouze na občasné scany. Jako antivir tam máš MSE, tak doufám, že u Spyware Terminator nemáš aktivovanou antivirovou ochranu - dva antiviry v počítači způsobují kolize. >
< Odeber program Skype v jeho nastaveních ze spouštění po startu systému a spouštěj ho ručně podle potřeby. >
< >
< 
Logy prosím nevkládej do Quote ani do Code, nedá se to číst!! >
< >
< >
< Fixni v HJT tyto položky: >
< >
< R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com >
Invalid Switch: search.live.com
< R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb >
Invalid Switch: rdr?TYPE= ... ll&pf=cmnb
< R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx >
Invalid Switch: sphome.aspx
< R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb >
Invalid Switch: rdr?TYPE= ... ll&pf=cmnb
< R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll >
< O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll >
< O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll >
< O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) >
< O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll >
< O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll >
< O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) >
< O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll >
< O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll >
< O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll >
< O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe >
< O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe >
< O4 - HKLM\..\Run: [zCpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe >
< O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray >
Invalid Switch: tray
< O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" >
< O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" >
< O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" >
< O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') >
< O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') >
< O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') >
< O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') >
< O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb >
Invalid Switch: rdr?TYPE=3&tp=iehome&locale=cs_cz&c=92&bd=all&pf=cmnb
< >
< "Fixnout" znamená, že spustíš HJT, zvolíš možnost [Do a system scan only] a zaškrtneš čtvereček vlevo od mnou vypsaných položek. Poté klikneš na [Fix checked] a odsouhlasíš [ANO]. >
< HJT najdeš zde: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe >
< >
< Dále stáhni a nainstaluj Malwarebytes' Anti-Malware (zkráceně MBAM) podle návodu z tohoto topicu. >
< >
< * Proveď aktualizaci virové databáze. >
< * V záložce Kontrolor zvol Úplná kontrola a zaškrtni všechny pevné disky, které máš na počítači. >
< * Předem nic nemaž!! >
< * MBAM mívá občas falešné detekce, proto vlož jeho log do příspěvku a počkej na posouzení! >
< >
< >
< _________________ >
< Obrázek >> členem od 24. prosince 2011 << >
< Obrázek Obrázek >
< >
< >> We are the folk and we have the right to stand up and to fight for an independent life. >
< >> We are the force, we are the might and we will stand up for an independent life. >
< >> Ve Vánočním čase jsem aktivní jen sporadicky. Mám Vánoce stejně jako VY a stejně jako mí vážení kolegové, tak to prosím tolerujte, buďte tak mlaskavi. >
< >
< >
< Ohlásit tento příspěvek >
< Nahoru >
< Profil Poslat soukromou zprávu >
< Odpovědět s citací >
< radekradek@seznam.cz >
< Předmět příspěvku: Re: Prosím o kntrolu logu HJT >
< PříspěvekNapsal: včera, 14:27 >
< Online >
< Návštěvník >
< Návštěvník >
< >
< Registrován: 11 pro 2011 23:02 >
< Příspěvky: 3 >
< díky díky, vrhám se na to 
..a omlouvám se za to vložení.. >
< >
< >
< Ohlásit tento příspěvek >
< Nahoru >
< Profil Poslat soukromou zprávu >
< Upravit příspěvek Odpovědět s citací >
< radekradek@seznam.cz >
< Předmět příspěvku: Re: Prosím o kntrolu logu HJT >
< PříspěvekNapsal: včera, 17:10 >
< Online >
< Návštěvník >
< Návštěvník >
< >
< Registrován: 11 pro 2011 23:02 >
< Příspěvky: 3 >
< tak jsem udělal snad vše co je zde napsáno. >
< zde je log.Malwarebytes' Anti-Malware >
< http://www.malwarebytes.org >
< >
< Verze databáze: >
< >
< Windows 5.1.2600 Service Pack 3 >
< Internet Explorer 8.0.6001.18702 >
< >
< 24.12.2011 17:08:26 >
< mbam-log-2011-12-24 (17-08-12).txt >
< >
< Typ: Úplná kontrola (C:\|) >
< Kontrolované objekty: 224320 >
< Uplynulý čas: 41 minut, 53 sekund >
< >
< Infikované procesy v paměti: 0 >
< Infikované moduly v paměti: 0 >
< Infikované klíče v registru: 0 >
< Infikované hodnoty v registru: 0 >
< Infikované datové položky v registru: 1 >
< Infikované složky: 0 >
< Infikované soubory: 0 >
< >
< Infikované procesy v paměti: >
< (Žádné škodlivé položky nebyly zjištěny) >
< >
< Infikované moduly v paměti: >
< (Žádné škodlivé položky nebyly zjištěny) >
< >
< Infikované klíče v registru: >
< (Žádné škodlivé položky nebyly zjištěny) >
< >
< Infikované hodnoty v registru: >
< (Žádné škodlivé položky nebyly zjištěny) >
< >
< Infikované datové položky v registru: >
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken. >
< >
< Infikované složky: >
< (Žádné škodlivé položky nebyly zjištěny) >
< >
< Infikované soubory: >
< (Žádné škodlivé položky nebyly zjištěny) >
< >
< >
< Ohlásit tento příspěvek >
< Nahoru >
< Profil Poslat soukromou zprávu >
< Upravit příspěvek Odpovědět s citací >
< Mc_Murphy >
< Předmět příspěvku: Re: Prosím o kntrolu logu HJT >
< PříspěvekNapsal: dnes, 10:01 >
< Online >
< Rádce >
< Rádce >
< Uživatelský avatar >
< >
< Registrován: 03 lis 2008 15:55 >
< Příspěvky: 2248 >
< Bydliště: Plzeň [ZČ] >
< Nález MBAMu dej odstranit a poté můžeš MBAM odinstalovat. >
< >
< 
Provedl jsi vše, co jsem Ti psal? Jestli ano, hoď mi sem ještě log z OTL. >
< >
< Stáhni OTL z tohoto odkazu a ulož jej na Plochu. >
< >
< * Pokud používáš Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce. >
< * Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej. >
< * Zaškrtni okénko Pro všechny uživatele. >
< * Zaškrtni okénko Kontrola na havěť "LOP". >
< * Zaškrtni okénko Kontrola na havěť "Purity". >
< * Stáři souborů změň z 30 dnů na 7 dnů! >
< * Do spodního okénka Vlastní skenování/opravy vlož tento script: >
Invalid Switch: opravy vlož tento script:
< >
< Kód: >
< >
< netsvc >
< >
< MD5 for: ATAPI.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004.08.18 09:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 07:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 07:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.18 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\i386\AUTOCHK.EXE
< MD5 for: CDROM.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\i386\sp2.cab:cdrom.sys
[2004.08.18 09:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\i386\sp2.cab:hal.dll
[2004.08.18 09:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 23:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 23:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SVCHOST.EXE >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.13 23:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 23:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< >
< %systemroot%*.* /U /s >
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\2be75d48d60d2d28e1d2cbc37ef44d0b\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\2be75d48d60d2d28e1d2cbc37ef44d0b\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\4679b1e98cd28b74c9df52151673233c\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\4679b1e98cd28b74c9df52151673233c\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\5f2e4a582e1005e1c41168befca21fcc\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\5f2e4a582e1005e1c41168befca21fcc\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.09.20 09:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Adobe
[2010.02.21 20:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\CorelHomeOffice
[2009.07.11 04:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\hpqLog
[2009.07.11 12:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Identities
[2009.07.11 04:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\InstallShield
[2010.02.18 13:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Macromedia
[2011.12.24 16:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Malwarebytes
[2011.12.11 22:55:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Marek\Data aplikací\Microsoft
[2011.01.22 13:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Mikrotik
[2010.07.02 14:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Mozilla
[2011.05.04 19:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\PriceGong
[2009.07.11 04:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\SiteAdvisor
[2011.12.24 14:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Skype
[2011.07.08 19:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\skypePM
[2011.11.05 12:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Spyware Terminator
[2011.07.21 12:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\uTorrent
[2010.03.16 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
[2011.12.11 22:55:55 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Marek\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job >
[2011.12.25 15:44:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004.09.08 13:00:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004.09.08 13:00:50 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004.09.08 13:00:50 | 000,471,040 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2011.12.24 00:49:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\system32\d3d9caps.dat
[2011.12.24 15:46:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
[2011.12.24 15:01:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %userprofile%\Plocha\*.* >
[2011.11.08 20:18:49 | 001,849,306 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\A5 publikace_web.pdf
[2011.08.25 10:31:44 | 461,842,026 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Barbie a tri muskatyti.cz.avi
[2011.08.25 11:01:46 | 733,968,004 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Barbie Tajemství víl Novinky 2011 cz dabing.avi
[2011.10.04 10:54:00 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Cíle práce.doc
[2011.12.24 01:19:50 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\displayecard.php.htm
[2011.10.11 07:23:34 | 000,085,550 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\ec-cernymost.pdf
[2011.11.16 21:23:44 | 000,072,949 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\H4152295064511_101147962.pdf
[2011.12.11 22:55:50 | 000,001,978 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\HiJackThis.lnk
[2011.12.11 21:03:33 | 004,662,784 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Katka BAK konecna.doc
[2011.11.07 20:10:00 | 004,423,680 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\katka bakalářka důležité.doc 2.doc3.doc
[2011.10.30 10:47:00 | 003,757,056 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\katka bakalářka.doc odeslat.doc
[2011.08.26 19:56:07 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\KMPlayer.lnk
[2011.11.21 19:05:05 | 000,066,119 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\kupon_6643470818.pdf
[2011.12.24 17:08:26 | 000,001,138 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\mbam-log-2011-12-24 (17-08-12).txt
[2011.11.23 08:29:36 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Metodika práce.doc
[2010.07.02 14:51:12 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Mozilla Firefox.lnk
[2010.07.02 21:31:13 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Outlook.lnk
[2011.10.23 21:20:46 | 000,067,812 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\resource.pdf
[2010.02.21 15:58:01 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Tento počítač.lnk
[2011.12.12 21:31:27 | 000,188,185 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\voucher-1050526.pdf
[2010.06.22 08:00:58 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Marek\Plocha\~$26_AN120064_002_CS- Návod k obsluhe pre koncový vypína zdvihu ABUS.doc
[2010.06.22 07:56:43 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Marek\Plocha\~$26_AN120064_002_CS.doc
[2010.06.22 07:50:22 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Marek\Plocha\~$nové.doc
[2011.01.25 14:20:18 | 733,325,046 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\Čarodějův učeň 2010.avi
< %userprofile%\Desktop\*.* >
< %ALLUSERSPROFILE%\Plocha\*.* >
[2011.10.10 07:21:39 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2011.12.24 16:22:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.11.21 19:46:35 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2011.12.12 21:20:02 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Spyware Terminator 2012.lnk
< %ALLUSERSPROFILE%\Desktop\*.* >
< *crack* /s >
[2011.01.27 22:29:35 | 000,000,698 | ---- | M] () -- \Documents and Settings\Marek\Data aplikací\uTorrent\Kaspersky.Mobile.Secuirty.v8.0.51.S60v3.SymbianOS9.x.Unsigned.Cracked.iNTERNAL.Read.NFO-CODePDA.torrent
< *keygen* /s >
< *loader* /s >
[2011.10.02 11:57:40 | 000,010,144 | ---- | M] () -- \Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\mo03i2f3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\ExternalLibraryLoader.jsm
[2004.08.18 14:00:00 | 000,017,423 | ---- | M] () -- \i386\DMLOADER.DL_
[2004.08.18 14:00:00 | 000,115,153 | ---- | M] () -- \i386\OSLOADER.EX_
[2004.08.18 14:00:00 | 000,132,757 | ---- | M] () -- \i386\OSLOADER.NT_
[2006.10.26 12:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.dll
[2006.10.26 12:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.tlb
[2008.02.25 07:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2009.12.12 15:12:04 | 000,045,056 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2008.10.07 18:53:46 | 000,200,704 | ---- | M] () -- \Swsetup\HPQATTAgent\program files\AT&T\Service Activation\loader.dll
[2008.10.07 18:53:50 | 000,196,608 | ---- | M] () -- \Swsetup\HPQATTAgent\program files\AT&T\Service Activation\nwtcdmaloader.dll
[2008.10.07 18:53:46 | 000,200,704 | ---- | M] () -- \Swsetup\wwandrv1\HPQATTAgent\program files\AT&T\Service Activation\loader.dll
[2008.10.07 18:53:50 | 000,196,608 | ---- | M] () -- \Swsetup\wwandrv1\HPQATTAgent\program files\AT&T\Service Activation\nwtcdmaloader.dll
[2008.04.14 07:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 23:01:48 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 23:01:50 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 07:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *KMSEmulator* /s >
< *activator* /s >
< *serial* /s >
[2004.08.18 14:00:00 | 000,024,957 | ---- | M] () -- \i386\DPSERIAL.DL_
[2004.08.18 14:00:00 | 000,030,301 | ---- | M] () -- \i386\SERIAL.SY_
[2004.08.18 14:00:00 | 000,006,549 | ---- | M] () -- \i386\SERIALUI.DL_
[2010.04.07 22:48:30 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2008.10.07 18:53:52 | 000,143,360 | ---- | M] () -- \Swsetup\HPQATTAgent\program files\AT&T\Service Activation\rim_serial.dll
[2008.10.07 18:53:52 | 000,167,936 | ---- | M] () -- \Swsetup\HPQATTAgent\program files\AT&T\Service Activation\rim_serialV2.dll
[2008.10.07 18:53:52 | 000,143,360 | ---- | M] () -- \Swsetup\wwandrv1\HPQATTAgent\program files\AT&T\Service Activation\rim_serial.dll
[2008.10.07 18:53:52 | 000,167,936 | ---- | M] () -- \Swsetup\wwandrv1\HPQATTAgent\program files\AT&T\Service Activation\rim_serialV2.dll
[2004.09.08 11:20:12 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.5000.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.02.18 16:46:59 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2011.10.15 12:00:48 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.07.02 15:16:12 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2011.08.13 22:56:56 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\21248037960cf6dfa2ce401d355bd6c9\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2011.10.15 12:19:12 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2011.10.15 12:15:18 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
[2011.08.13 20:51:38 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dece01bd9e9c32e47630fdfc78d3bd32\System.Runtime.Serialization.ni.dll
[2004.07.15 14:31:54 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
[2003.04.07 13:24:52 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2008.07.25 10:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.04.07 22:48:30 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2008.04.14 06:47:26 | 000,028,416 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\grserial.sys
[2008.04.14 06:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\serial.sys
[2004.08.18 09:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2004.08.18 09:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2008.04.14 06:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys
< *w7lxe* /s >
< *AutoRearm* /s >
< >
< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /s >
"AccelerometerSysTrayApplet" = C:\WINDOWS\System32\accelerometerST.exe -- [2009.04.07 16:53:06 | 000,070,200 | ---- | M] (Hewlett-Packard Corporation)
"IAAnotif" = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe -- [2008.12.16 18:37:36 | 000,186,904 | ---- | M] (Intel Corporation)
"PDF Complete" = C:\Program Files\PDF Complete\pdfsty.exe -- [2009.06.18 08:07:04 | 000,563,736 | ---- | M] (PDF Complete Inc)
"HotKeysCmds" = C:\WINDOWS\system32\hkcmd.exe -- [2008.02.28 16:00:04 | 000,166,424 | ---- | M] (Intel Corporation)
"SynTPEnh" = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -- [2009.06.08 19:18:16 | 001,434,920 | ---- | M] (Synaptics Incorporated)
"WirelessAssistant" = C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe -- [2009.05.11 14:19:34 | 000,513,080 | ---- | M] (Hewlett-Packard)
"QlbCtrl.exe" = C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start -- [2009.04.15 07:57:32 | 000,181,816 | ---- | M] ( Hewlett-Packard Development Company, L.P.)
"SoundMAXPnP" = C:\Program Files\Analog Devices\Core\smax4pnp.exe -- [2009.04.14 16:58:24 | 001,044,480 | ---- | M] (Analog Devices, Inc.)
"LogMeIn GUI" = "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -- [2008.08.11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.)
"MSC" = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey -- [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation)
"SpywareTerminatorShield" = C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe -- [2011.11.22 04:20:52 | 002,779,824 | ---- | M] (Crawler.com)
"SpywareTerminatorUpdater" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe -- [2011.11.22 04:21:02 | 003,621,040 | ---- | M] (Crawler.com)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
"" =
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"" =
"Installed" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"" =
"Installed" = 1
"NoChange" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"" =
"Installed" = 1
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 07:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /s >
< >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
No captured output from command...
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
No captured output from command...
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
No captured output from command...
< type c:\boot.ini >> test.txt /c >
No captured output from command...]
< End of report >
moc tomu nerozumím,ale co to otl přesně je..a lavně koukám, že to sem napsalo něco co asi nemělo? 
"Vlož tento script" znamená, abys vložil tento script, ne půlku naší konverzace. 
Kdo to má pak luštit, tohleto...
