Dobrý den, poslední dobou se mi zdá, že se mi zpomaluje připojení k internetu, proto prosím o kontrolu logu.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Honza at 2010-04-25 13:35:04
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 84 GB (35%) free of 238 GB
Total RAM: 1006 MB (32% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:35:16, on 25.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Honza\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Honza.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.comfor.cz
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (NOXLATE) - file://C:\Program Files\AutoCAD LT 2000i Cz\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD LT 2000i Cz\AcDcToday.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD LT 2000i Cz\AcPreview.ocx
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O20 - Winlogon Notify: ddcBTJBQ - C:\WINDOWS\
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 5885 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\NSSstub.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-10 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-03-29 2343120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-06-01 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
C:\PROGRA~1\Eraser\Eraser.exe [2010-04-10 979344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2006-04-19 9125888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSSInstallation]
C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe [2009-05-17 181624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-01-01 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-03 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 136600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
C:\PROGRA~1\GAMERS~1\LIVE!\Live.exe [2009-10-28 2665328]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SimHID.lnk]
C:\PROGRA~1\Yuan\SimHID\SimHID.exe [2005-12-05 401408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^Custom start.exe]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-01-15 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2
"PnkBstrA"=2
"helpsvc"=2
"gusvc"=3
"Eventlog"=2
"wuauserv"=2
"JavaQuickStarterService"=2
"NBService"=3
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-04 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcBTJBQ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\World of Warcraft\Repair.exe"="C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\SIMS\RACER\tracked.exe"="C:\SIMS\RACER\tracked.exe:*:Enabled:tracked"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Documents and Settings\Honza\Desktop\komix simpsnovi\hry\Counter-Strike Source\hl2.exe"="C:\Documents and Settings\Honza\Desktop\komix simpsnovi\hry\Counter-Strike Source\hl2.exe:*:Disabled:hl2"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mpHAMACHI 1.4.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mpHAMACHI 1.4.exe:*:Disabled:iw3mpHAMACHI 1.4"
"C:\Program Files\Metin2_TESTER\metin2.bin"="C:\Program Files\Metin2_TESTER\metin2.bin:*:Disabled:metin2"
"C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Disabled:TmNationsESWC"
"C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe"="C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:*:Disabled:UT3Demo"
"C:\Program Files\Warcraft III\War3.exe"="C:\Program Files\Warcraft III\War3.exe:*:Disabled:Warcraft III"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
======File associations======
.js - edit -
.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -
.txt - open -
======List of files/folders created in the last 1 months======
2010-04-25 13:35:04 ----D---- C:\rsit
2010-04-25 13:19:18 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-25 13:19:03 ----D---- C:\ComboFix
2010-04-18 19:30:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-18 10:32:19 ----D---- C:\Program Files\Trend Micro
2010-04-18 10:18:59 ----D---- C:\Program Files\Eraser
2010-04-17 08:36:45 ----D---- C:\WINDOWS\Prefetch
2010-04-05 15:53:39 ----A---- C:\Boot.bak
2010-04-05 15:53:34 ----RASHD---- C:\cmdcons
2010-04-05 15:45:45 ----A---- C:\WINDOWS\zip.exe
2010-04-05 15:45:45 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-05 15:45:45 ----A---- C:\WINDOWS\SWSC.exe
2010-04-05 15:45:45 ----A---- C:\WINDOWS\SWREG.exe
2010-04-05 15:45:45 ----A---- C:\WINDOWS\sed.exe
2010-04-05 15:45:45 ----A---- C:\WINDOWS\PEV.exe
2010-04-05 15:45:45 ----A---- C:\WINDOWS\MBR.exe
2010-04-05 15:45:45 ----A---- C:\WINDOWS\grep.exe
2010-04-02 15:04:39 ----D---- C:\Documents and Settings\Honza\Application Data\ICQ
2010-04-01 21:27:04 ----D---- C:\Program Files\a-squared Free
2010-04-01 20:07:55 ----D---- C:\Documents and Settings\Honza\Application Data\Sereniti
2010-04-01 19:29:40 ----D---- C:\Program Files\Yamicsoft
======List of files/folders modified in the last 1 months======
2010-04-25 13:29:26 ----D---- C:\QooBox
2010-04-25 13:27:46 ----D---- C:\WINDOWS\Temp
2010-04-25 13:26:39 ----AD---- C:\WINDOWS
2010-04-25 13:26:39 ----A---- C:\WINDOWS\system.ini
2010-04-25 13:24:25 ----D---- C:\WINDOWS\system32\drivers
2010-04-25 13:24:25 ----D---- C:\WINDOWS\AppPatch
2010-04-25 13:24:25 ----AD---- C:\WINDOWS\system32
2010-04-25 13:24:21 ----D---- C:\Program Files\Common Files
2010-04-25 13:19:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-25 09:31:04 ----A---- C:\WINDOWS\ModemLog_Communications cable between two computers.txt
2010-04-25 09:31:02 ----A---- C:\WINDOWS\ModemLog_SIEMENS_M75 GPRS Modem.txt
2010-04-25 09:31:02 ----A---- C:\WINDOWS\ModemLog_Siemens Modem (GPRS).txt
2010-04-25 09:31:02 ----A---- C:\WINDOWS\ModemLog_Siemens Modem (GPRS) #9.txt
2010-04-25 09:31:02 ----A---- C:\WINDOWS\ModemLog_Siemens Modem (GPRS) #8.txt
2010-04-25 09:31:02 ----A---- C:\WINDOWS\ModemLog_Siemens Modem (GPRS) #7.txt
2010-04-25 09:31:02 ----A---- C:\WINDOWS\ModemLog_Siemens Modem (GPRS) #6.txt
2010-04-25 09:31:02 ----A---- C:\WINDOWS\ModemLog_Siemens Modem (GPRS) #5.txt
2010-04-25 09:31:02 ----A---- C:\WINDOWS\ModemLog_Siemens Modem (GPRS) #4.txt
2010-04-25 09:31:02 ----A---- C:\WINDOWS\ModemLog_Siemens Modem (GPRS) #3.txt
2010-04-25 09:31:02 ----A---- C:\WINDOWS\ModemLog_Siemens Modem (GPRS) #2.txt
2010-04-25 09:31:02 ----A---- C:\WINDOWS\ModemLog_Communications cable between two computers #2.txt
2010-04-25 09:07:47 ----D---- C:\Program Files\Mozilla Firefox
2010-04-24 21:30:35 ----D---- C:\Program Files\Kyodai Mahjongg
2010-04-22 19:03:31 ----SD---- C:\WINDOWS\Tasks
2010-04-22 18:38:22 ----D---- C:\Program Files
2010-04-22 18:33:22 ----D---- C:\Program Files\World of Warcraft
2010-04-21 20:19:08 ----SHD---- C:\WINDOWS\Installer
2010-04-21 20:19:08 ----RSD---- C:\WINDOWS\assembly
2010-04-21 20:19:08 ----D---- C:\Config.Msi
2010-04-21 16:19:29 ----RASH---- C:\boot.ini
2010-04-21 16:19:29 ----A---- C:\WINDOWS\win.ini
2010-04-21 15:39:43 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-21 15:31:23 ----HD---- C:\WINDOWS\inf
2010-04-18 19:31:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-18 10:59:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-18 10:14:42 ----D---- C:\Program Files\CCleaner
2010-04-05 22:39:26 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-05 16:16:10 ----D---- C:\WINDOWS\erdnt
2010-04-05 16:13:00 ----D---- C:\WINDOWS\Help
2010-04-05 16:06:56 ----D---- C:\WINDOWS\system32\config
2010-04-05 16:03:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-05 15:45:43 ----SHD---- C:\System Volume Information
2010-04-05 15:45:43 ----D---- C:\WINDOWS\system32\Restore
2010-04-05 12:02:30 ----D---- C:\WINDOWS\WinSxS
2010-04-05 10:34:42 ----D---- C:\Documents and Settings\Honza\Application Data\uTorrent
2010-04-02 15:47:58 ----RD---- C:\install.exe
2010-04-01 20:25:38 ----D---- C:\Program Files\Opera
2010-04-01 20:22:28 ----D---- C:\Program Files\Lark Anti-Spyware
2010-04-01 19:55:28 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2010-04-01 19:44:25 ----D---- C:\WINDOWS\security
2010-04-01 19:16:40 ----D---- C:\Program Files\QIP
2010-04-01 19:11:42 ----D---- C:\Program Files\VS Revo Group
2010-04-01 19:10:37 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-03-28 19:50:48 ----D---- C:\Program Files\Warsow 0.5
2010-03-28 19:32:36 ----D---- C:\Documents and Settings\Honza\Application Data\Winamp
2010-03-28 10:58:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 SSHDRV82;SSHDRV82; \??\C:\WINDOWS\system32\drivers\SSHDRV82.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 dvdmmg;dvdmmg; \??\C:\WINDOWS\system32\drivers\dvdmmg.sys []
R2 Ethpdrv;Ethernet Packet Driver; C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2005-09-08 9728]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-04 3488768]
R3 catchme;catchme; \??\C:\DOCUME~1\Honza\LOCALS~1\Temp\catchme.sys []
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-06-05 230400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2006-06-19 43264]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 OmniTV;Cx2388x AvStream Video Capture; C:\WINDOWS\system32\DRIVERS\OmniTV.sys [2006-01-04 197632]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-15 5888]
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-02 41728]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-20 1156648]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 491701b0;491701b0; C:\WINDOWS\System32\drivers\491701b0.sys []
S1 dbadca93;dbadca93; C:\WINDOWS\System32\drivers\dbadca93.sys []
S2 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S2 IcRecUsb;IC Recorder Driver; C:\WINDOWS\System32\Drivers\IcRecUsb.sys [2001-10-02 17432]
S3 apzuy;apzuy; \??\C:\WINDOWS\system32\01.tmp []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-02-20 25280]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ipw_bus;IPWireless; C:\WINDOWS\system32\DRIVERS\ipw_bus.sys [2005-09-27 58320]
S3 ipw_mdfl;Wireless Broadband Modem Filter; C:\WINDOWS\system32\DRIVERS\ipw_mdfl.sys [2005-09-27 8272]
S3 ipw_mdm;Wireless Broadband Modem (WDM); C:\WINDOWS\system32\DRIVERS\ipw_mdm.sys [2005-09-27 95440]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\Honza\LOCALS~1\Temp\mbr.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 mpabkyir;mpabkyir; \??\C:\WINDOWS\system32\01.tmp []
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 mpksxw;mpksxw; \??\C:\WINDOWS\system32\01.tmp []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nmjklrw;nmjklrw; \??\C:\WINDOWS\system32\01.tmp []
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 pycup;pycup; \??\C:\WINDOWS\system32\01.tmp []
S3 Ser2pl;MAT Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tap0901_2gm;VPN Anonymizer Adapter; C:\WINDOWS\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 tgxldtzd;tgxldtzd; \??\C:\WINDOWS\system32\01.tmp []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-11 691696]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2010-04-16 1872320]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-04 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 AVWUpSrv;AntiVir Update; C:\Program Files\AVPersonal\AVWUPSRV.EXE [2004-11-17 36864]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2006-06-29 237568]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2006-05-26 86016]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-03 593920]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-02-13 79360]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-09 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-10 152984]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-08 208896]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu.
Omlouvám se některé věci moc nedomyslím 
...
Tady je ten výpis z combofixu
ComboFix 10-04-21.01 - Honza 25.04.2010 13:19:58.6.2 - x86
Spuštěný z: c:\documents and settings\Honza\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-25 do 2010-04-25 )))))))))))))))))))))))))))))))
.
2010-04-12 14:09 . 2010-04-12 14:09 -------- d-----w- c:\documents and settings\mama\Local Settings\Application Data\Opera
2010-04-02 13:04 . 2010-04-02 13:04 -------- d-----w- c:\documents and settings\Honza\Application Data\ICQ
2010-04-01 19:27 . 2010-04-16 16:11 -------- d-----w- c:\program files\a-squared Free
2010-04-01 18:07 . 2010-04-01 18:07 -------- d-----w- c:\documents and settings\Honza\Application Data\Sereniti
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 19:34 . 2010-04-24 19:34 177960 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-24 19:30 . 2008-02-24 19:09 -------- d-----w- c:\program files\Kyodai Mahjongg
2010-04-22 16:33 . 2007-06-07 21:44 -------- d-----w- c:\program files\World of Warcraft
2010-04-18 17:30 . 2010-04-18 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 08:59 . 2007-01-04 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-18 08:32 . 2010-04-18 08:32 -------- d-----w- c:\program files\Trend Micro
2010-04-18 08:19 . 2010-04-18 08:18 -------- d-----w- c:\program files\Eraser
2010-04-18 08:14 . 2008-12-10 08:01 -------- d-----w- c:\program files\CCleaner
2010-04-07 18:24 . 2006-12-23 18:54 94936 ----a-w- c:\documents and settings\Evina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-05 08:34 . 2010-02-26 10:26 -------- d-----w- c:\documents and settings\Honza\Application Data\uTorrent
2010-04-01 18:25 . 2010-02-05 20:38 -------- d-----w- c:\program files\Opera
2010-04-01 18:22 . 2009-12-23 17:34 -------- d-----w- c:\program files\Lark Anti-Spyware
2010-04-01 17:55 . 2000-11-08 10:32 1388544 ----a-w- c:\windows\system32\msvbvm60.dll
2010-04-01 17:16 . 2008-03-02 13:24 -------- d-----w- c:\program files\QIP
2010-04-01 17:11 . 2008-11-01 14:40 -------- d-----w- c:\program files\VS Revo Group
2010-04-01 17:10 . 2009-10-16 12:37 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-03-29 22:46 . 2010-04-18 17:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2010-04-18 17:30 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 17:50 . 2009-10-23 14:37 -------- d-----w- c:\program files\Warsow 0.5
2010-03-28 17:32 . 2010-03-21 11:19 -------- d-----w- c:\documents and settings\Honza\Application Data\Winamp
2010-03-23 11:14 . 2007-01-02 15:38 94936 ----a-w- c:\documents and settings\mama\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-22 15:30 . 2007-01-06 20:09 94936 ----a-w- c:\documents and settings\Honza\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-22 06:51 . 2006-09-04 07:45 94936 ----a-w- c:\documents and settings\Comfor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-22 06:44 . 2010-03-22 06:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2010-03-21 11:19 . 2010-03-21 11:19 -------- d-----w- c:\program files\Winamp
2010-03-21 11:18 . 2010-03-21 11:18 -------- d-----w- c:\documents and settings\Honza\Application Data\Media Player Classic
2010-03-21 11:08 . 2010-03-21 11:07 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-21 11:08 . 2007-02-18 10:08 36932 ----a-w- c:\documents and settings\Honza\Application Data\Avant Browser\update.dll
2010-03-20 08:34 . 2006-08-22 10:03 -------- d-----w- c:\program files\CyberLink
2010-03-20 08:34 . 2006-08-22 09:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 18:00 . 2010-03-21 11:08 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-09 21:21 . 2007-11-28 08:10 36932 ----a-w- c:\documents and settings\mama\Application Data\Avant Browser\update.dll
2010-03-09 17:34 . 2010-03-09 17:34 36864 ----a-w- c:\documents and settings\Honza\Application Data\Autodesk\AutoCAD 2010\R18.0\csy\ContextualTabSelectorRules.dll
2010-03-09 17:34 . 2009-12-11 16:23 -------- d-----w- c:\documents and settings\Honza\Application Data\Autodesk
2010-03-09 17:34 . 2009-12-11 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-03-09 17:32 . 2010-03-09 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-09 13:50 . 2010-03-09 13:40 -------- d-----w- c:\program files\AutoCAD 2010
2010-03-09 13:50 . 2009-12-11 16:22 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-03-09 13:46 . 2010-03-09 13:46 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-07 16:42 . 2010-02-26 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-07 16:42 . 2010-01-31 11:30 -------- d-----w- c:\program files\IObit
2010-03-06 12:49 . 2010-03-06 12:40 461888 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2010-03-06 12:44 . 2010-03-06 12:40 371776 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2010-03-06 12:44 . 2010-03-06 12:40 187456 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2010-03-06 12:43 . 2010-03-06 12:40 57344 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\pb\pbag.dll
2010-03-06 12:43 . 2010-03-06 12:40 887856 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\pb\pbcl.dll
2010-03-06 12:43 . 2010-03-06 12:40 2427968 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2010-03-06 12:05 . 2010-03-06 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2010-03-01 21:06 . 2009-11-06 16:44 -------- d-----w- c:\documents and settings\Honza\Application Data\gtk-2.0
2010-02-27 18:27 . 2006-10-30 16:52 737280 ----a-w- c:\windows\iun6002.exe
2010-02-26 10:30 . 2009-08-27 05:47 -------- d-----w- c:\program files\nLite
2010-02-26 10:29 . 2007-08-26 07:50 -------- d-----w- c:\program files\De Blob
2010-02-20 13:03 . 2010-01-14 19:17 1 ----a-w- c:\documents and settings\Honza\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-10 17:13 . 2010-03-21 11:06 165376 ----a-w- c:\windows\system32\unrar.dll
2006-10-06 15:24 . 2006-10-06 15:24 19 ----a-w- c:\program files\Answer.txt
2004-07-19 21:58 . 2004-07-19 21:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-19 21:53 . 2004-07-19 21:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-16 13:30 . 2004-07-16 13:30 3858 ----a-w- c:\program files\directx redist.txt
2004-07-09 13:17 . 2004-07-09 13:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 08:13 . 2004-07-09 08:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 08:13 . 2004-07-09 08:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 03:08 . 2004-07-09 03:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 03:08 . 2004-07-09 03:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 02:03 . 2004-07-09 02:03 62976 ----a-w- c:\program files\DSETUP.dll
2003-02-08 05:50 . 2006-12-19 17:31 656068533 ----a-w- c:\program files\data2.cab
2003-02-08 05:46 . 2006-12-19 17:34 2582497 ----a-w- c:\program files\data1.cab
2003-02-08 05:46 . 2006-12-19 17:34 204829 ----a-w- c:\program files\data1.hdr
2003-01-29 02:34 . 2006-12-19 17:34 36864 ----a-w- c:\program files\Autorun.exe
2002-12-05 19:16 . 2006-12-19 17:31 418296 ----a-w- c:\program files\engine32.cab
1999-04-23 22:22 . 1999-04-23 22:22 12 --sha-w- c:\windows\system\WININETICMP32.drv
.
((((((((((((((((((((((((((((( SnapShot@2010-04-15_13.28.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-25 06:24 . 2010-04-25 06:24 16384 c:\windows\Temp\Perflib_Perfdata_66c.dat
+ 2010-04-18 08:19 . 2010-04-18 08:19 93345 c:\windows\Installer\{38BA2875-D7AD-4611-ABA3-C385051ADF42}\Eraser.exe
+ 2010-04-18 08:19 . 2010-04-18 08:19 1187840 c:\windows\Installer\155d71.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcBTJBQ]
[BU]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SimHID.lnk]
backup=c:\windows\pss\SimHID.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^Custom start.exe]
backup=c:\windows\pss\Custom start.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-06-01 11:32 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 11:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2010-04-10 06:45 979344 ----a-w- c:\progra~1\Eraser\Eraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
2006-04-19 15:40 9125888 ----a-w- c:\program files\Intel Audio Studio\IntelAudioStudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSSInstallation]
2009-05-17 19:38 181624 ----atw- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-01-01 19:06 77824 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-03 21:21 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-12-10 08:03 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"Eventlog"=2 (0x2)
"wuauserv"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"NBService"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\SIMS\\RACER\\tracked.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Honza\\Desktop\\komix simpsnovi\\hry\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mpHAMACHI 1.4.exe"=
"c:\\Program Files\\Metin2_TESTER\\metin2.bin"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
R1 491701b0;491701b0;c:\windows\System32\drivers\491701b0.sys [2009-06-14 0]
R1 dbadca93;dbadca93;c:\windows\System32\drivers\dbadca93.sys [2009-06-13 0]
R2 dpaupuhw;Microsoft Server;c:\windows\system32\svchost.exe [2008-04-14 14336]
R2 IcRecUsb;IC Recorder Driver;c:\windows\system32\Drivers\IcRecUsb.sys [2001-10-02 17432]
R2 kclew;Windows Security;c:\windows\system32\svchost.exe [2008-04-14 14336]
R2 nrxjtvftj;Windows Support;c:\windows\system32\svchost.exe [2008-04-14 14336]
R3 apzuy;apzuy;c:\windows\system32\01.tmp [2009-07-02 4096]
R3 ipw_bus;IPWireless;c:\windows\system32\DRIVERS\ipw_bus.sys [2005-09-27 58320]
R3 ipw_mdfl;Wireless Broadband Modem Filter;c:\windows\system32\DRIVERS\ipw_mdfl.sys [2005-09-27 8272]
R3 ipw_mdm;Wireless Broadband Modem (WDM);c:\windows\system32\DRIVERS\ipw_mdm.sys [2005-09-27 95440]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-03-29 38224]
R3 mpabkyir;mpabkyir;c:\windows\system32\01.tmp [2009-07-02 4096]
R3 mpksxw;mpksxw;c:\windows\system32\01.tmp [2009-07-02 4096]
R3 nmjklrw;nmjklrw;c:\windows\system32\01.tmp [2009-07-02 4096]
R3 pycup;pycup;c:\windows\system32\01.tmp [2009-07-02 4096]
R3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
R3 tgxldtzd;tgxldtzd;c:\windows\system32\01.tmp [2009-07-02 4096]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-11 691696]
S1 aswSP;avast! Self Protection; [x]
S1 SSHDRV82;SSHDRV82;c:\windows\system32\drivers\SSHDRV82.sys [2006-11-15 76288]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-04-16 1872320]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 AVWUpSrv;AntiVir Update;c:\program files\AVPersonal\AVWUPSRV.EXE [2004-11-17 36864]
S2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [2007-09-06 5504]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\DRIVERS\ethpdrv.sys [2005-09-07 9728]
S3 OmniTV;Cx2388x AvStream Video Capture;c:\windows\system32\DRIVERS\OmniTV.sys [2006-01-04 197632]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
kclew
dpaupuhw
cheba
nrxjtvftj
.
Obsah adresáře 'Naplánované úlohy'
2010-04-21 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-05-17 19:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = hxxp://www.yahoo.com
mWindow Title = Microsoft Internet Explorer
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD LT 2000i Cz\InstFred.ocx
FF - ProfilePath - c:\documents and settings\Honza\Application Data\Mozilla\Firefox\Profiles\lr9unmvj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search Powered by Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&q=
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.txt=
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\apzuy]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mpabkyir]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mpksxw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nmjklrw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pycup]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tgxldtzd]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cheba]
"ServiceDll"="c:\windows\system32\hgpbfmzu.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpaupuhw]
"ServiceDll"="c:\windows\system32\hgpbfmzu.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kclew]
"ServiceDll"="c:\windows\system32\hgpbfmzu.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nrxjtvftj]
"ServiceDll"="c:\windows\system32\hgpbfmzu.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-833971647-2919139097-2166695667-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:82,dd,34,d8,c6,63,7a,55,93,37,b5,d9,fb,2d,e4,1d,64,12,29,83,ce,85,42,
52,e9,9d,33,34,01,c2,37,57,8c,5d,9d,a1,2b,d5,07,85,85,33,95,1b,60,1e,04,9e,\
"??"=hex:84,de,ae,d8,f8,6c,86,0a,74,09,c2,5e,a0,48,f8,21
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{793A0CD2-18B8-B505-D2705730ED7730B5}\{224F5FE7-6AB9-E5AA-092A0B3F1E7E0249}\{E87C09AA-1A97-D30E-8C0D3EFE96A56BA8}*]
"63AUOURV1X6YIYB2ELIFO4LTRC1"=hex:01,00,01,00,00,00,00,00,87,da,ad,38,2b,26,f8,
c3,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3668)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\msi.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-04-25 13:29:23
ComboFix-quarantined-files.txt 2010-04-25 11:29
ComboFix2.txt 2010-04-22 17:05
ComboFix3.txt 2010-04-15 13:31
ComboFix4.txt 2010-04-05 14:17
Před spuštěním: 88 363 465 216 bytes free
Po spuštění: 88 325 909 504 bytes free
- - End Of File - - 1C084542DF0FD12F673E31DFD2BE41EE
...Tady je ten výpis z combofixu
ComboFix 10-04-21.01 - Honza 25.04.2010 13:19:58.6.2 - x86
Spuštěný z: c:\documents and settings\Honza\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-25 do 2010-04-25 )))))))))))))))))))))))))))))))
.
2010-04-12 14:09 . 2010-04-12 14:09 -------- d-----w- c:\documents and settings\mama\Local Settings\Application Data\Opera
2010-04-02 13:04 . 2010-04-02 13:04 -------- d-----w- c:\documents and settings\Honza\Application Data\ICQ
2010-04-01 19:27 . 2010-04-16 16:11 -------- d-----w- c:\program files\a-squared Free
2010-04-01 18:07 . 2010-04-01 18:07 -------- d-----w- c:\documents and settings\Honza\Application Data\Sereniti
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 19:34 . 2010-04-24 19:34 177960 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-24 19:30 . 2008-02-24 19:09 -------- d-----w- c:\program files\Kyodai Mahjongg
2010-04-22 16:33 . 2007-06-07 21:44 -------- d-----w- c:\program files\World of Warcraft
2010-04-18 17:30 . 2010-04-18 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 08:59 . 2007-01-04 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-18 08:32 . 2010-04-18 08:32 -------- d-----w- c:\program files\Trend Micro
2010-04-18 08:19 . 2010-04-18 08:18 -------- d-----w- c:\program files\Eraser
2010-04-18 08:14 . 2008-12-10 08:01 -------- d-----w- c:\program files\CCleaner
2010-04-07 18:24 . 2006-12-23 18:54 94936 ----a-w- c:\documents and settings\Evina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-05 08:34 . 2010-02-26 10:26 -------- d-----w- c:\documents and settings\Honza\Application Data\uTorrent
2010-04-01 18:25 . 2010-02-05 20:38 -------- d-----w- c:\program files\Opera
2010-04-01 18:22 . 2009-12-23 17:34 -------- d-----w- c:\program files\Lark Anti-Spyware
2010-04-01 17:55 . 2000-11-08 10:32 1388544 ----a-w- c:\windows\system32\msvbvm60.dll
2010-04-01 17:16 . 2008-03-02 13:24 -------- d-----w- c:\program files\QIP
2010-04-01 17:11 . 2008-11-01 14:40 -------- d-----w- c:\program files\VS Revo Group
2010-04-01 17:10 . 2009-10-16 12:37 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-03-29 22:46 . 2010-04-18 17:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2010-04-18 17:30 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 17:50 . 2009-10-23 14:37 -------- d-----w- c:\program files\Warsow 0.5
2010-03-28 17:32 . 2010-03-21 11:19 -------- d-----w- c:\documents and settings\Honza\Application Data\Winamp
2010-03-23 11:14 . 2007-01-02 15:38 94936 ----a-w- c:\documents and settings\mama\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-22 15:30 . 2007-01-06 20:09 94936 ----a-w- c:\documents and settings\Honza\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-22 06:51 . 2006-09-04 07:45 94936 ----a-w- c:\documents and settings\Comfor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-22 06:44 . 2010-03-22 06:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2010-03-21 11:19 . 2010-03-21 11:19 -------- d-----w- c:\program files\Winamp
2010-03-21 11:18 . 2010-03-21 11:18 -------- d-----w- c:\documents and settings\Honza\Application Data\Media Player Classic
2010-03-21 11:08 . 2010-03-21 11:07 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-21 11:08 . 2007-02-18 10:08 36932 ----a-w- c:\documents and settings\Honza\Application Data\Avant Browser\update.dll
2010-03-20 08:34 . 2006-08-22 10:03 -------- d-----w- c:\program files\CyberLink
2010-03-20 08:34 . 2006-08-22 09:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 18:00 . 2010-03-21 11:08 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-09 21:21 . 2007-11-28 08:10 36932 ----a-w- c:\documents and settings\mama\Application Data\Avant Browser\update.dll
2010-03-09 17:34 . 2010-03-09 17:34 36864 ----a-w- c:\documents and settings\Honza\Application Data\Autodesk\AutoCAD 2010\R18.0\csy\ContextualTabSelectorRules.dll
2010-03-09 17:34 . 2009-12-11 16:23 -------- d-----w- c:\documents and settings\Honza\Application Data\Autodesk
2010-03-09 17:34 . 2009-12-11 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-03-09 17:32 . 2010-03-09 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-09 13:50 . 2010-03-09 13:40 -------- d-----w- c:\program files\AutoCAD 2010
2010-03-09 13:50 . 2009-12-11 16:22 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-03-09 13:46 . 2010-03-09 13:46 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-07 16:42 . 2010-02-26 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-07 16:42 . 2010-01-31 11:30 -------- d-----w- c:\program files\IObit
2010-03-06 12:49 . 2010-03-06 12:40 461888 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2010-03-06 12:44 . 2010-03-06 12:40 371776 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2010-03-06 12:44 . 2010-03-06 12:40 187456 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2010-03-06 12:43 . 2010-03-06 12:40 57344 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\pb\pbag.dll
2010-03-06 12:43 . 2010-03-06 12:40 887856 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\pb\pbcl.dll
2010-03-06 12:43 . 2010-03-06 12:40 2427968 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2010-03-06 12:05 . 2010-03-06 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2010-03-01 21:06 . 2009-11-06 16:44 -------- d-----w- c:\documents and settings\Honza\Application Data\gtk-2.0
2010-02-27 18:27 . 2006-10-30 16:52 737280 ----a-w- c:\windows\iun6002.exe
2010-02-26 10:30 . 2009-08-27 05:47 -------- d-----w- c:\program files\nLite
2010-02-26 10:29 . 2007-08-26 07:50 -------- d-----w- c:\program files\De Blob
2010-02-20 13:03 . 2010-01-14 19:17 1 ----a-w- c:\documents and settings\Honza\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-10 17:13 . 2010-03-21 11:06 165376 ----a-w- c:\windows\system32\unrar.dll
2006-10-06 15:24 . 2006-10-06 15:24 19 ----a-w- c:\program files\Answer.txt
2004-07-19 21:58 . 2004-07-19 21:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-19 21:53 . 2004-07-19 21:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-16 13:30 . 2004-07-16 13:30 3858 ----a-w- c:\program files\directx redist.txt
2004-07-09 13:17 . 2004-07-09 13:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 08:13 . 2004-07-09 08:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 08:13 . 2004-07-09 08:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 03:08 . 2004-07-09 03:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 03:08 . 2004-07-09 03:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 02:03 . 2004-07-09 02:03 62976 ----a-w- c:\program files\DSETUP.dll
2003-02-08 05:50 . 2006-12-19 17:31 656068533 ----a-w- c:\program files\data2.cab
2003-02-08 05:46 . 2006-12-19 17:34 2582497 ----a-w- c:\program files\data1.cab
2003-02-08 05:46 . 2006-12-19 17:34 204829 ----a-w- c:\program files\data1.hdr
2003-01-29 02:34 . 2006-12-19 17:34 36864 ----a-w- c:\program files\Autorun.exe
2002-12-05 19:16 . 2006-12-19 17:31 418296 ----a-w- c:\program files\engine32.cab
1999-04-23 22:22 . 1999-04-23 22:22 12 --sha-w- c:\windows\system\WININETICMP32.drv
.
((((((((((((((((((((((((((((( SnapShot@2010-04-15_13.28.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-25 06:24 . 2010-04-25 06:24 16384 c:\windows\Temp\Perflib_Perfdata_66c.dat
+ 2010-04-18 08:19 . 2010-04-18 08:19 93345 c:\windows\Installer\{38BA2875-D7AD-4611-ABA3-C385051ADF42}\Eraser.exe
+ 2010-04-18 08:19 . 2010-04-18 08:19 1187840 c:\windows\Installer\155d71.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcBTJBQ]
[BU]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SimHID.lnk]
backup=c:\windows\pss\SimHID.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^Custom start.exe]
backup=c:\windows\pss\Custom start.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-06-01 11:32 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 11:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2010-04-10 06:45 979344 ----a-w- c:\progra~1\Eraser\Eraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
2006-04-19 15:40 9125888 ----a-w- c:\program files\Intel Audio Studio\IntelAudioStudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSSInstallation]
2009-05-17 19:38 181624 ----atw- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-01-01 19:06 77824 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-03 21:21 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-12-10 08:03 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"Eventlog"=2 (0x2)
"wuauserv"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"NBService"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\SIMS\\RACER\\tracked.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Honza\\Desktop\\komix simpsnovi\\hry\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mpHAMACHI 1.4.exe"=
"c:\\Program Files\\Metin2_TESTER\\metin2.bin"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
R1 491701b0;491701b0;c:\windows\System32\drivers\491701b0.sys [2009-06-14 0]
R1 dbadca93;dbadca93;c:\windows\System32\drivers\dbadca93.sys [2009-06-13 0]
R2 dpaupuhw;Microsoft Server;c:\windows\system32\svchost.exe [2008-04-14 14336]
R2 IcRecUsb;IC Recorder Driver;c:\windows\system32\Drivers\IcRecUsb.sys [2001-10-02 17432]
R2 kclew;Windows Security;c:\windows\system32\svchost.exe [2008-04-14 14336]
R2 nrxjtvftj;Windows Support;c:\windows\system32\svchost.exe [2008-04-14 14336]
R3 apzuy;apzuy;c:\windows\system32\01.tmp [2009-07-02 4096]
R3 ipw_bus;IPWireless;c:\windows\system32\DRIVERS\ipw_bus.sys [2005-09-27 58320]
R3 ipw_mdfl;Wireless Broadband Modem Filter;c:\windows\system32\DRIVERS\ipw_mdfl.sys [2005-09-27 8272]
R3 ipw_mdm;Wireless Broadband Modem (WDM);c:\windows\system32\DRIVERS\ipw_mdm.sys [2005-09-27 95440]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-03-29 38224]
R3 mpabkyir;mpabkyir;c:\windows\system32\01.tmp [2009-07-02 4096]
R3 mpksxw;mpksxw;c:\windows\system32\01.tmp [2009-07-02 4096]
R3 nmjklrw;nmjklrw;c:\windows\system32\01.tmp [2009-07-02 4096]
R3 pycup;pycup;c:\windows\system32\01.tmp [2009-07-02 4096]
R3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
R3 tgxldtzd;tgxldtzd;c:\windows\system32\01.tmp [2009-07-02 4096]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-11 691696]
S1 aswSP;avast! Self Protection; [x]
S1 SSHDRV82;SSHDRV82;c:\windows\system32\drivers\SSHDRV82.sys [2006-11-15 76288]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-04-16 1872320]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 AVWUpSrv;AntiVir Update;c:\program files\AVPersonal\AVWUPSRV.EXE [2004-11-17 36864]
S2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [2007-09-06 5504]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\DRIVERS\ethpdrv.sys [2005-09-07 9728]
S3 OmniTV;Cx2388x AvStream Video Capture;c:\windows\system32\DRIVERS\OmniTV.sys [2006-01-04 197632]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
kclew
dpaupuhw
cheba
nrxjtvftj
.
Obsah adresáře 'Naplánované úlohy'
2010-04-21 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-05-17 19:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = hxxp://www.yahoo.com
mWindow Title = Microsoft Internet Explorer
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD LT 2000i Cz\InstFred.ocx
FF - ProfilePath - c:\documents and settings\Honza\Application Data\Mozilla\Firefox\Profiles\lr9unmvj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search Powered by Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&q=
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.txt=
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\apzuy]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mpabkyir]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mpksxw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nmjklrw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pycup]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tgxldtzd]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cheba]
"ServiceDll"="c:\windows\system32\hgpbfmzu.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpaupuhw]
"ServiceDll"="c:\windows\system32\hgpbfmzu.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kclew]
"ServiceDll"="c:\windows\system32\hgpbfmzu.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nrxjtvftj]
"ServiceDll"="c:\windows\system32\hgpbfmzu.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-833971647-2919139097-2166695667-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:82,dd,34,d8,c6,63,7a,55,93,37,b5,d9,fb,2d,e4,1d,64,12,29,83,ce,85,42,
52,e9,9d,33,34,01,c2,37,57,8c,5d,9d,a1,2b,d5,07,85,85,33,95,1b,60,1e,04,9e,\
"??"=hex:84,de,ae,d8,f8,6c,86,0a,74,09,c2,5e,a0,48,f8,21
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{793A0CD2-18B8-B505-D2705730ED7730B5}\{224F5FE7-6AB9-E5AA-092A0B3F1E7E0249}\{E87C09AA-1A97-D30E-8C0D3EFE96A56BA8}*]
"63AUOURV1X6YIYB2ELIFO4LTRC1"=hex:01,00,01,00,00,00,00,00,87,da,ad,38,2b,26,f8,
c3,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3668)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\msi.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-04-25 13:29:23
ComboFix-quarantined-files.txt 2010-04-25 11:29
ComboFix2.txt 2010-04-22 17:05
ComboFix3.txt 2010-04-15 13:31
ComboFix4.txt 2010-04-05 14:17
Před spuštěním: 88 363 465 216 bytes free
Po spuštění: 88 325 909 504 bytes free
- - End Of File - - 1C084542DF0FD12F673E31DFD2BE41EE
Re: Prosím o kontrolu logu.
Udělal jsem co jste řekl, takže tady je ten log
ComboFix 10-04-21.01 - Honza 26.04.2010 13:18:25.7.2 - x86
Spuštěný z: c:\documents and settings\Honza\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Honza\Desktop\CFScript.txt
file zipped: c:\windows\system32\01.tmp
file zipped: c:\windows\System32\drivers\491701b0.sys
file zipped: c:\windows\System32\drivers\dbadca93.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\01.tmp
c:\windows\System32\drivers\491701b0.sys
c:\windows\System32\drivers\dbadca93.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CHEBA
-------\Legacy_DPAUPUHW
-------\Legacy_kclew
-------\Legacy_NRXJTVFTJ
-------\Service_491701b0
-------\Service_apzuy
-------\Service_dbadca93
-------\Service_dpaupuhw
-------\Service_cheba
-------\Service_kclew
-------\Service_mpabkyir
-------\Service_mpksxw
-------\Service_nmjklrw
-------\Service_nrxjtvftj
-------\Service_pycup
-------\Service_tgxldtzd
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-26 do 2010-04-26 )))))))))))))))))))))))))))))))
.
2010-04-12 14:09 . 2010-04-12 14:09 -------- d-----w- c:\documents and settings\mama\Local Settings\Application Data\Opera
2010-04-02 13:04 . 2010-04-02 13:04 -------- d-----w- c:\documents and settings\Honza\Application Data\ICQ
2010-04-01 19:27 . 2010-04-16 16:11 -------- d-----w- c:\program files\a-squared Free
2010-04-01 18:07 . 2010-04-01 18:07 -------- d-----w- c:\documents and settings\Honza\Application Data\Sereniti
2010-04-01 17:29 . 2010-04-01 17:29 -------- d-----w- c:\program files\Yamicsoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-26 11:12 . 2010-04-26 11:12 389120 ----a-w- c:\windows\system32\CF12112.exe
2010-04-26 11:06 . 2007-01-04 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-25 19:04 . 2008-02-24 19:09 -------- d-----w- c:\program files\Kyodai Mahjongg
2010-04-25 12:01 . 2010-04-25 12:01 -------- d-----w- c:\program files\Secunia
2010-04-22 16:33 . 2007-06-07 21:44 -------- d-----w- c:\program files\World of Warcraft
2010-04-18 17:30 . 2010-04-18 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 08:32 . 2010-04-18 08:32 -------- d-----w- c:\program files\Trend Micro
2010-04-18 08:19 . 2010-04-18 08:18 -------- d-----w- c:\program files\Eraser
2010-04-18 08:14 . 2008-12-10 08:01 -------- d-----w- c:\program files\CCleaner
2010-04-07 18:24 . 2006-12-23 18:54 94936 ----a-w- c:\documents and settings\Evina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-05 08:34 . 2010-02-26 10:26 -------- d-----w- c:\documents and settings\Honza\Application Data\uTorrent
2010-04-01 18:25 . 2010-02-05 20:38 -------- d-----w- c:\program files\Opera
2010-04-01 18:22 . 2009-12-23 17:34 -------- d-----w- c:\program files\Lark Anti-Spyware
2010-04-01 17:55 . 2000-11-08 10:32 1388544 ----a-w- c:\windows\system32\msvbvm60.dll
2010-04-01 17:16 . 2008-03-02 13:24 -------- d-----w- c:\program files\QIP
2010-04-01 17:11 . 2008-11-01 14:40 -------- d-----w- c:\program files\VS Revo Group
2010-04-01 17:10 . 2009-10-16 12:37 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-03-29 22:46 . 2010-04-18 17:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2010-04-18 17:30 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 17:50 . 2009-10-23 14:37 -------- d-----w- c:\program files\Warsow 0.5
2010-03-28 17:32 . 2010-03-21 11:19 -------- d-----w- c:\documents and settings\Honza\Application Data\Winamp
2010-03-23 11:14 . 2007-01-02 15:38 94936 ----a-w- c:\documents and settings\mama\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-22 15:30 . 2007-01-06 20:09 94936 ----a-w- c:\documents and settings\Honza\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-22 06:51 . 2006-09-04 07:45 94936 ----a-w- c:\documents and settings\Comfor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-22 06:44 . 2010-03-22 06:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2010-03-21 11:19 . 2010-03-21 11:19 -------- d-----w- c:\program files\Winamp
2010-03-21 11:18 . 2010-03-21 11:18 -------- d-----w- c:\documents and settings\Honza\Application Data\Media Player Classic
2010-03-21 11:08 . 2010-03-21 11:07 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-21 11:08 . 2007-02-18 10:08 36932 ----a-w- c:\documents and settings\Honza\Application Data\Avant Browser\update.dll
2010-03-20 08:34 . 2006-08-22 10:03 -------- d-----w- c:\program files\CyberLink
2010-03-20 08:34 . 2006-08-22 09:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 18:00 . 2010-03-21 11:08 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-09 21:21 . 2007-11-28 08:10 36932 ----a-w- c:\documents and settings\mama\Application Data\Avant Browser\update.dll
2010-03-09 17:34 . 2010-03-09 17:34 36864 ----a-w- c:\documents and settings\Honza\Application Data\Autodesk\AutoCAD 2010\R18.0\csy\ContextualTabSelectorRules.dll
2010-03-09 17:34 . 2009-12-11 16:23 -------- d-----w- c:\documents and settings\Honza\Application Data\Autodesk
2010-03-09 17:34 . 2009-12-11 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-03-09 17:32 . 2010-03-09 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-09 13:50 . 2010-03-09 13:40 -------- d-----w- c:\program files\AutoCAD 2010
2010-03-09 13:50 . 2009-12-11 16:22 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-03-09 13:46 . 2010-03-09 13:46 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-07 16:42 . 2010-02-26 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-07 16:42 . 2010-01-31 11:30 -------- d-----w- c:\program files\IObit
2010-03-06 12:49 . 2010-03-06 12:40 461888 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2010-03-06 12:44 . 2010-03-06 12:40 371776 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2010-03-06 12:44 . 2010-03-06 12:40 187456 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2010-03-06 12:43 . 2010-03-06 12:40 57344 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\pb\pbag.dll
2010-03-06 12:43 . 2010-03-06 12:40 887856 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\pb\pbcl.dll
2010-03-06 12:43 . 2010-03-06 12:40 2427968 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2010-03-06 12:05 . 2010-03-06 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2010-03-01 21:06 . 2009-11-06 16:44 -------- d-----w- c:\documents and settings\Honza\Application Data\gtk-2.0
2010-02-27 18:27 . 2006-10-30 16:52 737280 ----a-w- c:\windows\iun6002.exe
2010-02-26 10:30 . 2009-08-27 05:47 -------- d-----w- c:\program files\nLite
2010-02-26 10:29 . 2007-08-26 07:50 -------- d-----w- c:\program files\De Blob
2010-02-20 13:03 . 2010-01-14 19:17 1 ----a-w- c:\documents and settings\Honza\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-10 17:13 . 2010-03-21 11:06 165376 ----a-w- c:\windows\system32\unrar.dll
2006-10-06 15:24 . 2006-10-06 15:24 19 ----a-w- c:\program files\Answer.txt
2004-07-19 21:58 . 2004-07-19 21:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-19 21:53 . 2004-07-19 21:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-16 13:30 . 2004-07-16 13:30 3858 ----a-w- c:\program files\directx redist.txt
2004-07-09 13:17 . 2004-07-09 13:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 08:13 . 2004-07-09 08:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 08:13 . 2004-07-09 08:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 03:08 . 2004-07-09 03:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 03:08 . 2004-07-09 03:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 02:03 . 2004-07-09 02:03 62976 ----a-w- c:\program files\DSETUP.dll
2003-02-08 05:50 . 2006-12-19 17:31 656068533 ----a-w- c:\program files\data2.cab
2003-02-08 05:46 . 2006-12-19 17:34 2582497 ----a-w- c:\program files\data1.cab
2003-02-08 05:46 . 2006-12-19 17:34 204829 ----a-w- c:\program files\data1.hdr
2003-01-29 02:34 . 2006-12-19 17:34 36864 ----a-w- c:\program files\Autorun.exe
2002-12-05 19:16 . 2006-12-19 17:31 418296 ----a-w- c:\program files\engine32.cab
1999-04-23 22:22 . 1999-04-23 22:22 12 --sha-w- c:\windows\system\WININETICMP32.drv
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SimHID.lnk]
backup=c:\windows\pss\SimHID.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^Custom start.exe]
backup=c:\windows\pss\Custom start.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-06-01 11:32 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 11:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2010-04-10 06:45 979344 ----a-w- c:\progra~1\Eraser\Eraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
2006-04-19 15:40 9125888 ----a-w- c:\program files\Intel Audio Studio\IntelAudioStudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSSInstallation]
2009-05-17 19:38 181624 ----atw- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-01-01 19:06 77824 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-03 21:21 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-12-10 08:03 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"wuauserv"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\SIMS\\RACER\\tracked.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Honza\\Desktop\\komix simpsnovi\\hry\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mpHAMACHI 1.4.exe"=
"c:\\Program Files\\Metin2_TESTER\\metin2.bin"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
R2 IcRecUsb;IC Recorder Driver;c:\windows\system32\Drivers\IcRecUsb.sys [2001-10-02 17432]
R3 ipw_bus;IPWireless;c:\windows\system32\DRIVERS\ipw_bus.sys [2005-09-27 58320]
R3 ipw_mdfl;Wireless Broadband Modem Filter;c:\windows\system32\DRIVERS\ipw_mdfl.sys [2005-09-27 8272]
R3 ipw_mdm;Wireless Broadband Modem (WDM);c:\windows\system32\DRIVERS\ipw_mdm.sys [2005-09-27 95440]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-03-29 38224]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-11 691696]
S1 aswSP;avast! Self Protection; [x]
S1 SSHDRV82;SSHDRV82;c:\windows\system32\drivers\SSHDRV82.sys [2006-11-15 76288]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-04-16 1872320]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 AVWUpSrv;AntiVir Update;c:\program files\AVPersonal\AVWUPSRV.EXE [2004-11-17 36864]
S2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [2007-09-06 5504]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\DRIVERS\ethpdrv.sys [2005-09-07 9728]
S3 OmniTV;Cx2388x AvStream Video Capture;c:\windows\system32\DRIVERS\OmniTV.sys [2006-01-04 197632]
.
Obsah adresáře 'Naplánované úlohy'
2010-04-21 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-05-17 19:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = hxxp://www.yahoo.com
mWindow Title = Microsoft Internet Explorer
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD LT 2000i Cz\InstFred.ocx
FF - ProfilePath - c:\documents and settings\Honza\Application Data\Mozilla\Firefox\Profiles\lr9unmvj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search Powered by Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&q=
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Notify-ddcBTJBQ - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-26 13:30
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-833971647-2919139097-2166695667-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:82,dd,34,d8,c6,63,7a,55,93,37,b5,d9,fb,2d,e4,1d,64,12,29,83,ce,85,42,
52,e9,9d,33,34,01,c2,37,57,8c,5d,9d,a1,2b,d5,07,85,85,33,95,1b,60,1e,04,9e,\
"??"=hex:84,de,ae,d8,f8,6c,86,0a,74,09,c2,5e,a0,48,f8,21
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{793A0CD2-18B8-B505-D2705730ED7730B5}\{224F5FE7-6AB9-E5AA-092A0B3F1E7E0249}\{E87C09AA-1A97-D30E-8C0D3EFE96A56BA8}*]
"63AUOURV1X6YIYB2ELIFO4LTRC1"=hex:01,00,01,00,00,00,00,00,87,da,ad,38,2b,26,f8,
c3,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(212)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\SigmaTel\C-Major Audio\WDM\STacSV.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2010-04-26 13:36:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-26 11:36
Před spuštěním: 88 519 738 880 bytes free
Po spuštění: Volných bajtů: 88 321 192 448
- - End Of File - - 1722C6C386DD1FF6282E0F0A820F2291
ComboFix 10-04-21.01 - Honza 26.04.2010 13:18:25.7.2 - x86
Spuštěný z: c:\documents and settings\Honza\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Honza\Desktop\CFScript.txt
file zipped: c:\windows\system32\01.tmp
file zipped: c:\windows\System32\drivers\491701b0.sys
file zipped: c:\windows\System32\drivers\dbadca93.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\01.tmp
c:\windows\System32\drivers\491701b0.sys
c:\windows\System32\drivers\dbadca93.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CHEBA
-------\Legacy_DPAUPUHW
-------\Legacy_kclew
-------\Legacy_NRXJTVFTJ
-------\Service_491701b0
-------\Service_apzuy
-------\Service_dbadca93
-------\Service_dpaupuhw
-------\Service_cheba
-------\Service_kclew
-------\Service_mpabkyir
-------\Service_mpksxw
-------\Service_nmjklrw
-------\Service_nrxjtvftj
-------\Service_pycup
-------\Service_tgxldtzd
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-26 do 2010-04-26 )))))))))))))))))))))))))))))))
.
2010-04-12 14:09 . 2010-04-12 14:09 -------- d-----w- c:\documents and settings\mama\Local Settings\Application Data\Opera
2010-04-02 13:04 . 2010-04-02 13:04 -------- d-----w- c:\documents and settings\Honza\Application Data\ICQ
2010-04-01 19:27 . 2010-04-16 16:11 -------- d-----w- c:\program files\a-squared Free
2010-04-01 18:07 . 2010-04-01 18:07 -------- d-----w- c:\documents and settings\Honza\Application Data\Sereniti
2010-04-01 17:29 . 2010-04-01 17:29 -------- d-----w- c:\program files\Yamicsoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-26 11:12 . 2010-04-26 11:12 389120 ----a-w- c:\windows\system32\CF12112.exe
2010-04-26 11:06 . 2007-01-04 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-25 19:04 . 2008-02-24 19:09 -------- d-----w- c:\program files\Kyodai Mahjongg
2010-04-25 12:01 . 2010-04-25 12:01 -------- d-----w- c:\program files\Secunia
2010-04-22 16:33 . 2007-06-07 21:44 -------- d-----w- c:\program files\World of Warcraft
2010-04-18 17:30 . 2010-04-18 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 08:32 . 2010-04-18 08:32 -------- d-----w- c:\program files\Trend Micro
2010-04-18 08:19 . 2010-04-18 08:18 -------- d-----w- c:\program files\Eraser
2010-04-18 08:14 . 2008-12-10 08:01 -------- d-----w- c:\program files\CCleaner
2010-04-07 18:24 . 2006-12-23 18:54 94936 ----a-w- c:\documents and settings\Evina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-05 08:34 . 2010-02-26 10:26 -------- d-----w- c:\documents and settings\Honza\Application Data\uTorrent
2010-04-01 18:25 . 2010-02-05 20:38 -------- d-----w- c:\program files\Opera
2010-04-01 18:22 . 2009-12-23 17:34 -------- d-----w- c:\program files\Lark Anti-Spyware
2010-04-01 17:55 . 2000-11-08 10:32 1388544 ----a-w- c:\windows\system32\msvbvm60.dll
2010-04-01 17:16 . 2008-03-02 13:24 -------- d-----w- c:\program files\QIP
2010-04-01 17:11 . 2008-11-01 14:40 -------- d-----w- c:\program files\VS Revo Group
2010-04-01 17:10 . 2009-10-16 12:37 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-03-29 22:46 . 2010-04-18 17:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2010-04-18 17:30 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 17:50 . 2009-10-23 14:37 -------- d-----w- c:\program files\Warsow 0.5
2010-03-28 17:32 . 2010-03-21 11:19 -------- d-----w- c:\documents and settings\Honza\Application Data\Winamp
2010-03-23 11:14 . 2007-01-02 15:38 94936 ----a-w- c:\documents and settings\mama\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-22 15:30 . 2007-01-06 20:09 94936 ----a-w- c:\documents and settings\Honza\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-22 06:51 . 2006-09-04 07:45 94936 ----a-w- c:\documents and settings\Comfor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-22 06:44 . 2010-03-22 06:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2010-03-21 11:19 . 2010-03-21 11:19 -------- d-----w- c:\program files\Winamp
2010-03-21 11:18 . 2010-03-21 11:18 -------- d-----w- c:\documents and settings\Honza\Application Data\Media Player Classic
2010-03-21 11:08 . 2010-03-21 11:07 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-21 11:08 . 2007-02-18 10:08 36932 ----a-w- c:\documents and settings\Honza\Application Data\Avant Browser\update.dll
2010-03-20 08:34 . 2006-08-22 10:03 -------- d-----w- c:\program files\CyberLink
2010-03-20 08:34 . 2006-08-22 09:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 18:00 . 2010-03-21 11:08 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-09 21:21 . 2007-11-28 08:10 36932 ----a-w- c:\documents and settings\mama\Application Data\Avant Browser\update.dll
2010-03-09 17:34 . 2010-03-09 17:34 36864 ----a-w- c:\documents and settings\Honza\Application Data\Autodesk\AutoCAD 2010\R18.0\csy\ContextualTabSelectorRules.dll
2010-03-09 17:34 . 2009-12-11 16:23 -------- d-----w- c:\documents and settings\Honza\Application Data\Autodesk
2010-03-09 17:34 . 2009-12-11 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-03-09 17:32 . 2010-03-09 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-09 13:50 . 2010-03-09 13:40 -------- d-----w- c:\program files\AutoCAD 2010
2010-03-09 13:50 . 2009-12-11 16:22 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-03-09 13:46 . 2010-03-09 13:46 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-07 16:42 . 2010-02-26 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-07 16:42 . 2010-01-31 11:30 -------- d-----w- c:\program files\IObit
2010-03-06 12:49 . 2010-03-06 12:40 461888 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2010-03-06 12:44 . 2010-03-06 12:40 371776 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2010-03-06 12:44 . 2010-03-06 12:40 187456 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2010-03-06 12:43 . 2010-03-06 12:40 57344 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\pb\pbag.dll
2010-03-06 12:43 . 2010-03-06 12:40 887856 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\pb\pbcl.dll
2010-03-06 12:43 . 2010-03-06 12:40 2427968 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2010-03-06 12:05 . 2010-03-06 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2010-03-01 21:06 . 2009-11-06 16:44 -------- d-----w- c:\documents and settings\Honza\Application Data\gtk-2.0
2010-02-27 18:27 . 2006-10-30 16:52 737280 ----a-w- c:\windows\iun6002.exe
2010-02-26 10:30 . 2009-08-27 05:47 -------- d-----w- c:\program files\nLite
2010-02-26 10:29 . 2007-08-26 07:50 -------- d-----w- c:\program files\De Blob
2010-02-20 13:03 . 2010-01-14 19:17 1 ----a-w- c:\documents and settings\Honza\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-10 17:13 . 2010-03-21 11:06 165376 ----a-w- c:\windows\system32\unrar.dll
2006-10-06 15:24 . 2006-10-06 15:24 19 ----a-w- c:\program files\Answer.txt
2004-07-19 21:58 . 2004-07-19 21:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-19 21:53 . 2004-07-19 21:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-16 13:30 . 2004-07-16 13:30 3858 ----a-w- c:\program files\directx redist.txt
2004-07-09 13:17 . 2004-07-09 13:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 08:13 . 2004-07-09 08:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 08:13 . 2004-07-09 08:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 03:08 . 2004-07-09 03:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 03:08 . 2004-07-09 03:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 02:03 . 2004-07-09 02:03 62976 ----a-w- c:\program files\DSETUP.dll
2003-02-08 05:50 . 2006-12-19 17:31 656068533 ----a-w- c:\program files\data2.cab
2003-02-08 05:46 . 2006-12-19 17:34 2582497 ----a-w- c:\program files\data1.cab
2003-02-08 05:46 . 2006-12-19 17:34 204829 ----a-w- c:\program files\data1.hdr
2003-01-29 02:34 . 2006-12-19 17:34 36864 ----a-w- c:\program files\Autorun.exe
2002-12-05 19:16 . 2006-12-19 17:31 418296 ----a-w- c:\program files\engine32.cab
1999-04-23 22:22 . 1999-04-23 22:22 12 --sha-w- c:\windows\system\WININETICMP32.drv
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SimHID.lnk]
backup=c:\windows\pss\SimHID.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^Custom start.exe]
backup=c:\windows\pss\Custom start.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-06-01 11:32 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 11:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2010-04-10 06:45 979344 ----a-w- c:\progra~1\Eraser\Eraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
2006-04-19 15:40 9125888 ----a-w- c:\program files\Intel Audio Studio\IntelAudioStudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSSInstallation]
2009-05-17 19:38 181624 ----atw- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-01-01 19:06 77824 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-03 21:21 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-12-10 08:03 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"wuauserv"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\SIMS\\RACER\\tracked.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Honza\\Desktop\\komix simpsnovi\\hry\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mpHAMACHI 1.4.exe"=
"c:\\Program Files\\Metin2_TESTER\\metin2.bin"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
R2 IcRecUsb;IC Recorder Driver;c:\windows\system32\Drivers\IcRecUsb.sys [2001-10-02 17432]
R3 ipw_bus;IPWireless;c:\windows\system32\DRIVERS\ipw_bus.sys [2005-09-27 58320]
R3 ipw_mdfl;Wireless Broadband Modem Filter;c:\windows\system32\DRIVERS\ipw_mdfl.sys [2005-09-27 8272]
R3 ipw_mdm;Wireless Broadband Modem (WDM);c:\windows\system32\DRIVERS\ipw_mdm.sys [2005-09-27 95440]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-03-29 38224]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-11 691696]
S1 aswSP;avast! Self Protection; [x]
S1 SSHDRV82;SSHDRV82;c:\windows\system32\drivers\SSHDRV82.sys [2006-11-15 76288]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-04-16 1872320]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 AVWUpSrv;AntiVir Update;c:\program files\AVPersonal\AVWUPSRV.EXE [2004-11-17 36864]
S2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [2007-09-06 5504]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\DRIVERS\ethpdrv.sys [2005-09-07 9728]
S3 OmniTV;Cx2388x AvStream Video Capture;c:\windows\system32\DRIVERS\OmniTV.sys [2006-01-04 197632]
.
Obsah adresáře 'Naplánované úlohy'
2010-04-21 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-05-17 19:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = hxxp://www.yahoo.com
mWindow Title = Microsoft Internet Explorer
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD LT 2000i Cz\InstFred.ocx
FF - ProfilePath - c:\documents and settings\Honza\Application Data\Mozilla\Firefox\Profiles\lr9unmvj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search Powered by Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&q=
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Notify-ddcBTJBQ - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-26 13:30
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-833971647-2919139097-2166695667-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:82,dd,34,d8,c6,63,7a,55,93,37,b5,d9,fb,2d,e4,1d,64,12,29,83,ce,85,42,
52,e9,9d,33,34,01,c2,37,57,8c,5d,9d,a1,2b,d5,07,85,85,33,95,1b,60,1e,04,9e,\
"??"=hex:84,de,ae,d8,f8,6c,86,0a,74,09,c2,5e,a0,48,f8,21
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{793A0CD2-18B8-B505-D2705730ED7730B5}\{224F5FE7-6AB9-E5AA-092A0B3F1E7E0249}\{E87C09AA-1A97-D30E-8C0D3EFE96A56BA8}*]
"63AUOURV1X6YIYB2ELIFO4LTRC1"=hex:01,00,01,00,00,00,00,00,87,da,ad,38,2b,26,f8,
c3,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(212)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\SigmaTel\C-Major Audio\WDM\STacSV.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2010-04-26 13:36:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-26 11:36
Před spuštěním: 88 519 738 880 bytes free
Po spuštění: Volných bajtů: 88 321 192 448
- - End Of File - - 1722C6C386DD1FF6282E0F0A820F2291
Re: Prosím o kontrolu logu.
Nastaly menší potíže takže to vemu postupně...
1) Qoobox jsem odeslal
2) Combofix jsem odinstaloval a restartoval počítač.
3) T-cleaner jsem stáhnul a vše udělal jak bylo řečeno. Následný restart.
4) A teď přišel problém... MBAM nešel spustit, objevila se hláška že Run-time error '339¨: Component 'vbalsgrid6.ocx' or one of its dependencies not correctly registered: a file is missing or invalid.
Po odkliknutí se objevila hláška Instrukce na adreses 0x773f65f1 odkazovala na adresu paměi 0x773f65f1. S pamětí nelze provést operaci: read.
Skusil jsem následnou přeinstalaci ovšem to nic nespravilo takže log z MBAM chybí.
5)Krátký log z Gmeru.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-26 14:52:19
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Honza\LOCALS~1\Temp\pwldapog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
6) Dlouhý log je jako příloha. Musel jsem ji zararovat, protože mi to házelo upozornění že to nebere soubory s příponou log.
Známky zrychlení jdou vcelku vidět, programy startují rychleji (autocad), u Internetu se už stabilizovala rychlost stahování (I když se to sem tam nepochopitelně sníží a potom se pomalu zvedá) a u her to bohužel není tak krásne (i když rozhodně nejsou moje priorita
), že mi latence vyskočí z 10m/s na 2400m/s a následně sletí na 500-100m/s a dále neklesne (world of warcraft).
1) Qoobox jsem odeslal
2) Combofix jsem odinstaloval a restartoval počítač.
3) T-cleaner jsem stáhnul a vše udělal jak bylo řečeno. Následný restart.
4) A teď přišel problém... MBAM nešel spustit, objevila se hláška že Run-time error '339¨: Component 'vbalsgrid6.ocx' or one of its dependencies not correctly registered: a file is missing or invalid.
Po odkliknutí se objevila hláška Instrukce na adreses 0x773f65f1 odkazovala na adresu paměi 0x773f65f1. S pamětí nelze provést operaci: read.
Skusil jsem následnou přeinstalaci ovšem to nic nespravilo takže log z MBAM chybí.
5)Krátký log z Gmeru.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-26 14:52:19
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Honza\LOCALS~1\Temp\pwldapog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
6) Dlouhý log je jako příloha. Musel jsem ji zararovat, protože mi to házelo upozornění že to nebere soubory s příponou log.
Známky zrychlení jdou vcelku vidět, programy startují rychleji (autocad), u Internetu se už stabilizovala rychlost stahování (I když se to sem tam nepochopitelně sníží a potom se pomalu zvedá) a u her to bohužel není tak krásne (i když rozhodně nejsou moje priorita
), že mi latence vyskočí z 10m/s na 2400m/s a následně sletí na 500-100m/s a dále neklesne (world of warcraft). - Přílohy
-
- log.rar
- (35.76 KiB) Staženo 52 x
Re: Prosím o kontrolu logu.
Vemu to zase po bodech.
1) Stáhnuto, rozbaleno.
2) Při zadání regsvr32 vbalsgrid6.ocx a následném odkliknutí se ukázala tabulka: Provedení DllRegisterServer v vbalsgrid6.ocx se nezdařilo. Návratový kód je: 0x80004005.
3) Při pokusu o spuštěni MBAM se mi objevilo Run-time error '0' při odkliknutí na mě vyskočí další okno s Run-time error '440' Automation error.
1) Stáhnuto, rozbaleno.
2) Při zadání regsvr32 vbalsgrid6.ocx a následném odkliknutí se ukázala tabulka: Provedení DllRegisterServer v vbalsgrid6.ocx se nezdařilo. Návratový kód je: 0x80004005.
3) Při pokusu o spuštěni MBAM se mi objevilo Run-time error '0' při odkliknutí na mě vyskočí další okno s Run-time error '440' Automation error.
Re: Prosím o kontrolu logu.
OTL logfile created on: 27.4.2010 18:32:46 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Honza\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 006,00 Mb Total Physical Memory | 443,00 Mb Available Physical Memory | 44,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 83,34 Gb Free Space | 35,79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DC056129
Current User Name: Honza
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.04.27 18:31:15 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Honza\Desktop\OTL.exe
PRC - [2010.04.16 17:07:11 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2010.04.10 08:36:42 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.03.29 14:54:52 | 002,343,120 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009.11.25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\ALWIL Software\Avast4\ashDisp.exe
PRC - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\ALWIL Software\Avast4\ashServ.exe
PRC - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\ALWIL Software\Avast4\ashMaiSv.exe
PRC - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\ALWIL Software\Avast4\ashWebSv.exe
PRC - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\ALWIL Software\Avast4\aswUpdSv.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.05.26 07:58:54 | 000,086,016 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2005.01.14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe
PRC - [2004.11.17 15:44:14 | 000,036,864 | ---- | M] (H+BEDV Datentechnik GmbH, Germany) -- C:\Program Files\AVPersonal\AVWUPSRV.EXE
========== Modules (SafeList) ==========
MOD - [2010.04.27 18:31:15 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Honza\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2010.04.16 17:07:11 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2010.03.09 15:46:52 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.02.13 22:39:37 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006.05.26 07:58:54 | 000,086,016 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2005.01.14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)
SRV - [2004.11.17 15:44:14 | 000,036,864 | ---- | M] (H+BEDV Datentechnik GmbH, Germany) [Auto | Running] -- C:\Program Files\AVPersonal\AVWUPSRV.EXE -- (AVWUpSrv)
========== Driver Services (SafeList) ==========
DRV - [2009.12.11 16:47:38 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009.11.25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.11.25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.08.03 13:36:28 | 000,038,160 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009.06.17 14:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009.02.04 09:27:21 | 003,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.02.20 15:07:00 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.09.06 12:15:22 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\dvdmmg.sys -- (dvdmmg)
DRV - [2007.06.21 16:21:58 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901_2gm.sys -- (tap0901_2gm)
DRV - [2006.11.15 16:21:01 | 000,076,288 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV82.sys -- (SSHDRV82)
DRV - [2006.06.19 14:18:56 | 000,043,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006.06.05 15:49:08 | 000,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2006.03.20 09:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006.01.04 15:35:34 | 000,197,632 | ---- | M] (YUAN High-Tech Development Co. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OmniTV.sys -- (OmniTV)
DRV - [2005.12.02 10:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.09.27 10:21:54 | 000,095,440 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipw_mdm.sys -- (ipw_mdm) Wireless Broadband Modem (WDM)
DRV - [2005.09.27 10:21:50 | 000,008,272 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipw_mdfl.sys -- (ipw_mdfl)
DRV - [2005.09.27 10:21:28 | 000,058,320 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipw_bus.sys -- (ipw_bus)
DRV - [2005.09.08 01:18:54 | 000,009,728 | R--- | M] (Gemfor s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ethpdrv.sys -- (Ethpdrv)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.08.09 13:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.08.09 13:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.07.16 08:27:40 | 000,043,264 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001.10.02 08:37:40 | 000,017,432 | ---- | M] (lecs Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\IcRecUsb.sys -- (IcRecUsb)
DRV - [1999.09.10 20:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aspi32.BAK -- (ASPI32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comfor.cz
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comfor.cz
IE - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "Search Powered by Google"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.as ... earchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search Powered by Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: historyTree@norman.solomon:1.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.as ... 2384137&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.10 08:36:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.10 08:36:47 | 000,000,000 | ---D | M]
[2009.08.27 09:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\mozilla\Extensions
[2010.04.26 15:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\mozilla\Firefox\Profiles\lr9unmvj.default\extensions
[2010.02.19 20:56:31 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Honza\Application Data\mozilla\Firefox\Profiles\lr9unmvj.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.02.05 22:27:30 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Honza\Application Data\mozilla\Firefox\Profiles\lr9unmvj.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.02.05 22:27:33 | 000,000,000 | ---D | M] (New Tab King) -- C:\Documents and Settings\Honza\Application Data\mozilla\Firefox\Profiles\lr9unmvj.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2009.11.01 15:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\mozilla\Firefox\Profiles\lr9unmvj.default\extensions\historyTree@norman.solomon
[2010.01.16 15:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\mozilla\Firefox\Profiles\lr9unmvj.default\extensions\personas@christopher.beard
[2010.01.21 18:08:42 | 000,000,907 | ---- | M] () -- C:\Documents and Settings\Honza\Application Data\Mozilla\FireFox\Profiles\lr9unmvj.default\searchplugins\conduit.xml
[2010.03.09 21:08:33 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Honza\Application Data\Mozilla\FireFox\Profiles\lr9unmvj.default\searchplugins\winamp-search.xml
[2010.04.27 16:09:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010.01.16 02:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.16 02:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.16 02:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.16 02:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.16 02:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.04.26 13:28:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\..\Toolbar\WebBrowser: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - No CLSID value found.
O3 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\ALWIL Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Value error.)
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} file://C:\Program Files\AutoCAD LT 2000i Cz\InstFred.ocx (NOXLATE)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\AutoCAD LT 2000i Cz\AcDcToday.ocx (Ovládací prvek AcDcToday)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\AutoCAD LT 2000i Cz\AcPreview.ocx (Prvek AcPreview)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.252
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\ddcBTJBQ: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Honza\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Honza\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.09 14:47:48 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006.08.21 09:52:27 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)
========== Files/Folders - Created Within 7 Days ==========
[2010.04.27 18:31:08 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Honza\Desktop\OTL.exe
[2010.04.27 11:15:17 | 000,496,976 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalsgrid6.ocx
[2010.04.27 11:14:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\vbalsgrid6
[2010.04.26 18:41:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.04.26 14:51:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Honza\Desktop\gmer
[2010.04.26 14:42:26 | 000,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.26 14:42:25 | 000,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.26 14:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.04.26 14:40:47 | 003,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Honza\Desktop\mbam-setup.exe
[2010.04.25 14:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2010.04.25 13:37:52 | 000,716,320 | ---- | C] (Secunia) -- C:\Documents and Settings\Honza\Desktop\PSISetup.exe
[2010.04.21 16:21:33 | 001,345,297 | ---- | C] (Hurricanesoft ) -- C:\Documents and Settings\Honza\Desktop\his2006_cz_fe_setup.exe
[2010.04.21 16:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Honza\Desktop\Autoruns
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2010.04.27 18:31:15 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Honza\Desktop\OTL.exe
[2010.04.27 15:47:59 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Honza\ntuser.ini
[2010.04.27 15:47:58 | 011,534,336 | ---- | M] () -- C:\Documents and Settings\Honza\NTUSER.DAT
[2010.04.27 15:47:42 | 005,948,376 | -H-- | M] () -- C:\Documents and Settings\Honza\Local Settings\Application Data\IconCache.db
[2010.04.27 13:13:13 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.27 11:12:53 | 000,145,720 | ---- | M] () -- C:\Documents and Settings\Honza\Desktop\vbalsgrid6.rar
[2010.04.27 07:50:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.27 07:50:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.26 23:24:15 | 000,036,618 | ---- | M] () -- C:\Documents and Settings\Honza\Desktop\log.rar
[2010.04.26 14:50:41 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Honza\Desktop\gmer.zip
[2010.04.26 14:49:39 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\Honza\.recently-used.xbel
[2010.04.26 14:42:29 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.26 14:41:50 | 003,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Honza\Desktop\mbam-setup.exe
[2010.04.26 14:36:53 | 000,210,944 | ---- | M] () -- C:\Documents and Settings\Honza\Desktop\T-Cleaner.exe
[2010.04.26 14:27:11 | 000,021,247 | ---- | M] () -- C:\Qoobox.rar
[2010.04.26 13:29:12 | 000,000,309 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.26 13:28:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.04.25 19:44:22 | 001,742,266 | ---- | M] () -- C:\Documents and Settings\Honza\Desktop\4.jpg
[2010.04.25 19:41:02 | 002,889,048 | ---- | M] () -- C:\Documents and Settings\Honza\Desktop\7.jpg
[2010.04.25 19:29:08 | 000,000,945 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.04.25 19:29:08 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010.04.25 13:38:14 | 000,716,320 | ---- | M] (Secunia) -- C:\Documents and Settings\Honza\Desktop\PSISetup.exe
[2010.04.22 18:52:09 | 006,447,836 | ---- | M] () -- C:\Documents and Settings\Honza\My Documents\AutoRuns.arn
[2010.04.21 16:30:25 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\NSSstub.job
[2010.04.21 16:25:53 | 004,959,280 | ---- | M] () -- C:\Documents and Settings\Honza\Desktop\WoW-3.3.3.11685-to-3.3.3.11723-enUS-patch.exe
[2010.04.21 16:21:55 | 001,345,297 | ---- | M] (Hurricanesoft ) -- C:\Documents and Settings\Honza\Desktop\his2006_cz_fe_setup.exe
[2010.04.21 16:18:53 | 128,600,432 | ---- | M] () -- C:\Documents and Settings\Honza\Desktop\WoW-3.3.2.11403-to-3.3.3.11685-enUS-patch.exe
[2010.04.21 16:04:45 | 000,595,499 | ---- | M] () -- C:\Documents and Settings\Honza\Desktop\Autoruns.zip
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.04.27 11:12:51 | 000,145,720 | ---- | C] () -- C:\Documents and Settings\Honza\Desktop\vbalsgrid6.rar
[2010.04.26 23:24:15 | 000,036,618 | ---- | C] () -- C:\Documents and Settings\Honza\Desktop\log.rar
[2010.04.26 14:51:15 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Honza\Desktop\gmer.exe
[2010.04.26 14:50:35 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Honza\Desktop\gmer.zip
[2010.04.26 14:49:39 | 000,001,538 | ---- | C] () -- C:\Documents and Settings\Honza\.recently-used.xbel
[2010.04.26 14:42:29 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.26 14:27:10 | 000,021,247 | ---- | C] () -- C:\Qoobox.rar
[2010.04.26 13:27:38 | 000,177,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat~
[2010.04.25 19:43:50 | 001,742,266 | ---- | C] () -- C:\Documents and Settings\Honza\Desktop\4.jpg
[2010.04.25 19:41:01 | 002,889,048 | ---- | C] () -- C:\Documents and Settings\Honza\Desktop\7.jpg
[2010.04.21 16:23:22 | 004,959,280 | ---- | C] () -- C:\Documents and Settings\Honza\Desktop\WoW-3.3.3.11685-to-3.3.3.11723-enUS-patch.exe
[2010.04.21 16:17:15 | 006,447,836 | ---- | C] () -- C:\Documents and Settings\Honza\My Documents\AutoRuns.arn
[2010.04.21 16:04:24 | 000,595,499 | ---- | C] () -- C:\Documents and Settings\Honza\Desktop\Autoruns.zip
[2010.04.21 15:33:36 | 128,600,432 | ---- | C] () -- C:\Documents and Settings\Honza\Desktop\WoW-3.3.2.11403-to-3.3.3.11685-enUS-patch.exe
[2010.03.21 13:08:06 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.03.21 13:08:04 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.03.21 13:08:04 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.03.21 13:08:03 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010.03.21 13:08:01 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.03.21 13:08:01 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.03.21 13:06:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.02.14 10:49:33 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wintab32.dll
[2009.04.24 16:48:56 | 000,777,728 | ---- | C] () -- C:\WINDOWS\System32\SSLSVC.DLL
[2009.04.24 16:48:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009.04.24 16:48:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2009.04.24 16:48:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009.04.24 16:48:52 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\lang_cfml.dll
[2009.04.24 16:48:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\xml_datagrove.dll
[2009.02.08 14:45:37 | 000,000,031 | ---- | C] () -- C:\WINDOWS\MCDB.ini
[2009.01.29 20:10:24 | 000,000,437 | ---- | C] () -- C:\WINDOWS\Marias.ini
[2008.11.22 22:46:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\php.ini
[2008.07.31 11:53:05 | 000,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2008.07.25 11:51:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WoWEmuHackSettings.ini
[2008.03.06 11:47:45 | 000,492,032 | ---- | C] () -- C:\WINDOWS\System32\ineth2.dll
[2008.03.06 11:47:02 | 000,492,032 | ---- | C] () -- C:\WINDOWS\System32\ineth.dll
[2008.03.06 11:46:51 | 000,415,744 | ---- | C] () -- C:\WINDOWS\System32\PlayerX.dll
[2008.01.21 22:37:10 | 000,000,045 | ---- | C] () -- C:\WINDOWS\klient.ini
[2008.01.05 16:11:14 | 000,000,204 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2007.12.27 10:30:11 | 000,000,056 | ---- | C] () -- C:\WINDOWS\crywmvtoavi.ini
[2007.12.22 16:51:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Cover.INI
[2007.12.22 16:51:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VDVD.INI
[2007.12.22 16:51:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\avvcnvrt.INI
[2007.12.22 16:51:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VMorpher.INI
[2007.12.22 16:49:14 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AVFTP.INI
[2007.10.10 14:12:38 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2007.10.10 14:12:22 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2007.09.12 15:29:17 | 000,000,031 | ---- | C] () -- C:\WINDOWS\tdlp32.ini
[2007.09.06 12:15:22 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\dvdmmg.sys
[2007.09.03 12:05:41 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007.08.20 16:22:37 | 000,000,143 | ---- | C] () -- C:\WINDOWS\cactus.ini
[2007.08.20 16:19:21 | 000,005,439 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.04.22 14:01:40 | 000,000,145 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2007.02.16 00:13:11 | 000,000,197 | ---- | C] () -- C:\WINDOWS\gfscore.ini
[2007.01.30 20:14:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007.01.14 13:45:00 | 000,000,048 | ---- | C] () -- C:\WINDOWS\imvamp.INI
[2007.01.10 16:18:18 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.01.07 16:49:52 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006.12.15 17:29:04 | 000,001,909 | ---- | C] () -- C:\WINDOWS\MapaCR.INI
[2006.11.30 11:51:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VideoExe.INI
[2006.11.21 19:53:43 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2006.11.15 16:21:01 | 000,076,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV82.sys
[2006.11.09 17:50:21 | 000,001,846 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006.11.01 19:34:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2006.10.31 02:42:24 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\Ve_pm.dll
[2006.10.31 02:42:24 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\Voicech.dll
[2006.10.22 14:27:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI
[2006.10.11 06:42:23 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006.10.06 15:43:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2006.10.06 15:41:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EngineExe.INI
[2006.09.18 14:43:42 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2006.09.09 11:14:26 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006.08.31 10:40:52 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006.08.31 09:17:03 | 000,000,384 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.08.31 09:04:20 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2006.08.22 12:52:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.08.22 12:46:02 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.04.13 11:30:06 | 001,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll
[2006.04.06 19:27:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\YIMSnifferDLL.dll
[2005.12.30 00:46:16 | 000,000,544 | ---- | C] () -- C:\WINDOWS\System32\okskank.ini
[2005.08.05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2004.07.29 20:17:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll
[2004.07.12 00:32:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\MP3IFilter.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.12.05 17:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll
[2001.01.12 11:49:38 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1980.01.01 02:00:00 | 000,000,844 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
========== LOP Check ==========
[2009.11.24 17:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010.03.09 19:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010.01.16 21:42:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007.08.20 16:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ConMet
[2009.12.11 16:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.01.30 15:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2010.03.06 14:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2010.03.07 18:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2006.09.11 22:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010.02.19 18:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2006.12.01 17:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\POPWWDEMO
[2007.02.07 05:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009.02.07 23:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009.11.14 22:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2007.05.12 18:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2007.01.10 19:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2007.01.10 19:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2008.06.03 20:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007.12.27 13:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009.11.24 17:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\ACD Systems
[2009.02.20 14:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Acreon
[2007.06.03 11:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Allstar
[2007.04.08 13:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Avant Browser
[2008.08.22 18:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Blender Foundation
[2006.09.04 12:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Canon
[2006.09.09 15:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\CD-LabelPrint
[2008.08.17 13:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\ClPhpEd
[2008.08.17 13:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\CodeLobster Php Edition
[2007.08.20 16:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\ConMet
[2010.02.19 16:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\DAEMON Tools Lite
[2008.11.23 11:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Desktopicon
[2008.11.22 22:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Dev-Cpp
[2010.01.31 13:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\DNA
[2009.05.24 12:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\FileZilla
[2008.01.05 16:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\FlashFXP
[2009.01.09 23:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Gearbox Software
[2008.08.20 14:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\GetRightToGo
[2009.04.30 20:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\gtk-2.0
[2010.01.13 22:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Hagel Technologies
[2004.01.02 20:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\ICQ
[2010.01.31 13:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\ICQ Toolbar
[2006.10.31 11:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\ICQLite
[2009.04.30 16:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Inkscape
[2010.03.07 18:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\IObit
[2007.03.21 16:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Jasc
[2006.09.04 20:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\LANGMaster
[2007.10.25 09:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Leadertech
[2008.01.18 20:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Matrix Y2K
[2008.11.22 22:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Micropro
[2010.01.31 13:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\MilkShape 3D 1.x.x
[2008.07.28 15:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Miranda
[2008.12.10 09:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\MSNInstaller
[2006.12.22 17:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\My Battle for Middle-earth(tm) II Files
[2008.06.09 17:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Nokia
[2007.02.16 10:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Nvu
[2009.01.29 13:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\OpenOffice.org
[2010.02.19 16:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Opera
[2008.12.10 09:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\OrphansRemover
[2008.11.01 11:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\PC Suite
[2008.11.02 19:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\QIP
[2006.08.31 10:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\ScanSoft
[2009.01.29 21:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Scirra
[2009.08.26 09:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\SecondLife
[2007.05.12 18:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Spyware Terminator
[2007.12.27 13:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Ulead Systems
[2010.01.31 13:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\uTorrent
[2009.02.14 18:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\VSRevoGroup
[2009.10.24 20:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Warsow 0.5
[2009.08.10 12:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Web Page Maker V2
[2009.06.12 19:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\WinPatrol
[2008.01.12 13:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Wintermute Engine
[2007.05.20 21:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evina\Application Data\Avant Browser
[2007.01.30 19:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evina\Application Data\Canon
[2010.01.29 14:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evina\Application Data\Hagel Technologies
[2007.10.06 11:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evina\Application Data\ICQ Toolbar
[2007.02.10 17:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evina\Application Data\ICQLite
[2009.08.10 10:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evina\Application Data\OpenOffice.org
[2009.11.27 15:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\ACD Systems
[2007.10.10 16:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Aston
[2010.03.09 19:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Autodesk
[2007.02.18 12:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Avant Browser
[2007.01.10 19:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Canon
[2009.10.16 14:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\DAEMON Tools Lite
[2009.11.01 13:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Feedreader
[2009.11.12 15:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\FileZilla
[2007.01.16 15:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Gearbox Software
[2010.04.26 14:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\gtk-2.0
[2010.04.02 15:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\ICQ
[2007.09.08 20:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\ICQ Toolbar
[2007.02.05 15:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\ICQLite
[2009.11.20 18:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\id Software
[2010.01.31 13:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\IObit
[2010.01.14 21:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\OpenOffice.org
[2010.02.05 22:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Opera
[2009.11.14 23:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Publish Providers
[2010.02.14 11:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\RibbonSoft
[2010.04.01 20:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Sereniti
[2010.01.30 20:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Sony
[2009.11.14 19:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Sony Setup
[2009.11.01 16:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Thinstall
[2010.04.05 10:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\uTorrent
[2009.10.23 16:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Warsow 0.5
[2010.01.28 20:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\WeGame
[2009.09.20 12:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\yess
[2007.11.28 10:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mama\Application Data\Avant Browser
[2007.01.27 08:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mama\Application Data\Canon
[2010.01.31 13:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mama\Application Data\DNA
[2007.09.04 09:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mama\Application Data\ICQ Toolbar
[2010.02.15 22:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mama\Application Data\OpenOffice.org
[2010.04.12 16:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mama\Application Data\Opera
[2007.02.07 05:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mama\Application Data\ScanSoft
[2007.01.08 14:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\ICQ Toolbar
[2010.04.21 16:30:25 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\NSSstub.job
[2010.04.27 00:23:33 | 000,006,302 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Honza\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 006,00 Mb Total Physical Memory | 443,00 Mb Available Physical Memory | 44,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 83,34 Gb Free Space | 35,79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DC056129
Current User Name: Honza
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.04.27 18:31:15 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Honza\Desktop\OTL.exe
PRC - [2010.04.16 17:07:11 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2010.04.10 08:36:42 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.03.29 14:54:52 | 002,343,120 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009.11.25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\ALWIL Software\Avast4\ashDisp.exe
PRC - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\ALWIL Software\Avast4\ashServ.exe
PRC - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\ALWIL Software\Avast4\ashMaiSv.exe
PRC - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\ALWIL Software\Avast4\ashWebSv.exe
PRC - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\ALWIL Software\Avast4\aswUpdSv.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.05.26 07:58:54 | 000,086,016 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2005.01.14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe
PRC - [2004.11.17 15:44:14 | 000,036,864 | ---- | M] (H+BEDV Datentechnik GmbH, Germany) -- C:\Program Files\AVPersonal\AVWUPSRV.EXE
========== Modules (SafeList) ==========
MOD - [2010.04.27 18:31:15 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Honza\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2010.04.16 17:07:11 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2010.03.09 15:46:52 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.02.13 22:39:37 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006.05.26 07:58:54 | 000,086,016 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2005.01.14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)
SRV - [2004.11.17 15:44:14 | 000,036,864 | ---- | M] (H+BEDV Datentechnik GmbH, Germany) [Auto | Running] -- C:\Program Files\AVPersonal\AVWUPSRV.EXE -- (AVWUpSrv)
========== Driver Services (SafeList) ==========
DRV - [2009.12.11 16:47:38 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009.11.25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.11.25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.08.03 13:36:28 | 000,038,160 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009.06.17 14:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009.02.04 09:27:21 | 003,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.02.20 15:07:00 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.09.06 12:15:22 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\dvdmmg.sys -- (dvdmmg)
DRV - [2007.06.21 16:21:58 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901_2gm.sys -- (tap0901_2gm)
DRV - [2006.11.15 16:21:01 | 000,076,288 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV82.sys -- (SSHDRV82)
DRV - [2006.06.19 14:18:56 | 000,043,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006.06.05 15:49:08 | 000,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2006.03.20 09:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006.01.04 15:35:34 | 000,197,632 | ---- | M] (YUAN High-Tech Development Co. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OmniTV.sys -- (OmniTV)
DRV - [2005.12.02 10:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.09.27 10:21:54 | 000,095,440 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipw_mdm.sys -- (ipw_mdm) Wireless Broadband Modem (WDM)
DRV - [2005.09.27 10:21:50 | 000,008,272 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipw_mdfl.sys -- (ipw_mdfl)
DRV - [2005.09.27 10:21:28 | 000,058,320 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipw_bus.sys -- (ipw_bus)
DRV - [2005.09.08 01:18:54 | 000,009,728 | R--- | M] (Gemfor s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ethpdrv.sys -- (Ethpdrv)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.08.09 13:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.08.09 13:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.07.16 08:27:40 | 000,043,264 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001.10.02 08:37:40 | 000,017,432 | ---- | M] (lecs Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\IcRecUsb.sys -- (IcRecUsb)
DRV - [1999.09.10 20:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aspi32.BAK -- (ASPI32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comfor.cz
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comfor.cz
IE - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "Search Powered by Google"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.as ... earchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search Powered by Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: historyTree@norman.solomon:1.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.as ... 2384137&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.10 08:36:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.10 08:36:47 | 000,000,000 | ---D | M]
[2009.08.27 09:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\mozilla\Extensions
[2010.04.26 15:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\mozilla\Firefox\Profiles\lr9unmvj.default\extensions
[2010.02.19 20:56:31 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Honza\Application Data\mozilla\Firefox\Profiles\lr9unmvj.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.02.05 22:27:30 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Honza\Application Data\mozilla\Firefox\Profiles\lr9unmvj.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.02.05 22:27:33 | 000,000,000 | ---D | M] (New Tab King) -- C:\Documents and Settings\Honza\Application Data\mozilla\Firefox\Profiles\lr9unmvj.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2009.11.01 15:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\mozilla\Firefox\Profiles\lr9unmvj.default\extensions\historyTree@norman.solomon
[2010.01.16 15:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\mozilla\Firefox\Profiles\lr9unmvj.default\extensions\personas@christopher.beard
[2010.01.21 18:08:42 | 000,000,907 | ---- | M] () -- C:\Documents and Settings\Honza\Application Data\Mozilla\FireFox\Profiles\lr9unmvj.default\searchplugins\conduit.xml
[2010.03.09 21:08:33 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Honza\Application Data\Mozilla\FireFox\Profiles\lr9unmvj.default\searchplugins\winamp-search.xml
[2010.04.27 16:09:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010.01.16 02:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.16 02:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.16 02:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.16 02:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.16 02:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.04.26 13:28:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\..\Toolbar\WebBrowser: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - No CLSID value found.
O3 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\ALWIL Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-833971647-2919139097-2166695667-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Value error.)
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} file://C:\Program Files\AutoCAD LT 2000i Cz\InstFred.ocx (NOXLATE)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\AutoCAD LT 2000i Cz\AcDcToday.ocx (Ovládací prvek AcDcToday)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\AutoCAD LT 2000i Cz\AcPreview.ocx (Prvek AcPreview)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.252
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\ddcBTJBQ: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Honza\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Honza\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.09 14:47:48 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006.08.21 09:52:27 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)
========== Files/Folders - Created Within 7 Days ==========
[2010.04.27 18:31:08 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Honza\Desktop\OTL.exe
[2010.04.27 11:15:17 | 000,496,976 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalsgrid6.ocx
[2010.04.27 11:14:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\vbalsgrid6
[2010.04.26 18:41:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.04.26 14:51:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Honza\Desktop\gmer
[2010.04.26 14:42:26 | 000,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.26 14:42:25 | 000,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.26 14:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.04.26 14:40:47 | 003,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Honza\Desktop\mbam-setup.exe
[2010.04.25 14:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2010.04.25 13:37:52 | 000,716,320 | ---- | C] (Secunia) -- C:\Documents and Settings\Honza\Desktop\PSISetup.exe
[2010.04.21 16:21:33 | 001,345,297 | ---- | C] (Hurricanesoft ) -- C:\Documents and Settings\Honza\Desktop\his2006_cz_fe_setup.exe
[2010.04.21 16:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Honza\Desktop\Autoruns
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2010.04.27 18:31:15 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Honza\Desktop\OTL.exe
[2010.04.27 15:47:59 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Honza\ntuser.ini
[2010.04.27 15:47:58 | 011,534,336 | ---- | M] () -- C:\Documents and Settings\Honza\NTUSER.DAT
[2010.04.27 15:47:42 | 005,948,376 | -H-- | M] () -- C:\Documents and Settings\Honza\Local Settings\Application Data\IconCache.db
[2010.04.27 13:13:13 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.27 11:12:53 | 000,145,720 | ---- | M] () -- C:\Documents and Settings\Honza\Desktop\vbalsgrid6.rar
[2010.04.27 07:50:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.27 07:50:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.26 23:24:15 | 000,036,618 | ---- | M] () -- C:\Documents and Settings\Honza\Desktop\log.rar
[2010.04.26 14:50:41 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Honza\Desktop\gmer.zip
[2010.04.26 14:49:39 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\Honza\.recently-used.xbel
[2010.04.26 14:42:29 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.26 14:41:50 | 003,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Honza\Desktop\mbam-setup.exe
[2010.04.26 14:36:53 | 000,210,944 | ---- | M] () -- C:\Documents and Settings\Honza\Desktop\T-Cleaner.exe
[2010.04.26 14:27:11 | 000,021,247 | ---- | M] () -- C:\Qoobox.rar
[2010.04.26 13:29:12 | 000,000,309 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.26 13:28:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.04.25 19:44:22 | 001,742,266 | ---- | M] () -- C:\Documents and Settings\Honza\Desktop\4.jpg
[2010.04.25 19:41:02 | 002,889,048 | ---- | M] () -- C:\Documents and Settings\Honza\Desktop\7.jpg
[2010.04.25 19:29:08 | 000,000,945 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.04.25 19:29:08 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010.04.25 13:38:14 | 000,716,320 | ---- | M] (Secunia) -- C:\Documents and Settings\Honza\Desktop\PSISetup.exe
[2010.04.22 18:52:09 | 006,447,836 | ---- | M] () -- C:\Documents and Settings\Honza\My Documents\AutoRuns.arn
[2010.04.21 16:30:25 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\NSSstub.job
[2010.04.21 16:25:53 | 004,959,280 | ---- | M] () -- C:\Documents and Settings\Honza\Desktop\WoW-3.3.3.11685-to-3.3.3.11723-enUS-patch.exe
[2010.04.21 16:21:55 | 001,345,297 | ---- | M] (Hurricanesoft ) -- C:\Documents and Settings\Honza\Desktop\his2006_cz_fe_setup.exe
[2010.04.21 16:18:53 | 128,600,432 | ---- | M] () -- C:\Documents and Settings\Honza\Desktop\WoW-3.3.2.11403-to-3.3.3.11685-enUS-patch.exe
[2010.04.21 16:04:45 | 000,595,499 | ---- | M] () -- C:\Documents and Settings\Honza\Desktop\Autoruns.zip
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.04.27 11:12:51 | 000,145,720 | ---- | C] () -- C:\Documents and Settings\Honza\Desktop\vbalsgrid6.rar
[2010.04.26 23:24:15 | 000,036,618 | ---- | C] () -- C:\Documents and Settings\Honza\Desktop\log.rar
[2010.04.26 14:51:15 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Honza\Desktop\gmer.exe
[2010.04.26 14:50:35 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Honza\Desktop\gmer.zip
[2010.04.26 14:49:39 | 000,001,538 | ---- | C] () -- C:\Documents and Settings\Honza\.recently-used.xbel
[2010.04.26 14:42:29 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.26 14:27:10 | 000,021,247 | ---- | C] () -- C:\Qoobox.rar
[2010.04.26 13:27:38 | 000,177,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat~
[2010.04.25 19:43:50 | 001,742,266 | ---- | C] () -- C:\Documents and Settings\Honza\Desktop\4.jpg
[2010.04.25 19:41:01 | 002,889,048 | ---- | C] () -- C:\Documents and Settings\Honza\Desktop\7.jpg
[2010.04.21 16:23:22 | 004,959,280 | ---- | C] () -- C:\Documents and Settings\Honza\Desktop\WoW-3.3.3.11685-to-3.3.3.11723-enUS-patch.exe
[2010.04.21 16:17:15 | 006,447,836 | ---- | C] () -- C:\Documents and Settings\Honza\My Documents\AutoRuns.arn
[2010.04.21 16:04:24 | 000,595,499 | ---- | C] () -- C:\Documents and Settings\Honza\Desktop\Autoruns.zip
[2010.04.21 15:33:36 | 128,600,432 | ---- | C] () -- C:\Documents and Settings\Honza\Desktop\WoW-3.3.2.11403-to-3.3.3.11685-enUS-patch.exe
[2010.03.21 13:08:06 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.03.21 13:08:04 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.03.21 13:08:04 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.03.21 13:08:03 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010.03.21 13:08:01 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.03.21 13:08:01 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.03.21 13:06:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.02.14 10:49:33 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wintab32.dll
[2009.04.24 16:48:56 | 000,777,728 | ---- | C] () -- C:\WINDOWS\System32\SSLSVC.DLL
[2009.04.24 16:48:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009.04.24 16:48:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2009.04.24 16:48:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009.04.24 16:48:52 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\lang_cfml.dll
[2009.04.24 16:48:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\xml_datagrove.dll
[2009.02.08 14:45:37 | 000,000,031 | ---- | C] () -- C:\WINDOWS\MCDB.ini
[2009.01.29 20:10:24 | 000,000,437 | ---- | C] () -- C:\WINDOWS\Marias.ini
[2008.11.22 22:46:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\php.ini
[2008.07.31 11:53:05 | 000,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2008.07.25 11:51:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WoWEmuHackSettings.ini
[2008.03.06 11:47:45 | 000,492,032 | ---- | C] () -- C:\WINDOWS\System32\ineth2.dll
[2008.03.06 11:47:02 | 000,492,032 | ---- | C] () -- C:\WINDOWS\System32\ineth.dll
[2008.03.06 11:46:51 | 000,415,744 | ---- | C] () -- C:\WINDOWS\System32\PlayerX.dll
[2008.01.21 22:37:10 | 000,000,045 | ---- | C] () -- C:\WINDOWS\klient.ini
[2008.01.05 16:11:14 | 000,000,204 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2007.12.27 10:30:11 | 000,000,056 | ---- | C] () -- C:\WINDOWS\crywmvtoavi.ini
[2007.12.22 16:51:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Cover.INI
[2007.12.22 16:51:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VDVD.INI
[2007.12.22 16:51:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\avvcnvrt.INI
[2007.12.22 16:51:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VMorpher.INI
[2007.12.22 16:49:14 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AVFTP.INI
[2007.10.10 14:12:38 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2007.10.10 14:12:22 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2007.09.12 15:29:17 | 000,000,031 | ---- | C] () -- C:\WINDOWS\tdlp32.ini
[2007.09.06 12:15:22 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\dvdmmg.sys
[2007.09.03 12:05:41 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007.08.20 16:22:37 | 000,000,143 | ---- | C] () -- C:\WINDOWS\cactus.ini
[2007.08.20 16:19:21 | 000,005,439 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.04.22 14:01:40 | 000,000,145 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2007.02.16 00:13:11 | 000,000,197 | ---- | C] () -- C:\WINDOWS\gfscore.ini
[2007.01.30 20:14:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007.01.14 13:45:00 | 000,000,048 | ---- | C] () -- C:\WINDOWS\imvamp.INI
[2007.01.10 16:18:18 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.01.07 16:49:52 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006.12.15 17:29:04 | 000,001,909 | ---- | C] () -- C:\WINDOWS\MapaCR.INI
[2006.11.30 11:51:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VideoExe.INI
[2006.11.21 19:53:43 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2006.11.15 16:21:01 | 000,076,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV82.sys
[2006.11.09 17:50:21 | 000,001,846 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006.11.01 19:34:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2006.10.31 02:42:24 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\Ve_pm.dll
[2006.10.31 02:42:24 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\Voicech.dll
[2006.10.22 14:27:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI
[2006.10.11 06:42:23 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006.10.06 15:43:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2006.10.06 15:41:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EngineExe.INI
[2006.09.18 14:43:42 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2006.09.09 11:14:26 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006.08.31 10:40:52 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006.08.31 09:17:03 | 000,000,384 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.08.31 09:04:20 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2006.08.22 12:52:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.08.22 12:46:02 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.04.13 11:30:06 | 001,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll
[2006.04.06 19:27:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\YIMSnifferDLL.dll
[2005.12.30 00:46:16 | 000,000,544 | ---- | C] () -- C:\WINDOWS\System32\okskank.ini
[2005.08.05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2004.07.29 20:17:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll
[2004.07.12 00:32:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\MP3IFilter.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.12.05 17:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll
[2001.01.12 11:49:38 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1980.01.01 02:00:00 | 000,000,844 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
========== LOP Check ==========
[2009.11.24 17:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010.03.09 19:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010.01.16 21:42:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007.08.20 16:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ConMet
[2009.12.11 16:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.01.30 15:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2010.03.06 14:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2010.03.07 18:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2006.09.11 22:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010.02.19 18:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2006.12.01 17:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\POPWWDEMO
[2007.02.07 05:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009.02.07 23:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009.11.14 22:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2007.05.12 18:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2007.01.10 19:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2007.01.10 19:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2008.06.03 20:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007.12.27 13:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009.11.24 17:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\ACD Systems
[2009.02.20 14:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Acreon
[2007.06.03 11:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Allstar
[2007.04.08 13:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Avant Browser
[2008.08.22 18:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Blender Foundation
[2006.09.04 12:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Canon
[2006.09.09 15:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\CD-LabelPrint
[2008.08.17 13:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\ClPhpEd
[2008.08.17 13:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\CodeLobster Php Edition
[2007.08.20 16:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\ConMet
[2010.02.19 16:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\DAEMON Tools Lite
[2008.11.23 11:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Desktopicon
[2008.11.22 22:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Dev-Cpp
[2010.01.31 13:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\DNA
[2009.05.24 12:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\FileZilla
[2008.01.05 16:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\FlashFXP
[2009.01.09 23:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Gearbox Software
[2008.08.20 14:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\GetRightToGo
[2009.04.30 20:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\gtk-2.0
[2010.01.13 22:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Hagel Technologies
[2004.01.02 20:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\ICQ
[2010.01.31 13:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\ICQ Toolbar
[2006.10.31 11:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\ICQLite
[2009.04.30 16:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Inkscape
[2010.03.07 18:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\IObit
[2007.03.21 16:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Jasc
[2006.09.04 20:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\LANGMaster
[2007.10.25 09:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Leadertech
[2008.01.18 20:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Matrix Y2K
[2008.11.22 22:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Micropro
[2010.01.31 13:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\MilkShape 3D 1.x.x
[2008.07.28 15:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Miranda
[2008.12.10 09:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\MSNInstaller
[2006.12.22 17:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\My Battle for Middle-earth(tm) II Files
[2008.06.09 17:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Nokia
[2007.02.16 10:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Nvu
[2009.01.29 13:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\OpenOffice.org
[2010.02.19 16:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Opera
[2008.12.10 09:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\OrphansRemover
[2008.11.01 11:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\PC Suite
[2008.11.02 19:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\QIP
[2006.08.31 10:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\ScanSoft
[2009.01.29 21:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Scirra
[2009.08.26 09:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\SecondLife
[2007.05.12 18:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Spyware Terminator
[2007.12.27 13:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Ulead Systems
[2010.01.31 13:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\uTorrent
[2009.02.14 18:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\VSRevoGroup
[2009.10.24 20:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Warsow 0.5
[2009.08.10 12:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Web Page Maker V2
[2009.06.12 19:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\WinPatrol
[2008.01.12 13:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comfor\Application Data\Wintermute Engine
[2007.05.20 21:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evina\Application Data\Avant Browser
[2007.01.30 19:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evina\Application Data\Canon
[2010.01.29 14:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evina\Application Data\Hagel Technologies
[2007.10.06 11:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evina\Application Data\ICQ Toolbar
[2007.02.10 17:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evina\Application Data\ICQLite
[2009.08.10 10:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evina\Application Data\OpenOffice.org
[2009.11.27 15:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\ACD Systems
[2007.10.10 16:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Aston
[2010.03.09 19:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Autodesk
[2007.02.18 12:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Avant Browser
[2007.01.10 19:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Canon
[2009.10.16 14:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\DAEMON Tools Lite
[2009.11.01 13:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Feedreader
[2009.11.12 15:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\FileZilla
[2007.01.16 15:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Gearbox Software
[2010.04.26 14:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\gtk-2.0
[2010.04.02 15:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\ICQ
[2007.09.08 20:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\ICQ Toolbar
[2007.02.05 15:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\ICQLite
[2009.11.20 18:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\id Software
[2010.01.31 13:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\IObit
[2010.01.14 21:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\OpenOffice.org
[2010.02.05 22:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Opera
[2009.11.14 23:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Publish Providers
[2010.02.14 11:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\RibbonSoft
[2010.04.01 20:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Sereniti
[2010.01.30 20:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Sony
[2009.11.14 19:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Sony Setup
[2009.11.01 16:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Thinstall
[2010.04.05 10:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\uTorrent
[2009.10.23 16:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Warsow 0.5
[2010.01.28 20:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\WeGame
[2009.09.20 12:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\yess
[2007.11.28 10:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mama\Application Data\Avant Browser
[2007.01.27 08:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mama\Application Data\Canon
[2010.01.31 13:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mama\Application Data\DNA
[2007.09.04 09:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mama\Application Data\ICQ Toolbar
[2010.02.15 22:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mama\Application Data\OpenOffice.org
[2010.04.12 16:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mama\Application Data\Opera
[2007.02.07 05:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mama\Application Data\ScanSoft
[2007.01.08 14:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\ICQ Toolbar
[2010.04.21 16:30:25 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\NSSstub.job
[2010.04.27 00:23:33 | 000,006,302 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
- Přílohy
-
- Extras.rar
- (7.67 KiB) Staženo 61 x
Re: Prosím o kontrolu logu.
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Advanced SystemCare 3" = "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup -- [2010.03.29 14:54:52 | 002,343,120 | ---- | M] (IObit)
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -- [2009.03.05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.)
< c:\windows\*.* /U >
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2009.04.24 06:38:10 | 000,185,848 | ---- | M] (Mozilla Foundation) -- C:\crashreporter.exe
[2009.04.24 06:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\firefox.exe
[2001.05.24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2009.04.24 06:38:27 | 000,242,168 | ---- | M] (Mozilla Foundation) -- C:\updater.exe
< %ALLUSERSPROFILE%\Application Data\*. >
[2009.11.24 17:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2007.10.15 15:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009.03.08 16:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010.03.09 19:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009.08.27 19:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010.02.06 21:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2010.01.16 21:42:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007.08.20 16:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ConMet
[2006.08.22 12:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009.12.11 16:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.03.09 19:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010.01.30 15:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2010.03.06 14:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2009.04.24 17:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010.03.07 18:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2007.10.28 14:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009.06.06 11:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.01.31 13:39:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008.01.21 20:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2006.09.11 22:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009.06.21 15:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2010.02.19 18:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2006.12.01 17:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\POPWWDEMO
[2007.01.01 21:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2007.02.07 05:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007.12.18 20:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009.02.07 23:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009.11.14 22:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010.04.26 13:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2007.05.12 18:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2007.01.10 19:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2007.01.10 19:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2008.06.03 20:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.04.24 14:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2007.12.27 13:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007.04.02 08:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2005.03.08 20:16:10 | 000,023,040 | ---- | M] (CANON INC.) -- C:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\Cnmvsa.exe
[2005.04.15 07:00:00 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\helpkicker.exe
[2009.11.30 13:17:04 | 002,373,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe
< %APPDATA%\*. >
[2009.11.27 15:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\ACD Systems
[2009.08.27 09:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Adobe
[2007.01.09 15:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\AdobeUM
[2007.02.03 12:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Ahead
[2007.01.10 19:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\ArcSoft
[2007.10.10 16:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Aston
[2008.04.19 09:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\ATI
[2010.03.09 19:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Autodesk
[2007.02.18 12:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Avant Browser
[2007.01.10 19:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Canon
[2006.08.22 12:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\CyberLink
[2009.10.16 14:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\DAEMON Tools Lite
[2009.11.10 10:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\FastStone
[2009.11.01 13:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Feedreader
[2009.11.12 15:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\FileZilla
[2007.01.16 15:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Gearbox Software
[2007.02.28 16:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Google
[2010.04.26 14:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\gtk-2.0
[2007.01.10 17:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Help
[2010.04.02 15:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\ICQ
[2007.09.08 20:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\ICQ Toolbar
[2007.02.05 15:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\ICQLite
[2009.11.20 18:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\id Software
[2006.08.21 10:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Identities
[2010.01.31 13:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\IObit
[2007.02.05 14:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Macromedia
[2009.10.16 18:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Malwarebytes
[2010.03.21 13:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Media Player Classic
[2009.11.27 17:17:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Honza\Application Data\Microsoft
[2009.08.27 09:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Mozilla
[2010.01.14 21:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\OpenOffice.org
[2008.08.22 12:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\OpenOffice.org2
[2010.02.05 22:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Opera
[2009.10.10 12:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\PSpad
[2009.11.14 23:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Publish Providers
[2010.02.14 11:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\RibbonSoft
[2009.08.27 14:41:11 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Honza\Application Data\SecuROM
[2010.04.01 20:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Sereniti
[2010.01.30 20:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Sony
[2009.11.14 19:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Sony Setup
[2007.02.03 13:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Sun
[2009.11.01 16:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Thinstall
[2010.04.05 10:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\uTorrent
[2009.10.23 16:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Warsow 0.5
[2010.01.28 20:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\WeGame
[2010.03.28 19:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Winamp
[2009.09.20 12:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\yess
< %APPDATA%\*.exe /s >
[2009.11.04 17:49:36 | 000,635,664 | ---- | M] (IObit) -- C:\Documents and Settings\Honza\Application Data\IObit\Common\TB_Helper.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_0256DD72B4FCEE7E087CD6.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_054EAA3D2854205365762A.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_0BE7D1154E2488CC516D81.exe
[2010.04.01 19:29:47 | 000,009,662 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_12C7A2B80C63D47BA9442A.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_2C11A35014CF33B0ED1F0C.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_35AE3BD1E845012A08A140.exe
[2010.04.01 19:29:47 | 000,013,262 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_399A7F53989FAF17DBBE78.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_3BA0F659663E00865042EE.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_4582ACC69D1B999A874A49.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_508E7E7120E720AE73B22A.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_540FF579F1E651C5DA1177.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_593CDD2374BA1441B4BC1A.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_6FEFF9B68218417F98F549.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_704F6D34061A7ABB31A184.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_781B03DABCF92007C6FA6E.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_84EEC0318A219DC96FCD30.exe
[2010.04.01 19:29:47 | 000,005,430 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_8B8988FCA6F095D66C8B6E.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_8C08BFDEF5C377DC4E7BDE.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_993E5DAF79260C8CBF61BF.exe
[2010.04.01 19:29:47 | 000,013,262 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_9AD746F64502ED33727B42.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_BA27DAA71A66FA2F2794B2.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_C7DA9F7ECA99013FB86200.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_D1911D830CFD3DF6D81A4E.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_DB3363B6F5A7DE8DB6322B.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_E29FA00C9EFDA19E0EE874.exe
[2010.04.01 19:29:47 | 000,005,430 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_E54F22AC4F7B501F34A61F.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_FB7DBA7B6C4302B53F60AC.exe
[2009.11.14 22:26:04 | 052,770,576 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Honza\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
< MD5 for: AGP440.SYS >
[2006.03.15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2006.03.15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2006.03.15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2006.03.15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.03.15 16:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
< MD5 for: CDROM.SYS >
[2006.03.15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:cdrom.sys
[2006.03.15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006.03.15 16:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2006.03.15 16:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 02:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 02:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006.03.15 16:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 13:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 12:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2006.03.15 16:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
< MD5 for: HAL.DLL >
[2006.03.15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:hal.dll
[2006.03.15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2006.03.15 16:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: CHANGER.SYS >
[2006.03.15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:Changer.sys
[2006.03.15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
< MD5 for: ISAPNP.SYS >
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2008.04.13 20:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.13 20:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2001.08.17 13:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2006.03.15 16:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\isapnp.sys
< MD5 for: LSASS.EXE >
[2006.03.15 16:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006.03.15 16:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006.03.15 16:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2006.03.15 16:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 02:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 02:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
[2006.03.15 16:00:00 | 000,470,016 | ---- | M] (Microsoft Corporation) MD5=9A98937A980831729D21343754FF9D59 -- C:\i386\SYSTEM32\SMSS.EXE
[2006.03.15 16:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006.03.15 16:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2006.01.13 19:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.03.15 16:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2006.03.15 16:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2006.03.15 16:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.04.14 02:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 02:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2006.03.15 16:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006.08.21 11:40:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.08.21 11:40:26 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.08.21 11:40:24 | 000,925,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
========== Alternate Data Streams ==========
@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:664FE078
< End of report >
Omlouvám se za rozdělení do dvou zpráv ale log měl více jak 60000 znaků
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Advanced SystemCare 3" = "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup -- [2010.03.29 14:54:52 | 002,343,120 | ---- | M] (IObit)
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -- [2009.03.05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.)
< c:\windows\*.* /U >
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2009.04.24 06:38:10 | 000,185,848 | ---- | M] (Mozilla Foundation) -- C:\crashreporter.exe
[2009.04.24 06:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\firefox.exe
[2001.05.24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2009.04.24 06:38:27 | 000,242,168 | ---- | M] (Mozilla Foundation) -- C:\updater.exe
< %ALLUSERSPROFILE%\Application Data\*. >
[2009.11.24 17:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2007.10.15 15:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009.03.08 16:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010.03.09 19:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009.08.27 19:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010.02.06 21:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2010.01.16 21:42:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007.08.20 16:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ConMet
[2006.08.22 12:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009.12.11 16:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.03.09 19:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010.01.30 15:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2010.03.06 14:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2009.04.24 17:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010.03.07 18:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2007.10.28 14:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009.06.06 11:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.01.31 13:39:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008.01.21 20:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2006.09.11 22:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009.06.21 15:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2010.02.19 18:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2006.12.01 17:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\POPWWDEMO
[2007.01.01 21:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2007.02.07 05:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007.12.18 20:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009.02.07 23:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009.11.14 22:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010.04.26 13:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2007.05.12 18:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2007.01.10 19:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2007.01.10 19:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2008.06.03 20:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.04.24 14:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2007.12.27 13:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007.04.02 08:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2005.03.08 20:16:10 | 000,023,040 | ---- | M] (CANON INC.) -- C:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\Cnmvsa.exe
[2005.04.15 07:00:00 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\helpkicker.exe
[2009.11.30 13:17:04 | 002,373,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe
< %APPDATA%\*. >
[2009.11.27 15:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\ACD Systems
[2009.08.27 09:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Adobe
[2007.01.09 15:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\AdobeUM
[2007.02.03 12:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Ahead
[2007.01.10 19:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\ArcSoft
[2007.10.10 16:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Aston
[2008.04.19 09:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\ATI
[2010.03.09 19:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Autodesk
[2007.02.18 12:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Avant Browser
[2007.01.10 19:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Canon
[2006.08.22 12:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\CyberLink
[2009.10.16 14:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\DAEMON Tools Lite
[2009.11.10 10:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\FastStone
[2009.11.01 13:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Feedreader
[2009.11.12 15:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\FileZilla
[2007.01.16 15:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Gearbox Software
[2007.02.28 16:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Google
[2010.04.26 14:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\gtk-2.0
[2007.01.10 17:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Help
[2010.04.02 15:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\ICQ
[2007.09.08 20:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\ICQ Toolbar
[2007.02.05 15:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\ICQLite
[2009.11.20 18:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\id Software
[2006.08.21 10:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Identities
[2010.01.31 13:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\IObit
[2007.02.05 14:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Macromedia
[2009.10.16 18:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Malwarebytes
[2010.03.21 13:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Media Player Classic
[2009.11.27 17:17:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Honza\Application Data\Microsoft
[2009.08.27 09:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Mozilla
[2010.01.14 21:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\OpenOffice.org
[2008.08.22 12:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\OpenOffice.org2
[2010.02.05 22:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Opera
[2009.10.10 12:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\PSpad
[2009.11.14 23:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Publish Providers
[2010.02.14 11:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\RibbonSoft
[2009.08.27 14:41:11 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Honza\Application Data\SecuROM
[2010.04.01 20:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Sereniti
[2010.01.30 20:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Sony
[2009.11.14 19:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Sony Setup
[2007.02.03 13:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Sun
[2009.11.01 16:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Thinstall
[2010.04.05 10:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\uTorrent
[2009.10.23 16:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Warsow 0.5
[2010.01.28 20:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\WeGame
[2010.03.28 19:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\Winamp
[2009.09.20 12:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Application Data\yess
< %APPDATA%\*.exe /s >
[2009.11.04 17:49:36 | 000,635,664 | ---- | M] (IObit) -- C:\Documents and Settings\Honza\Application Data\IObit\Common\TB_Helper.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_0256DD72B4FCEE7E087CD6.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_054EAA3D2854205365762A.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_0BE7D1154E2488CC516D81.exe
[2010.04.01 19:29:47 | 000,009,662 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_12C7A2B80C63D47BA9442A.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_2C11A35014CF33B0ED1F0C.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_35AE3BD1E845012A08A140.exe
[2010.04.01 19:29:47 | 000,013,262 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_399A7F53989FAF17DBBE78.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_3BA0F659663E00865042EE.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_4582ACC69D1B999A874A49.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_508E7E7120E720AE73B22A.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_540FF579F1E651C5DA1177.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_593CDD2374BA1441B4BC1A.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_6FEFF9B68218417F98F549.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_704F6D34061A7ABB31A184.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_781B03DABCF92007C6FA6E.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_84EEC0318A219DC96FCD30.exe
[2010.04.01 19:29:47 | 000,005,430 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_8B8988FCA6F095D66C8B6E.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_8C08BFDEF5C377DC4E7BDE.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_993E5DAF79260C8CBF61BF.exe
[2010.04.01 19:29:47 | 000,013,262 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_9AD746F64502ED33727B42.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_BA27DAA71A66FA2F2794B2.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_C7DA9F7ECA99013FB86200.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_D1911D830CFD3DF6D81A4E.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_DB3363B6F5A7DE8DB6322B.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_E29FA00C9EFDA19E0EE874.exe
[2010.04.01 19:29:47 | 000,005,430 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_E54F22AC4F7B501F34A61F.exe
[2010.04.01 19:29:47 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Honza\Application Data\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_FB7DBA7B6C4302B53F60AC.exe
[2009.11.14 22:26:04 | 052,770,576 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Honza\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
< MD5 for: AGP440.SYS >
[2006.03.15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2006.03.15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2006.03.15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2006.03.15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.03.15 16:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
< MD5 for: CDROM.SYS >
[2006.03.15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:cdrom.sys
[2006.03.15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006.03.15 16:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2006.03.15 16:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 02:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 02:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006.03.15 16:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 13:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 12:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2006.03.15 16:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
< MD5 for: HAL.DLL >
[2006.03.15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:hal.dll
[2006.03.15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2006.03.15 16:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: CHANGER.SYS >
[2006.03.15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:Changer.sys
[2006.03.15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
< MD5 for: ISAPNP.SYS >
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.08.20 10:33:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2008.04.13 20:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.13 20:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2001.08.17 13:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2006.03.15 16:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\isapnp.sys
< MD5 for: LSASS.EXE >
[2006.03.15 16:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006.03.15 16:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006.03.15 16:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2006.03.15 16:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 02:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 02:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
[2006.03.15 16:00:00 | 000,470,016 | ---- | M] (Microsoft Corporation) MD5=9A98937A980831729D21343754FF9D59 -- C:\i386\SYSTEM32\SMSS.EXE
[2006.03.15 16:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006.03.15 16:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2006.01.13 19:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.03.15 16:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2006.03.15 16:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2006.03.15 16:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.04.14 02:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 02:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2006.03.15 16:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006.08.21 11:40:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.08.21 11:40:26 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.08.21 11:40:24 | 000,925,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
========== Alternate Data Streams ==========
@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:664FE078
< End of report >
Omlouvám se za rozdělení do dvou zpráv ale log měl více jak 60000 znaků Re: Prosím o kontrolu logu.
ComboFix 10-04-27.01 - Honza 28.04.2010 11:27:14.8.2 - x86
Spuštěný z: c:\documents and settings\Honza\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-28 do 2010-04-28 )))))))))))))))))))))))))))))))
.
2010-04-12 14:09 . 2010-04-12 14:09 -------- d-----w- c:\documents and settings\mama\Local Settings\Application Data\Opera
2010-04-02 13:04 . 2010-04-02 13:04 -------- d-----w- c:\documents and settings\Honza\Application Data\ICQ
2010-04-01 19:27 . 2010-04-16 16:11 -------- d-----w- c:\program files\a-squared Free
2010-04-01 18:07 . 2010-04-01 18:07 -------- d-----w- c:\documents and settings\Honza\Application Data\Sereniti
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 09:14 . 2010-04-26 12:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-26 12:49 . 2009-11-06 16:44 -------- d-----w- c:\documents and settings\Honza\Application Data\gtk-2.0
2010-04-26 11:06 . 2007-01-04 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-25 19:04 . 2008-02-24 19:09 -------- d-----w- c:\program files\Kyodai Mahjongg
2010-04-25 12:01 . 2010-04-25 12:01 -------- d-----w- c:\program files\Secunia
2010-04-22 16:33 . 2007-06-07 21:44 -------- d-----w- c:\program files\World of Warcraft
2010-04-18 08:32 . 2010-04-18 08:32 -------- d-----w- c:\program files\Trend Micro
2010-04-18 08:19 . 2010-04-18 08:18 -------- d-----w- c:\program files\Eraser
2010-04-18 08:14 . 2008-12-10 08:01 -------- d-----w- c:\program files\CCleaner
2010-04-07 18:24 . 2006-12-23 18:54 94936 ----a-w- c:\documents and settings\Evina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-05 08:34 . 2010-02-26 10:26 -------- d-----w- c:\documents and settings\Honza\Application Data\uTorrent
2010-04-01 18:25 . 2010-02-05 20:38 -------- d-----w- c:\program files\Opera
2010-04-01 18:22 . 2009-12-23 17:34 -------- d-----w- c:\program files\Lark Anti-Spyware
2010-04-01 17:55 . 2000-11-08 10:32 1388544 ----a-w- c:\windows\system32\msvbvm60.dll
2010-04-01 17:16 . 2008-03-02 13:24 -------- d-----w- c:\program files\QIP
2010-04-01 17:11 . 2008-11-01 14:40 -------- d-----w- c:\program files\VS Revo Group
2010-04-01 17:10 . 2009-10-16 12:37 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-03-28 17:50 . 2009-10-23 14:37 -------- d-----w- c:\program files\Warsow 0.5
2010-03-28 17:32 . 2010-03-21 11:19 -------- d-----w- c:\documents and settings\Honza\Application Data\Winamp
2010-03-23 11:14 . 2007-01-02 15:38 94936 ----a-w- c:\documents and settings\mama\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-22 15:30 . 2007-01-06 20:09 94936 ----a-w- c:\documents and settings\Honza\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-22 06:51 . 2006-09-04 07:45 94936 ----a-w- c:\documents and settings\Comfor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-22 06:44 . 2010-03-22 06:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2010-03-21 11:19 . 2010-03-21 11:19 -------- d-----w- c:\program files\Winamp
2010-03-21 11:18 . 2010-03-21 11:18 -------- d-----w- c:\documents and settings\Honza\Application Data\Media Player Classic
2010-03-21 11:08 . 2010-03-21 11:07 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-21 11:08 . 2007-02-18 10:08 36932 ----a-w- c:\documents and settings\Honza\Application Data\Avant Browser\update.dll
2010-03-20 08:34 . 2006-08-22 10:03 -------- d-----w- c:\program files\CyberLink
2010-03-20 08:34 . 2006-08-22 09:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 18:00 . 2010-03-21 11:08 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-09 21:21 . 2007-11-28 08:10 36932 ----a-w- c:\documents and settings\mama\Application Data\Avant Browser\update.dll
2010-03-09 17:34 . 2010-03-09 17:34 36864 ----a-w- c:\documents and settings\Honza\Application Data\Autodesk\AutoCAD 2010\R18.0\csy\ContextualTabSelectorRules.dll
2010-03-09 17:34 . 2009-12-11 16:23 -------- d-----w- c:\documents and settings\Honza\Application Data\Autodesk
2010-03-09 17:34 . 2009-12-11 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-03-09 17:32 . 2010-03-09 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-09 13:50 . 2010-03-09 13:40 -------- d-----w- c:\program files\AutoCAD 2010
2010-03-09 13:50 . 2009-12-11 16:22 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-03-09 13:46 . 2010-03-09 13:46 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-07 16:42 . 2010-02-26 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-07 16:42 . 2010-01-31 11:30 -------- d-----w- c:\program files\IObit
2010-03-06 12:49 . 2010-03-06 12:40 461888 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2010-03-06 12:44 . 2010-03-06 12:40 371776 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2010-03-06 12:44 . 2010-03-06 12:40 187456 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2010-03-06 12:43 . 2010-03-06 12:40 57344 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\pb\pbag.dll
2010-03-06 12:43 . 2010-03-06 12:40 887856 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\pb\pbcl.dll
2010-03-06 12:43 . 2010-03-06 12:40 2427968 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2010-03-06 12:05 . 2010-03-06 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2010-02-27 18:27 . 2006-10-30 16:52 737280 ----a-w- c:\windows\iun6002.exe
2010-02-20 13:03 . 2010-01-14 19:17 1 ----a-w- c:\documents and settings\Honza\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-10 17:13 . 2010-03-21 11:06 165376 ----a-w- c:\windows\system32\unrar.dll
2006-10-06 15:24 . 2006-10-06 15:24 19 ----a-w- c:\program files\Answer.txt
2004-07-19 21:58 . 2004-07-19 21:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-19 21:53 . 2004-07-19 21:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-16 13:30 . 2004-07-16 13:30 3858 ----a-w- c:\program files\directx redist.txt
2004-07-09 13:17 . 2004-07-09 13:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 08:13 . 2004-07-09 08:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 08:13 . 2004-07-09 08:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 03:08 . 2004-07-09 03:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 03:08 . 2004-07-09 03:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 02:03 . 2004-07-09 02:03 62976 ----a-w- c:\program files\DSETUP.dll
2003-02-08 05:50 . 2006-12-19 17:31 656068533 ----a-w- c:\program files\data2.cab
2003-02-08 05:46 . 2006-12-19 17:34 2582497 ----a-w- c:\program files\data1.cab
2003-02-08 05:46 . 2006-12-19 17:34 204829 ----a-w- c:\program files\data1.hdr
2003-01-29 02:34 . 2006-12-19 17:34 36864 ----a-w- c:\program files\Autorun.exe
2002-12-05 19:16 . 2006-12-19 17:31 418296 ----a-w- c:\program files\engine32.cab
1999-04-23 22:22 . 1999-04-23 22:22 12 --sha-w- c:\windows\system\WININETICMP32.drv
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SimHID.lnk]
backup=c:\windows\pss\SimHID.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^Custom start.exe]
backup=c:\windows\pss\Custom start.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-06-01 11:32 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 11:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2010-04-10 06:45 979344 ----a-w- c:\progra~1\Eraser\Eraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
2006-04-19 15:40 9125888 ----a-w- c:\program files\Intel Audio Studio\IntelAudioStudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSSInstallation]
2009-05-17 19:38 181624 ----atw- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-01-01 19:06 77824 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-03 21:21 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-12-10 08:03 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"wuauserv"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\SIMS\\RACER\\tracked.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Honza\\Desktop\\komix simpsnovi\\hry\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mpHAMACHI 1.4.exe"=
"c:\\Program Files\\Metin2_TESTER\\metin2.bin"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
R2 IcRecUsb;IC Recorder Driver;c:\windows\system32\Drivers\IcRecUsb.sys [2001-10-02 17432]
R3 ipw_bus;IPWireless;c:\windows\system32\DRIVERS\ipw_bus.sys [2005-09-27 58320]
R3 ipw_mdfl;Wireless Broadband Modem Filter;c:\windows\system32\DRIVERS\ipw_mdfl.sys [2005-09-27 8272]
R3 ipw_mdm;Wireless Broadband Modem (WDM);c:\windows\system32\DRIVERS\ipw_mdm.sys [2005-09-27 95440]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-08-03 38160]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-11 691696]
S1 aswSP;avast! Self Protection; [x]
S1 SSHDRV82;SSHDRV82;c:\windows\system32\drivers\SSHDRV82.sys [2006-11-15 76288]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-04-16 1872320]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 AVWUpSrv;AntiVir Update;c:\program files\AVPersonal\AVWUPSRV.EXE [2004-11-17 36864]
S2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [2007-09-06 5504]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\DRIVERS\ethpdrv.sys [2005-09-07 9728]
S3 OmniTV;Cx2388x AvStream Video Capture;c:\windows\system32\DRIVERS\OmniTV.sys [2006-01-04 197632]
.
Obsah adresáře 'Naplánované úlohy'
2010-04-21 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-05-17 19:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = hxxp://www.yahoo.com
mWindow Title = Microsoft Internet Explorer
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD LT 2000i Cz\InstFred.ocx
FF - ProfilePath - c:\documents and settings\Honza\Application Data\Mozilla\Firefox\Profiles\lr9unmvj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search Powered by Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&q=
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.txt=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Notify-ddcBTJBQ - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-28 11:35
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-833971647-2919139097-2166695667-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:82,dd,34,d8,c6,63,7a,55,93,37,b5,d9,fb,2d,e4,1d,64,12,29,83,ce,85,42,
52,e9,9d,33,34,01,c2,37,57,8c,5d,9d,a1,2b,d5,07,85,85,33,95,1b,60,1e,04,9e,\
"??"=hex:84,de,ae,d8,f8,6c,86,0a,74,09,c2,5e,a0,48,f8,21
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{793A0CD2-18B8-B505-D2705730ED7730B5}\{224F5FE7-6AB9-E5AA-092A0B3F1E7E0249}\{E87C09AA-1A97-D30E-8C0D3EFE96A56BA8}*]
"63AUOURV1X6YIYB2ELIFO4LTRC1"=hex:01,00,01,00,00,00,00,00,87,da,ad,38,2b,26,f8,
c3,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2736)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\msi.dll
.
Celkový čas: 2010-04-28 11:37:58
ComboFix-quarantined-files.txt 2010-04-28 09:37
Před spuštěním: 89 276 901 888 bytes free
Po spuštění: 89 242 652 160 bytes free
- - End Of File - - 833B936D8F9F7093C8381BBBBE4CE175
Spuštěný z: c:\documents and settings\Honza\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-28 do 2010-04-28 )))))))))))))))))))))))))))))))
.
2010-04-12 14:09 . 2010-04-12 14:09 -------- d-----w- c:\documents and settings\mama\Local Settings\Application Data\Opera
2010-04-02 13:04 . 2010-04-02 13:04 -------- d-----w- c:\documents and settings\Honza\Application Data\ICQ
2010-04-01 19:27 . 2010-04-16 16:11 -------- d-----w- c:\program files\a-squared Free
2010-04-01 18:07 . 2010-04-01 18:07 -------- d-----w- c:\documents and settings\Honza\Application Data\Sereniti
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 09:14 . 2010-04-26 12:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-26 12:49 . 2009-11-06 16:44 -------- d-----w- c:\documents and settings\Honza\Application Data\gtk-2.0
2010-04-26 11:06 . 2007-01-04 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-25 19:04 . 2008-02-24 19:09 -------- d-----w- c:\program files\Kyodai Mahjongg
2010-04-25 12:01 . 2010-04-25 12:01 -------- d-----w- c:\program files\Secunia
2010-04-22 16:33 . 2007-06-07 21:44 -------- d-----w- c:\program files\World of Warcraft
2010-04-18 08:32 . 2010-04-18 08:32 -------- d-----w- c:\program files\Trend Micro
2010-04-18 08:19 . 2010-04-18 08:18 -------- d-----w- c:\program files\Eraser
2010-04-18 08:14 . 2008-12-10 08:01 -------- d-----w- c:\program files\CCleaner
2010-04-07 18:24 . 2006-12-23 18:54 94936 ----a-w- c:\documents and settings\Evina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-05 08:34 . 2010-02-26 10:26 -------- d-----w- c:\documents and settings\Honza\Application Data\uTorrent
2010-04-01 18:25 . 2010-02-05 20:38 -------- d-----w- c:\program files\Opera
2010-04-01 18:22 . 2009-12-23 17:34 -------- d-----w- c:\program files\Lark Anti-Spyware
2010-04-01 17:55 . 2000-11-08 10:32 1388544 ----a-w- c:\windows\system32\msvbvm60.dll
2010-04-01 17:16 . 2008-03-02 13:24 -------- d-----w- c:\program files\QIP
2010-04-01 17:11 . 2008-11-01 14:40 -------- d-----w- c:\program files\VS Revo Group
2010-04-01 17:10 . 2009-10-16 12:37 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-03-28 17:50 . 2009-10-23 14:37 -------- d-----w- c:\program files\Warsow 0.5
2010-03-28 17:32 . 2010-03-21 11:19 -------- d-----w- c:\documents and settings\Honza\Application Data\Winamp
2010-03-23 11:14 . 2007-01-02 15:38 94936 ----a-w- c:\documents and settings\mama\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-22 15:30 . 2007-01-06 20:09 94936 ----a-w- c:\documents and settings\Honza\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-22 06:51 . 2006-09-04 07:45 94936 ----a-w- c:\documents and settings\Comfor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-22 06:44 . 2010-03-22 06:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2010-03-21 11:19 . 2010-03-21 11:19 -------- d-----w- c:\program files\Winamp
2010-03-21 11:18 . 2010-03-21 11:18 -------- d-----w- c:\documents and settings\Honza\Application Data\Media Player Classic
2010-03-21 11:08 . 2010-03-21 11:07 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-21 11:08 . 2007-02-18 10:08 36932 ----a-w- c:\documents and settings\Honza\Application Data\Avant Browser\update.dll
2010-03-20 08:34 . 2006-08-22 10:03 -------- d-----w- c:\program files\CyberLink
2010-03-20 08:34 . 2006-08-22 09:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 18:00 . 2010-03-21 11:08 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-09 21:21 . 2007-11-28 08:10 36932 ----a-w- c:\documents and settings\mama\Application Data\Avant Browser\update.dll
2010-03-09 17:34 . 2010-03-09 17:34 36864 ----a-w- c:\documents and settings\Honza\Application Data\Autodesk\AutoCAD 2010\R18.0\csy\ContextualTabSelectorRules.dll
2010-03-09 17:34 . 2009-12-11 16:23 -------- d-----w- c:\documents and settings\Honza\Application Data\Autodesk
2010-03-09 17:34 . 2009-12-11 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-03-09 17:32 . 2010-03-09 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-09 13:50 . 2010-03-09 13:40 -------- d-----w- c:\program files\AutoCAD 2010
2010-03-09 13:50 . 2009-12-11 16:22 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-03-09 13:46 . 2010-03-09 13:46 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-07 16:42 . 2010-02-26 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-07 16:42 . 2010-01-31 11:30 -------- d-----w- c:\program files\IObit
2010-03-06 12:49 . 2010-03-06 12:40 461888 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2010-03-06 12:44 . 2010-03-06 12:40 371776 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2010-03-06 12:44 . 2010-03-06 12:40 187456 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2010-03-06 12:43 . 2010-03-06 12:40 57344 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\pb\pbag.dll
2010-03-06 12:43 . 2010-03-06 12:40 887856 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\pb\pbcl.dll
2010-03-06 12:43 . 2010-03-06 12:40 2427968 ----a-w- c:\documents and settings\Honza\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2010-03-06 12:05 . 2010-03-06 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2010-02-27 18:27 . 2006-10-30 16:52 737280 ----a-w- c:\windows\iun6002.exe
2010-02-20 13:03 . 2010-01-14 19:17 1 ----a-w- c:\documents and settings\Honza\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-10 17:13 . 2010-03-21 11:06 165376 ----a-w- c:\windows\system32\unrar.dll
2006-10-06 15:24 . 2006-10-06 15:24 19 ----a-w- c:\program files\Answer.txt
2004-07-19 21:58 . 2004-07-19 21:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-19 21:53 . 2004-07-19 21:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-16 13:30 . 2004-07-16 13:30 3858 ----a-w- c:\program files\directx redist.txt
2004-07-09 13:17 . 2004-07-09 13:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 08:13 . 2004-07-09 08:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 08:13 . 2004-07-09 08:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 03:08 . 2004-07-09 03:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 03:08 . 2004-07-09 03:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 02:03 . 2004-07-09 02:03 62976 ----a-w- c:\program files\DSETUP.dll
2003-02-08 05:50 . 2006-12-19 17:31 656068533 ----a-w- c:\program files\data2.cab
2003-02-08 05:46 . 2006-12-19 17:34 2582497 ----a-w- c:\program files\data1.cab
2003-02-08 05:46 . 2006-12-19 17:34 204829 ----a-w- c:\program files\data1.hdr
2003-01-29 02:34 . 2006-12-19 17:34 36864 ----a-w- c:\program files\Autorun.exe
2002-12-05 19:16 . 2006-12-19 17:31 418296 ----a-w- c:\program files\engine32.cab
1999-04-23 22:22 . 1999-04-23 22:22 12 --sha-w- c:\windows\system\WININETICMP32.drv
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SimHID.lnk]
backup=c:\windows\pss\SimHID.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^Custom start.exe]
backup=c:\windows\pss\Custom start.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Honza^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-06-01 11:32 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 11:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2010-04-10 06:45 979344 ----a-w- c:\progra~1\Eraser\Eraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
2006-04-19 15:40 9125888 ----a-w- c:\program files\Intel Audio Studio\IntelAudioStudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSSInstallation]
2009-05-17 19:38 181624 ----atw- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-01-01 19:06 77824 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-03 21:21 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-12-10 08:03 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"wuauserv"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\SIMS\\RACER\\tracked.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Honza\\Desktop\\komix simpsnovi\\hry\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mpHAMACHI 1.4.exe"=
"c:\\Program Files\\Metin2_TESTER\\metin2.bin"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
R2 IcRecUsb;IC Recorder Driver;c:\windows\system32\Drivers\IcRecUsb.sys [2001-10-02 17432]
R3 ipw_bus;IPWireless;c:\windows\system32\DRIVERS\ipw_bus.sys [2005-09-27 58320]
R3 ipw_mdfl;Wireless Broadband Modem Filter;c:\windows\system32\DRIVERS\ipw_mdfl.sys [2005-09-27 8272]
R3 ipw_mdm;Wireless Broadband Modem (WDM);c:\windows\system32\DRIVERS\ipw_mdm.sys [2005-09-27 95440]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-08-03 38160]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-11 691696]
S1 aswSP;avast! Self Protection; [x]
S1 SSHDRV82;SSHDRV82;c:\windows\system32\drivers\SSHDRV82.sys [2006-11-15 76288]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-04-16 1872320]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 AVWUpSrv;AntiVir Update;c:\program files\AVPersonal\AVWUPSRV.EXE [2004-11-17 36864]
S2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [2007-09-06 5504]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\DRIVERS\ethpdrv.sys [2005-09-07 9728]
S3 OmniTV;Cx2388x AvStream Video Capture;c:\windows\system32\DRIVERS\OmniTV.sys [2006-01-04 197632]
.
Obsah adresáře 'Naplánované úlohy'
2010-04-21 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-05-17 19:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = hxxp://www.yahoo.com
mWindow Title = Microsoft Internet Explorer
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD LT 2000i Cz\InstFred.ocx
FF - ProfilePath - c:\documents and settings\Honza\Application Data\Mozilla\Firefox\Profiles\lr9unmvj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search Powered by Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&q=
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.txt=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Notify-ddcBTJBQ - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-28 11:35
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-833971647-2919139097-2166695667-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:82,dd,34,d8,c6,63,7a,55,93,37,b5,d9,fb,2d,e4,1d,64,12,29,83,ce,85,42,
52,e9,9d,33,34,01,c2,37,57,8c,5d,9d,a1,2b,d5,07,85,85,33,95,1b,60,1e,04,9e,\
"??"=hex:84,de,ae,d8,f8,6c,86,0a,74,09,c2,5e,a0,48,f8,21
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{793A0CD2-18B8-B505-D2705730ED7730B5}\{224F5FE7-6AB9-E5AA-092A0B3F1E7E0249}\{E87C09AA-1A97-D30E-8C0D3EFE96A56BA8}*]
"63AUOURV1X6YIYB2ELIFO4LTRC1"=hex:01,00,01,00,00,00,00,00,87,da,ad,38,2b,26,f8,
c3,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2736)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\msi.dll
.
Celkový čas: 2010-04-28 11:37:58
ComboFix-quarantined-files.txt 2010-04-28 09:37
Před spuštěním: 89 276 901 888 bytes free
Po spuštění: 89 242 652 160 bytes free
- - End Of File - - 833B936D8F9F7093C8381BBBBE4CE175
Re: Prosím o kontrolu logu.
Za prvé bych chtěl poděkovat za pomoc
Teď k věci okolo těch antivirů. Není možné, že měl avast vypnutý firewall, protože jsem ho vypnul jak stojí v návodu?
Jinak jestli to správně chápu, tak by bylo možné, že bych si mohl bezproblémů odinstalovat Avast a místo něj si nainstalovat jen čistě nějáký Firewall (Beru to ktomu, že a-squared bych měl pořád zapnutý)?
Další dotaz co je to R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648] i když bych to měl vědět tak mě nic nenapadá .
V HJT sem řádku x-sdch fixnul .
Toto bude asi hloupý dotaz ale to stahování v nouzovém režimu myslíš že při nabíhání win mám zuřivě mačkat F8?
Ke hře: Problém se zdá být vyřešen. Poslední dobou mám latenci maximálně 100m/s
Teď k věci okolo těch antivirů. Není možné, že měl avast vypnutý firewall, protože jsem ho vypnul jak stojí v návodu?
Jinak jestli to správně chápu, tak by bylo možné, že bych si mohl bezproblémů odinstalovat Avast a místo něj si nainstalovat jen čistě nějáký Firewall (Beru to ktomu, že a-squared bych měl pořád zapnutý)?
Další dotaz co je to R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648] i když bych to měl vědět tak mě nic nenapadá
.V HJT sem řádku x-sdch fixnul
.Toto bude asi hloupý dotaz ale to stahování v nouzovém režimu myslíš že při nabíhání win mám zuřivě mačkat F8?
Ke hře: Problém se zdá být vyřešen. Poslední dobou mám latenci maximálně 100m/s
Přispějete na provoz fóra?