Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

FB vir - prosba o pomoc

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Czechomaniak
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 31 črc 2011 12:06

FB vir - prosba o pomoc

#1 Příspěvek od Czechomaniak »

Dobrý den,
stal jsem nedávno taktéž obětí nechvalně známého facebookového viru, který se skrývá v „nevinné“ aktualizaci Adobe Flash Playeru. Když jsem zjistil, co všechno tento virus v počítači dělá, urychleně jsem hledal nějaký návod (pro běžné uživatele), jak se této havěti zbavit. Narazil jsem na http://peter.winkler.warmacher.com/fb-virus. Řekl jsem si, že pokud budu muset počítač odvést na opravu, tak nemám co ztratit a tento návod zkusím.

Podle návodu jsem nejprve ukončil samočinné procesy ve Správci úloh, dále si stáhnul MalwareBytes AntiMalware, projel hloubkový test počítače a infikované soubory odstranil. Dále jsem si stáhnul ComboFix a uložil do složky v počítači (mám jednu vyhrazenou složku, kam se ukládají všechny soubory stažené z internetu), nikoliv na plochu, jak je popisováno ve videonávodu. Poté jsem ComboFix spustil, ten si stáhl aktualizaci databáze a začal projíždět Fáze_1, Fáze_2, …, Fáze_50 a poté se restartoval počítač. Po opětovném naběhnutí počítače jsem čekal, že ComboFix provede nějakou závěrečnou kontrolu a vyhodí LOG. Avšak nic takového se nestalo. Zkusil jsem celý proces ComboFixu znova, ale po naběhnutí systému, zase nic, žádný LOG. Pokračoval jsem dál podle návodu a smazal složku Qoobox.

Avšak pojal jsem podezření, že nejspíš ComboFix neudělal všechnu práci, co měl. Poté jsem znova nainstaloval Avast! Free Antivirus, který byl předtím blokován virem, a nový antivirový program znovu zprovoznil a udělal hloubkový test systému. Ten mi našel 1 infikovaný soubor, který jsem poté dal do truhly.

Nicméně po spuštění internetu - jediná webová stránka, která nešla vůbec, byl http://www.facebook.com. A tak jsem si stáhnul (jak mnozí uživatelé na diskuzích radili) ještě ESET Online Scanner a ten během dalších 30 minut zlikvidoval další jednu hrozbu, kterou avast přehlédl, a facebook se zázračně zprovoznil.

Můj počítač resp. systém Windows XP Home, Service Pack 3, který v něm mám, se zdá, že „naoko“ funguje jako před útokem viru. Po naběhnutí systému se mi objeví plocha s ikonami (vše jako původně) a ještě k tomu tato chybová hláška

C:/WINDOWS/UI/BIOSCTL.EXE
C:/Program Files/Alwil Software/Avast 5/aswMonVd.dll. Inicializace instalovaného virtuálního ovladače zařízení se nezdařila. Vybráním příkazu zavřít ukončíte aplikaci.

Tato chybová hláška nejde zavřít křížkem v pravém horním rohu a nabízí mi pouze dva příkazy buď zavřít, nebo přeskočit. Ať zvolím jakýkoliv z obou, tato hláška zmizí. Mám pocit, že na funkci sytému nejspíš nemá zásadní vliv. Spíš je to nějaká informační hláška. Počítač nyní funguje úplně normálně – brouzdání po internetu, poslech hudby, sledování filmů, stahování atd. Občas se stane, že při naběhnutí plochy se zasekne spodní lišta, a tedy nejde nic spustit (Správce úloh, Dokumenty, Tento počítač, Internet) a dokonce nelze ani vypnout. A tedy se musím uchýlit k manuálnímu vypnutí počítače podržením hlavního zapínacího tlačítka na PC skříni.

Prosím, rád bych věděl, zdali můj počítač je už bez viru s ohledem na popis mé situace. Provedl ComboFix svoji práci dobře? Bylo nutné jej spouštět přímo na ploše? Můžu se ubezpečit, že již vir neposílá zprávy svému stvořiteli z Ukrajiny? Jsem totiž uživatelem internetového bankovnictví a nechtěl bych, aby se někdo dostal k mým údajům.

Jinak MBAM a ComboFix jsem zatím nechal v počítači, pro jistotu. Co se týče mého účtu na facebooku, tak po změně přístupového hesla přestal rozesílat spam mým přátelům.

Děkuji předem
Nahoru
Czechomaniak
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 31 črc 2011 12:06

FB vir - prosba o pomoc

#2 Příspěvek od Czechomaniak »

Připojuji ještě log z RSITu:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Noname at 2011-07-31 13:27:38
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 39 GB (56%) free of 70 GB
Total RAM: 2046 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:27:44, on 31.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dgdersvc.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Documents and Settings\Noname\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Noname\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Noname\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Noname\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Noname\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Noname\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Noname\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Noname\Plocha\RSIT.exe
C:\Program Files\trend micro\Noname.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.codecguide.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [9855569.exe] "C:\DOCUME~1\Noname\LOCALS~1\Temp\9855569.exe"
O4 - HKLM\..\Run: [6763545.exe] "C:\WINDOWS\TEMP\6763545.exe"
O4 - HKLM\..\Run: [7717488.exe] "C:\WINDOWS\TEMP\7717488.exe"
O4 - HKLM\..\Run: [22612005-loader2.exe] "C:\WINDOWS\TEMP\22612005-loader2.exe"
O4 - HKLM\..\Run: [4188668.exe] "C:\WINDOWS\TEMP\4188668.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Noname\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [AlSrvN] C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\WINDOWS\system32\dgdersvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 10182 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-113007714-682003330-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-113007714-682003330-1004UA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-113007714-682003330-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-113007714-682003330-1004.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Noname\Data aplikací\Mozilla\Firefox\Profiles\kprgy3yt.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz"

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647]
"Description"=12.0.1.647
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1]
"Description"=Yahoo! activeX Plug-in Bridge
"Path"=C:\Program Files\Yahoo!\Common\npyaxmpb.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsjsrealplayerplugin.xpt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Noname\Data aplikací\Mozilla\Firefox\Profiles\kprgy3yt.default\extensions\
toolbar@ask.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-06-09 386264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2005-12-21 270336]
"C6501Sound"=RunDll32 c6501.cpl,CMICtrlWnd []
"Gainward"=C:\WINDOWS\TBPanel.exe [2008-01-29 2177576]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-01-08 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-01-08 81920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2011-06-09 273544]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-05-17 395144]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"NBAgent"=C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-03-26 1234216]
"tray_ico"= []
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"9855569.exe"=C:\DOCUME~1\Noname\LOCALS~1\Temp\9855569.exe []
"6763545.exe"=C:\WINDOWS\TEMP\6763545.exe []
"7717488.exe"=C:\WINDOWS\TEMP\7717488.exe []
"22612005-loader2.exe"=C:\WINDOWS\TEMP\22612005-loader2.exe []
"4188668.exe"=C:\WINDOWS\TEMP\4188668.exe []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Noname\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-06-09 136176]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-06-17 2363392]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120]
"AlSrvN"=C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe [2010-02-06 53760]
"KiesTrayAgent"= []

C:\Documents and Settings\Noname\Nabídka Start\Programy\Po spuštění
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\Temp\NavBrowser.exe"="C:\WINDOWS\Temp\NavBrowser.exe:*:Enabled:NAVBrowser"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.tray-7-0\svchost.exe"="C:\WINDOWS\update.tray-7-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-7-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2011-07-31 13:27:38 ----D---- C:\rsit
2011-07-31 13:27:38 ----D---- C:\Program Files\trend micro
2011-07-31 11:53:18 ----A---- C:\WINDOWS\system32\config.nt.bak
2011-07-31 11:53:18 ----A---- C:\WINDOWS\system32\command.com.bak
2011-07-31 11:53:18 ----A---- C:\WINDOWS\system32\autoexec.nt.bak
2011-07-29 18:09:47 ----D---- C:\Documents and Settings\Noname\Data aplikací\Nitro PDF
2011-07-29 18:09:36 ----A---- C:\WINDOWS\system32\nitrolocalui.dll
2011-07-29 18:09:36 ----A---- C:\WINDOWS\system32\nitrolocalmon.dll
2011-07-29 18:09:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nitro PDF
2011-07-29 18:09:26 ----D---- C:\Program Files\Common Files\Nitro PDF
2011-07-29 18:09:25 ----D---- C:\Program Files\Nitro PDF
2011-07-29 18:08:41 ----D---- C:\Documents and Settings\Noname\Data aplikací\Downloaded Installations
2011-07-28 08:43:43 ----D---- C:\Program Files\ESET
2011-07-27 15:07:56 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-27 15:07:56 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-27 15:07:55 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-27 15:07:55 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-27 15:07:55 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-27 15:07:55 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-27 15:07:55 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-27 15:07:55 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-27 15:07:46 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-27 15:07:46 ----A---- C:\WINDOWS\avastSS.scr
2011-07-27 15:07:40 ----D---- C:\Program Files\AVAST Software
2011-07-27 15:07:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-07-27 14:58:48 ----SD---- C:\ComboFix
2011-07-27 14:58:45 ----D---- C:\Qoobox
2011-07-27 14:36:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2011-07-27 14:16:48 ----D---- C:\WINDOWS\Minidump
2011-07-27 14:12:27 ----A---- C:\Boot.bak
2011-07-27 14:12:24 ----RASHD---- C:\cmdcons
2011-07-27 14:09:13 ----A---- C:\WINDOWS\zip.exe
2011-07-27 14:09:13 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-07-27 14:09:13 ----A---- C:\WINDOWS\SWSC.exe
2011-07-27 14:09:13 ----A---- C:\WINDOWS\SWREG.exe
2011-07-27 14:09:13 ----A---- C:\WINDOWS\sed.exe
2011-07-27 14:09:13 ----A---- C:\WINDOWS\PEV.exe
2011-07-27 14:09:13 ----A---- C:\WINDOWS\NIRCMD.exe
2011-07-27 14:09:13 ----A---- C:\WINDOWS\MBR.exe
2011-07-27 14:09:13 ----A---- C:\WINDOWS\grep.exe
2011-07-27 14:08:23 ----D---- C:\WINDOWS\ERDNT
2011-07-27 13:15:19 ----D---- C:\Documents and Settings\Noname\Data aplikací\Malwarebytes
2011-07-27 13:15:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-07-27 13:15:02 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-07-27 13:14:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-27 13:14:59 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-07-27 12:31:28 ----D---- C:\WINDOWS\ufa
2011-07-27 12:31:28 ----D---- C:\WINDOWS\rpcminer
2011-07-27 12:31:28 ----D---- C:\WINDOWS\phoenix
2011-07-27 12:30:38 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-27 12:27:50 ----HD---- C:\WINDOWS\update.5.0
2011-07-27 12:24:06 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-27 12:23:44 ----HD---- C:\WINDOWS\update.2
2011-07-27 12:09:35 ----A---- C:\WINDOWS\unrar.exe
2011-07-27 12:07:40 ----A---- C:\WINDOWS\iplist.txt
2011-07-27 12:06:54 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-27 12:06:49 ----D---- C:\WINDOWS\av_ico
2011-07-27 12:05:34 ----HD---- C:\WINDOWS\update.1
2011-07-27 12:05:31 ----HD---- C:\WINDOWS\update.tray-7-0-lnk
2011-07-27 12:05:31 ----HD---- C:\WINDOWS\update.tray-7-0
2011-07-27 11:53:49 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-27 11:53:49 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-26 16:49:04 ----D---- C:\Documents and Settings\Noname\Data aplikací\Synthesia

======List of files/folders modified in the last 1 month======

2011-07-31 13:27:43 ----D---- C:\WINDOWS\Prefetch
2011-07-31 13:27:38 ----RD---- C:\Program Files
2011-07-31 13:23:34 ----A---- C:\WINDOWS\DFC.INI
2011-07-31 12:13:41 ----D---- C:\WINDOWS\Temp
2011-07-31 11:53:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-31 11:53:19 ----D---- C:\WINDOWS\system32
2011-07-30 15:32:12 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-07-30 15:30:03 ----SD---- C:\WINDOWS\Tasks
2011-07-30 14:31:14 ----D---- C:\Program Files\ABBYY FineReader 9.0
2011-07-29 18:18:42 ----AD---- C:\WINDOWS
2011-07-29 18:09:37 ----SHD---- C:\WINDOWS\Installer
2011-07-29 18:09:30 ----D---- C:\WINDOWS\WinSxS
2011-07-29 18:09:26 ----D---- C:\Program Files\Common Files
2011-07-27 16:05:52 ----D---- C:\WINDOWS\UI
2011-07-27 15:07:56 ----D---- C:\WINDOWS\system32\drivers
2011-07-27 14:49:54 ----D---- C:\WINDOWS\AppPatch
2011-07-27 14:46:16 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-27 14:12:27 ----RASH---- C:\boot.ini
2011-07-27 13:56:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2011-07-27 12:42:10 ----SHD---- C:\System Volume Information
2011-07-27 12:42:10 ----D---- C:\WINDOWS\system32\Restore
2011-07-27 12:24:04 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-27 11:56:14 ----D---- C:\Program Files\Mozilla Firefox
2011-07-25 17:00:36 ----D---- C:\Program Files\PhotoFiltre Studio X
2011-07-24 12:02:15 ----SD---- C:\Documents and Settings\Noname\Data aplikací\Microsoft
2011-07-20 15:11:44 ----D---- C:\Documents and Settings\Noname\Data aplikací\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-04-25 100736]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-06-10 436792]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-04-15 101888]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface; C:\WINDOWS\system32\drivers\c6501.sys [2007-07-10 1310720]
R3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys [2009-12-22 18136]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-01-08 7434336]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-04-15 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-04-15 13056]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 a9iyjdbm;a9iyjdbm; C:\WINDOWS\system32\drivers\a9iyjdbm.sys []
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\Noname\LOCALS~1\Temp\catchme.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver; C:\WINDOWS\system32\DRIVERS\ss_bserd.sys [2009-09-19 100224]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2008-10-27 759072]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 dgdersvc;Device Error Recovery Service; C:\WINDOWS\system32\dgdersvc.exe [2009-12-22 95568]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-12-21 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2005-09-23 20543]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-12-22 217088]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-03-25 490280]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe [2011-03-21 196928]
R2 nlsX86cc;NLS Service; C:\WINDOWS\system32\NLSSRV32.EXE [2011-03-21 68928]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2005-12-21 127035]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-12-21 61503]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-01-08 155716]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Danstahr
Přítel fóra
Přítel fóra
Příspěvky: 1069
Registrován: 28 říj 2006 20:23
Bydliště: Londýn
Kontaktovat uživatele:
Kontaktovat uživatele Danstahr

Re: FB vir - prosba o pomoc

#3 Příspěvek od Danstahr »

Dobrý den,

logy z Combofixu by měly být na systémovém disku, zkuste se podívat tam. Pokud nějaké logy najdete, vložte je sem. Jinak co se týče ComboFixu, jeho použití na vlastní pěst silně nedoporučujeme, je to dobrý sluha, ale zlý pán.
Koupím trochu času, cenu respektuji.
Nahoru
Czechomaniak
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 31 črc 2011 12:06

Re: FB vir - prosba o pomoc

#4 Příspěvek od Czechomaniak »

Bohužel, na C:/ ani nikde v systému jsem LOG z ComboFixu nenašel. Mám podezření, že nejspíš vůbec nebyl vytvořen.
Nahoru
Uživatelský avatar
Danstahr
Přítel fóra
Přítel fóra
Příspěvky: 1069
Registrován: 28 říj 2006 20:23
Bydliště: Londýn
Kontaktovat uživatele:
Kontaktovat uživatele Danstahr

Re: FB vir - prosba o pomoc

#5 Příspěvek od Danstahr »

Tak na to půjdeme jinak...

:arrow: Stáhněte OTL.
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
  • Zaskrtnete okenko Pro vsechny uzivatele
  • Zaskrtnete okenko Kontrola na havet "LOP"
  • Zaskrtnete okenko Kontrola na havet "Purity"
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
*crack* /s
*keygen* /s
CREATERESTOREPOINT
  • Kliknete na tlacitko Prohledat
  • Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Koupím trochu času, cenu respektuji.
Nahoru
Czechomaniak
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 31 črc 2011 12:06

Re: FB vir - prosba o pomoc

#6 Příspěvek od Czechomaniak »

První LOG - OTL.Txt

OTL logfile created on: 31.7.2011 16:07:32 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Noname\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 75,03% Memory free
3,85 Gb Paging File | 3,53 Gb Available in Paging File | 91,62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68,36 Gb Total Space | 38,24 Gb Free Space | 55,93% Space Free | Partition Type: NTFS
Drive D: | 164,51 Gb Total Space | 164,23 Gb Free Space | 99,83% Space Free | Partition Type: NTFS

Computer Name: NONAME-8237CA99 | User Name: Noname | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.07.31 16:04:11 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Noname\Plocha\OTL.exe
PRC - [2011.07.09 06:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Noname\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
PRC - [2011.07.04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.06.09 14:02:12 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011.03.21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2011.03.21 11:17:44 | 000,196,928 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010.02.06 22:12:48 | 000,053,760 | ---- | M] () -- C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe
PRC - [2009.12.22 04:31:26 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009.12.22 04:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\system32\dgdersvc.exe
PRC - [2008.10.27 18:03:46 | 000,759,072 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.19 02:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2008.01.29 05:20:27 | 002,177,576 | ---- | M] (Gainward Co.) -- C:\WINDOWS\TBPanel.exe
PRC - [2005.12.21 11:52:36 | 000,270,336 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
PRC - [2005.12.21 11:51:04 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2005.12.21 11:48:04 | 000,127,035 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2005.12.21 11:47:48 | 000,061,503 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2005.09.23 10:04:38 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe


========== Modules (SafeList) ==========

MOD - [2011.07.31 16:04:11 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Noname\Plocha\OTL.exe
MOD - [2011.07.04 13:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2011.06.09 14:02:18 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
MOD - [2011.04.18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2011.04.18 22:51:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
MOD - [2010.08.23 18:12:33 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Auto | Stopped] -- -- (StarWindServiceAE)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.03.21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011.03.21 11:17:44 | 000,196,928 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.12.22 04:31:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.12.22 04:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\dgdersvc.exe -- (dgdersvc)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.10.27 18:03:46 | 000,759,072 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)
SRV - [2005.12.21 11:51:04 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2005.12.21 11:48:04 | 000,127,035 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2005.12.21 11:47:48 | 000,061,503 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2005.09.23 10:04:38 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)


========== Driver Services (SafeList) ==========

DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.07.04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.07.04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.07.04 13:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.07.04 13:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.06.10 08:35:01 | 000,436,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.22 04:31:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.12.22 04:31:02 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2009.09.19 07:30:10 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.09.19 07:30:10 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2009.09.19 07:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009.09.19 07:30:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.07.10 03:42:32 | 001,310,720 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\c6501.sys -- (c65013264)
DRV - [2007.03.16 04:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007.03.16 04:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2006.07.01 22:42:58 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.04.25 02:52:28 | 000,100,736 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006.04.15 05:09:06 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.04.15 05:09:04 | 000,034,176 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.04.15 05:08:56 | 000,101,888 | R--- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1960408961-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1960408961-113007714-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Noname\Local Settings\Data aplikací\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Noname\Local Settings\Data aplikací\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.09 14:02:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.07.27 15:07:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.09 14:02:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.06.09 13:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Noname\Data aplikací\Mozilla\Extensions
[2011.06.09 14:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Noname\Data aplikací\Mozilla\Firefox\Profiles\kprgy3yt.default\extensions
[2011.06.09 14:46:50 | 000,000,000 | ---D | M] (PandoraTV Toolbar) -- C:\Documents and Settings\Noname\Data aplikací\Mozilla\Firefox\Profiles\kprgy3yt.default\extensions\toolbar@ask.com
[2011.06.09 14:20:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.06.09 14:20:08 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACĂ­\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\NONAME\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\KPRGY3YT.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
[2011.07.27 15:07:47 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011.06.11 09:12:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.04.14 18:40:48 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2010.01.01 10:00:00 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2010.01.01 10:00:00 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2010.01.01 10:00:00 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.01.01 10:00:00 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1960408961-113007714-682003330-1004\..\Toolbar\WebBrowser: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [22612005-loader2.exe] File not found
O4 - HKLM..\Run: [4188668.exe] File not found
O4 - HKLM..\Run: [6763545.exe] File not found
O4 - HKLM..\Run: [7717488.exe] File not found
O4 - HKLM..\Run: [9855569.exe] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [C6501Sound] File not found
O4 - HKLM..\Run: [Gainward] C:\WINDOWS\TBPanel.exe (Gainward Co.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - HKU\S-1-5-21-1960408961-113007714-682003330-1004..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-1960408961-113007714-682003330-1004..\Run: [AlSrvN] C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe ()
O4 - HKU\S-1-5-21-1960408961-113007714-682003330-1004..\Run: [KiesTrayAgent] File not found
O4 - Startup: C:\Documents and Settings\Noname\Nabídka Start\Programy\Po spuštění\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-113007714-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1960408961-113007714-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Noname\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Noname\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.06.08 10:21:31 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (http://www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.07.31 16:04:26 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Noname\Plocha\OTL.exe
[2011.07.31 13:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.07.31 13:27:38 | 000,000,000 | ---D | C] -- C:\rsit
[2011.07.29 18:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noname\Data aplikací\Nitro PDF
[2011.07.29 18:09:36 | 000,026,432 | ---- | C] (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalmon.dll
[2011.07.29 18:09:36 | 000,017,728 | ---- | C] (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalui.dll
[2011.07.29 18:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Nitro PDF
[2011.07.29 18:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2011.07.29 18:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2011.07.29 18:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noname\Data aplikací\Downloaded Installations
[2011.07.28 08:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.07.27 15:07:56 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011.07.27 15:07:56 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011.07.27 15:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\avast! Free Antivirus
[2011.07.27 15:07:55 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011.07.27 15:07:55 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011.07.27 15:07:55 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011.07.27 15:07:55 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011.07.27 15:07:55 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011.07.27 15:07:55 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011.07.27 15:07:46 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011.07.27 15:07:46 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011.07.27 15:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011.07.27 15:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2011.07.27 14:58:48 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011.07.27 14:58:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.07.27 14:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2011.07.27 14:16:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011.07.27 14:12:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.07.27 14:09:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.07.27 14:09:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.07.27 14:09:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.07.27 14:09:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.07.27 14:08:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.07.27 14:08:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Noname\Nabídka Start\Programy\Nástroje pro správu
[2011.07.27 13:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noname\Data aplikací\Malwarebytes
[2011.07.27 13:15:02 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.07.27 13:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.07.27 13:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.07.27 13:14:59 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.07.27 13:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.27 12:31:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
[2011.07.27 12:31:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer
[2011.07.27 12:31:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix
[2011.07.27 12:27:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0
[2011.07.27 12:23:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2
[2011.07.27 12:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\WinRAR
[2011.07.27 12:06:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\av_ico
[2011.07.27 12:05:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1
[2011.07.27 12:05:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0-lnk
[2011.07.27 12:05:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0
[2011.07.26 16:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noname\Data aplikací\Synthesia
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.07.31 16:09:54 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI
[2011.07.31 16:04:11 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Noname\Plocha\OTL.exe
[2011.07.31 16:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011.07.31 15:54:40 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-113007714-682003330-1004.job
[2011.07.31 15:54:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.07.31 12:54:00 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-113007714-682003330-1004UA.job
[2011.07.31 12:10:13 | 000,095,232 | ---- | M] () -- C:\Documents and Settings\Noname\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.30 15:30:03 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-113007714-682003330-1004.job
[2011.07.30 15:29:13 | 000,088,889 | ---- | M] () -- C:\Documents and Settings\Noname\Dokumenty\Dotaz_30-07-2011.pdf
[2011.07.30 14:31:07 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\Noname\Plocha\Microsoft Office Word 2007.lnk
[2011.07.30 13:54:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-113007714-682003330-1004Core.job
[2011.07.29 18:09:35 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Nitro PDF Professional.lnk
[2011.07.27 15:07:56 | 000,002,552 | ---- | M] () -- C:\WINDOWS\System32\config.nt.bak
[2011.07.27 15:07:56 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2011.07.27 14:12:27 | 000,000,343 | RHS- | M] () -- C:\boot.ini
[2011.07.27 13:15:05 | 000,000,157 | ---- | M] () -- C:\WINDOWS\info1
[2011.07.27 13:15:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.07.27 12:31:27 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
[2011.07.27 12:31:27 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
[2011.07.27 12:31:27 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
[2011.07.27 12:31:26 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
[2011.07.27 12:24:04 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hîsts
[2011.07.27 12:15:36 | 000,000,227 | ---- | M] () -- C:\Boot.bak
[2011.07.27 12:09:35 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
[2011.07.27 12:08:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok
[2011.07.27 11:56:09 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.07.23 09:20:51 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.07.17 03:24:20 | 004,636,907 | ---- | M] () -- C:\WINDOWS\geoiplist
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.07.04 14:30:27 | 002,891,698 | ---- | M] () -- C:\Documents and Settings\Noname\Dokumenty\Greene__Brian_-_Elegantn__65533__vesmir.pdf
[2011.07.04 13:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011.07.04 13:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011.07.04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011.07.04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011.07.04 13:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011.07.04 13:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011.07.04 13:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011.07.03 13:17:31 | 000,640,215 | ---- | M] () -- C:\Documents and Settings\Noname\Dokumenty\Sigesuke.Taira.Busido.cesta.samuraje.pdf
[2011.07.03 13:10:48 | 000,225,593 | ---- | M] () -- C:\Documents and Settings\Noname\Dokumenty\nitobe-inazo-busido.pdf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.07.31 11:53:18 | 000,002,552 | ---- | C] () -- C:\WINDOWS\System32\config.nt.bak
[2011.07.31 11:53:18 | 000,001,592 | ---- | C] () -- C:\WINDOWS\System32\autoexec.nt.bak
[2011.07.30 15:29:13 | 000,088,889 | ---- | C] () -- C:\Documents and Settings\Noname\Dokumenty\Dotaz_30-07-2011.pdf
[2011.07.29 18:09:35 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Nitro PDF Professional.lnk
[2011.07.29 18:09:34 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Nitro PDF Professional.lnk
[2011.07.27 15:07:56 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2011.07.27 14:12:27 | 000,000,227 | ---- | C] () -- C:\Boot.bak
[2011.07.27 14:12:25 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.07.27 14:09:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.07.27 14:09:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.07.27 14:09:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.07.27 14:09:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.07.27 14:09:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.07.27 13:15:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.07.27 12:31:27 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
[2011.07.27 12:31:27 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
[2011.07.27 12:31:26 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
[2011.07.27 12:23:43 | 000,000,157 | ---- | C] () -- C:\WINDOWS\info1
[2011.07.27 12:09:36 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist
[2011.07.27 12:09:35 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar
[2011.07.27 12:09:35 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011.07.27 12:07:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
[2011.07.04 14:30:26 | 002,891,698 | ---- | C] () -- C:\Documents and Settings\Noname\Dokumenty\Greene__Brian_-_Elegantn__65533__vesmir.pdf
[2011.07.03 13:17:28 | 000,640,215 | ---- | C] () -- C:\Documents and Settings\Noname\Dokumenty\Sigesuke.Taira.Busido.cesta.samuraje.pdf
[2011.07.03 13:10:48 | 000,225,593 | ---- | C] () -- C:\Documents and Settings\Noname\Dokumenty\nitobe-inazo-busido.pdf
[2011.06.19 11:54:47 | 000,172,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2011.06.19 11:27:17 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011.06.19 11:27:17 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011.06.19 11:27:07 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Noname\Data aplikací\$_hpcst$.hpc
[2011.06.10 08:19:57 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2011.06.10 08:19:57 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2011.06.10 08:18:38 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2011.06.10 08:18:38 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2011.06.10 08:18:38 | 000,000,072 | R--- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2011.06.09 17:58:22 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Noname\Local Settings\Data aplikací\fusioncache.dat
[2011.06.09 14:58:09 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2011.06.09 14:53:45 | 000,095,232 | ---- | C] () -- C:\Documents and Settings\Noname\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.09 14:27:34 | 000,026,112 | R--- | C] () -- C:\WINDOWS\LgUninst.exe
[2011.06.09 14:15:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2011.06.09 13:47:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.06.08 12:03:04 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2011.06.08 10:24:20 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011.06.08 10:24:19 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.06.08 10:24:14 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.06.08 10:24:14 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.06.08 10:24:13 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.06.08 10:19:00 | 000,000,434 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2011.06.08 10:18:58 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011.06.08 10:18:56 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011.06.08 10:18:56 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011.06.08 10:18:56 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011.06.08 10:18:56 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011.06.08 10:18:56 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011.06.08 10:18:55 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011.06.08 10:18:55 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011.06.08 10:18:55 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2011.06.08 10:18:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\TBPanelExt.dll
[2011.06.08 10:18:10 | 000,026,624 | ---- | C] () -- C:\WINDOWS\TBZoom.exe
[2011.06.08 10:18:10 | 000,012,285 | ---- | C] () -- C:\WINDOWS\Cadx3.ini
[2011.06.08 10:18:10 | 000,006,942 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2011.06.08 10:18:10 | 000,005,120 | ---- | C] () -- C:\WINDOWS\TBManage.dll
[2011.06.08 10:10:19 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\C6501rm.dll
[2011.06.08 10:10:19 | 000,000,162 | ---- | C] () -- C:\WINDOWS\C6501.ini.cfl
[2011.06.08 10:09:48 | 000,004,571 | R--- | C] () -- C:\WINDOWS\C6501.ini.cfg
[2011.06.08 10:09:39 | 000,000,326 | R--- | C] () -- C:\WINDOWS\c6501.ini
[2011.06.08 10:06:11 | 000,012,377 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011.06.08 10:06:10 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011.06.08 10:05:53 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011.06.08 10:02:13 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.06.08 10:01:11 | 000,295,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.06.08 09:00:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.06.08 08:56:15 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.11.09 04:08:10 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2009.11.09 04:08:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2009.11.09 04:08:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2009.11.09 04:08:10 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2009.09.16 18:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2008.04.14 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 14:00:00 | 000,490,244 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 14:00:00 | 000,485,160 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 14:00:00 | 000,107,452 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2008.04.14 14:00:00 | 000,091,274 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008.02.07 10:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll

========== LOP Check ==========

[2011.06.22 08:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\AnvSoft
[2011.07.29 18:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\Downloaded Installations
[2011.07.29 18:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\Nitro PDF
[2011.06.08 10:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\OpenOffice.org
[2011.06.19 11:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\PC Suite
[2011.06.09 14:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\PhotoFiltre Studio X
[2011.06.19 11:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\Samsung
[2011.07.26 16:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\Synthesia
[2011.06.09 15:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\Thinstall
[2011.07.27 14:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2011.07.27 15:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2011.06.09 21:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LightScribe
[2011.06.08 10:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\muvee Technologies
[2011.07.29 18:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Nitro PDF
[2011.06.19 11:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2011.06.19 11:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Samsung
[2011.07.30 15:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2011.07.31 16:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Google Update" = "C:\Documents and Settings\Noname\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c -- [2011.06.09 13:49:08 | 000,136,176 | ---- | M] (Google Inc.)
"LightScribe Control Panel" = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden -- [2009.06.17 12:13:36 | 002,363,392 | ---- | M] (Hewlett-Packard Company)
"AlcoholAutomount" = "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount -- [2010.08.20 13:03:08 | 000,033,120 | ---- | M] (Alcohol Soft Development Team)
"AlSrvN" = C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe -- [2010.02.06 22:12:48 | 000,053,760 | ---- | M] ()
"KiesTrayAgent" =

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.06.09 14:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\ABBYY
[2011.07.20 15:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\Adobe
[2011.06.22 08:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\AnvSoft
[2011.07.29 18:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\Downloaded Installations
[2011.06.09 13:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\Google
[2011.06.09 14:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\Identities
[2011.06.08 10:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\InstallShield
[2011.06.09 13:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\Macromedia
[2011.07.27 13:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\Malwarebytes
[2011.06.21 11:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\Media Player Classic
[2011.07.24 12:02:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Noname\Data aplikací\Microsoft
[2011.06.09 13:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\Mozilla
[2011.06.09 21:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\Nero
[2011.07.29 18:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\Nitro PDF
[2011.06.08 10:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\OpenOffice.org
[2011.06.19 11:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\PC Suite
[2011.06.09 14:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\PhotoFiltre Studio X
[2011.06.23 11:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\Real
[2011.06.19 11:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\Samsung
[2011.06.10 09:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\Skype
[2011.07.26 16:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\Synthesia
[2011.06.09 15:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\Thinstall
[2011.06.12 16:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\vlc
[2011.06.09 14:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noname\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2011.01.27 15:43:34 | 000,266,552 | ---- | M] (ml) -- C:\Documents and Settings\Noname\Data aplikací\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe


< MD5 for: AGP440.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\System32\Drivers\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\System32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\System32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\System32\autochk.exe
[2008.04.14 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\System32\dllcache\autochk.exe

< MD5 for: CDROM.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\System32\Drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\System32\cryptsvc.dll
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\System32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\System32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\System32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\System32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\System32\hal.dll

< MD5 for: CHANGER.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 14:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\System32\Drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\System32\dllcache\lsass.exe
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\System32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\System32\dllcache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\System32\Drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\System32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\System32\netlogon.dll

< MD5 for: NVATA.SYS >
[2006.04.25 02:52:28 | 000,100,736 | R--- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\System32\Drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\System32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\System32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\System32\dllcache\smss.exe
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\System32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\System32\dllcache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\System32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 14:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\System32\Drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\System32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\System32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\System32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\System32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\System32\dllcache\ws2_32.dll
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\System32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2011.06.08 10:00:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011.06.08 10:00:08 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011.06.08 10:00:08 | 000,495,616 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.07.31 16:09:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\nmp.log
[2011.07.31 15:55:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\_nvidia_xxx_.log
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< *crack* /s >

< *keygen* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D282699C

< End of report >
Nahoru
Czechomaniak
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 31 črc 2011 12:06

Re: FB vir - prosba o pomoc

#7 Příspěvek od Czechomaniak »

A nyní druhý LOG - Extras.Txt

OTL Extras logfile created on: 31.7.2011 16:07:32 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Noname\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 75,03% Memory free
3,85 Gb Paging File | 3,53 Gb Available in Paging File | 91,62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68,36 Gb Total Space | 38,24 Gb Free Space | 55,93% Space Free | Partition Type: NTFS
Drive D: | 164,51 Gb Total Space | 164,23 Gb Free Space | 99,83% Space Free | Partition Type: NTFS

Computer Name: NONAME-8237CA99 | User Name: Noname | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1960408961-113007714-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"DisableThumbnailCache" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\Temp\NavBrowser.exe" = C:\WINDOWS\Temp\NavBrowser.exe:*:Enabled:NAVBrowser
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\WINDOWS\update.1\svchost.exe" = C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe
"C:\WINDOWS\update.tray-7-0\svchost.exe" = C:\WINDOWS\update.tray-7-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-7-0\svchost.exe
"C:\WINDOWS\update.2\svchost.exe" = C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1" = Classic Menu 3.x for Office 2007
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5CDF6674-78CA-4B1F-A3CA-BA7EAC6E4E0B}" = Nitro PDF Professional
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{9391F2BC-B6F3-4AAC-82CC-5A74A4ED388E}" = EPSON Photo Print
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{AC76BA86-7AD7-1029-7B44-A90000000001}" = Adobe Reader 9 - Czech
"{B2EFE303-A594-11D5-95EB-005004BC1C65}" = EPSON PhotoQuicker3.2
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{FAB43061-FEFB-46E8-A159-96710395DB5E}" = OpenOffice.org 3.2
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"3FA1705966809259F916AF817C59B4F389F4572C" = Balíček ovladače systému Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.2.3
"avast" = avast! Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"Gainward" = EXPERTool
"Generic 6501 Sound" = C-Media 6501 Sound
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Full)
"Lexicon 4.0" = Lingea Lexicon 2002
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware verze 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Moje slovíčka_is1" = Moje slovíčka 1.3
"Mozilla Firefox 4.0.1 (x86 cs)" = Mozilla Firefox 4.0.1 (x86 cs)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyFreeCodec" = MyFreeCodec
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 12.0" = RealPlayer
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VLC media player 1.1.10
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1960408961-113007714-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"PhotoFiltre Studio X" = PhotoFiltre Studio X

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 31.7.2011 5:40:04 | Computer Name = NONAME-8237CA99 | Source = Service Control Manager | ID = 7023
Description = Služba Automatic Updates byla ukončena s následující chybou: %%126

Error - 31.7.2011 5:40:04 | Computer Name = NONAME-8237CA99 | Source = Service Control Manager | ID = 7000
Description = Služba Cardex neuspěla při spuštění v důsledku následující chyby:
%%183

Error - 31.7.2011 5:41:19 | Computer Name = NONAME-8237CA99 | Source = Service Control Manager | ID = 7023
Description = Služba Automatic Updates byla ukončena s následující chybou: %%126

Error - 31.7.2011 5:41:49 | Computer Name = NONAME-8237CA99 | Source = DCOM | ID = 10010
Description = Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu
neregistroval u služby DCOM.

Error - 31.7.2011 5:55:14 | Computer Name = NONAME-8237CA99 | Source = Service Control Manager | ID = 7000
Description = Služba StarWind AE Service neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 31.7.2011 5:55:14 | Computer Name = NONAME-8237CA99 | Source = Service Control Manager | ID = 7023
Description = Služba Automatic Updates byla ukončena s následující chybou: %%126

Error - 31.7.2011 5:59:29 | Computer Name = NONAME-8237CA99 | Source = Service Control Manager | ID = 7000
Description = Služba StarWind AE Service neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 31.7.2011 5:59:29 | Computer Name = NONAME-8237CA99 | Source = Service Control Manager | ID = 7023
Description = Služba Automatic Updates byla ukončena s následující chybou: %%126

Error - 31.7.2011 9:55:42 | Computer Name = NONAME-8237CA99 | Source = Service Control Manager | ID = 7000
Description = Služba StarWind AE Service neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 31.7.2011 9:55:42 | Computer Name = NONAME-8237CA99 | Source = Service Control Manager | ID = 7023
Description = Služba Automatic Updates byla ukončena s následující chybou: %%126


< End of report >
Nahoru
Uživatelský avatar
Danstahr
Přítel fóra
Přítel fóra
Příspěvky: 1069
Registrován: 28 říj 2006 20:23
Bydliště: Londýn
Kontaktovat uživatele:
Kontaktovat uživatele Danstahr

Re: FB vir - prosba o pomoc

#8 Příspěvek od Danstahr »

:arrow: Spusťte znovu OTL, do okna dole vložte následující skript a klikněte na tlačítko Opravit! Po provedení oprav a restartu se otevře log, ten sem prosím vložte.

Kód: Vybrat vše

:Commands
[EmptyTemp]
[ResetHosts]
[EmptyFlash]
[Purity]

:OTL
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
[2011.06.09 14:46:50 | 000,000,000 | ---D | M] (PandoraTV Toolbar) -- C:\Documents and Settings\Noname\Data aplikací\Mozilla\Firefox\Profiles\kprgy3yt.default\extensions\toolbar@ask.com
[2011.06.09 14:20:08 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACĂ­\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\NONAME\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\KPRGY3YT.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1960408961-113007714-682003330-1004\..\Toolbar\WebBrowser: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [22612005-loader2.exe] File not found
O4 - HKLM..\Run: [4188668.exe] File not found
O4 - HKLM..\Run: [6763545.exe] File not found
O4 - HKLM..\Run: [7717488.exe] File not found
O4 - HKLM..\Run: [9855569.exe] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [C6501Sound] File not found
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2008.04.14 14:00:00 | 000,490,244 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 14:00:00 | 000,485,160 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2008.04.14 14:00:00 | 000,107,452 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2008.04.14 14:00:00 | 000,091,274 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D282699C

:Files
C:\Program Files\Ask.com
22612005-loader2.exe /s
4188668.exe /s
6763545.exe /s
7717488.exe /s
9855569.exe /s
C:\WINDOWS\ufa
C:\WINDOWS\rpcminer
C:\WINDOWS\phoenix
C:\WINDOWS\update.5.0
C:\WINDOWS\update.2
C:\WINDOWS\av_ico
C:\WINDOWS\update.1
C:\WINDOWS\update.tray-7-0-lnk
C:\WINDOWS\update.tray-7-0
C:\WINDOWS\loader2.exe_ok
C:\WINDOWS\geoiplist
C:\WINDOWS\geoiplist.rar
C:\WINDOWS\phoenix.rar
C:\WINDOWS\unrar.exe
C:\WINDOWS\ufa.rar
C:\WINDOWS\rpcminer.rar
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\PEV.exe
C:\WINDOWS\MBR.exe
C:\WINDOWS\sed.exe
C:\WINDOWS\grep.exe
C:\WINDOWS\zip.exe

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\Temp\NavBrowser.exe"=-
"C:\WINDOWS\system32\muzapp.exe"=-
"C:\WINDOWS\update.1\svchost.exe"=-
"C:\WINDOWS\update.tray-7-0\svchost.exe"=-
"C:\WINDOWS\update.2\svchost.exe"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}"=-
Poté dejte nový log z OTL podle návodu výše, do pole Vlastní sken/opravy nic nevkládejte.
Koupím trochu času, cenu respektuji.
Nahoru
Czechomaniak
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 31 črc 2011 12:06

Re: FB vir - prosba o pomoc

#9 Příspěvek od Czechomaniak »

Opět zdravím,
chtěl bych zjistit a i se ubezpečit, zdali po vložení Vašeho scriptu do programu OTL a následné opravě nedojde k nějakým nenávratným změnám v operačním systému (např.: Poškození systému). Nyní mi OS funguje a jsem vděčný, že alespoň jde, po tom, co jsem ho "jakštakš" laickým způsobem zprovoznil. Pouze si nejsem jistý, zdali jsem se zbavil zbytků po viru, pokud tam nějaké vůbec zůstaly. Jediné, co se v počítači občas porouchá, tak je zaseknutí spodní listy při náběhu systému (lze vyřešit restartem) a objevení chybové hlášky (viz úvodní příspěvek). Na přeinstalování XP si netroufnu a nechci vézt PC na opravu.
Nahoru
Uživatelský avatar
Danstahr
Přítel fóra
Přítel fóra
Příspěvky: 1069
Registrován: 28 říj 2006 20:23
Bydliště: Londýn
Kontaktovat uživatele:
Kontaktovat uživatele Danstahr

Re: FB vir - prosba o pomoc

#10 Příspěvek od Danstahr »

Nenávratné změny rozhodně neprovádíme. Skript pouze odstraňuje pozůstatky havěti a kdykoliv se dá vše uvést do původního stavu (ovšem pochybuji o smyslu tohoto kroku ;)).
Koupím trochu času, cenu respektuji.
Nahoru
Czechomaniak
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 31 črc 2011 12:06

Re: FB vir - prosba o pomoc

#11 Příspěvek od Czechomaniak »

Opět zdravím,
spustil jsem program OTL, vložil výše uvedený script a dal povel "Opravit". Program začal pracovat a zhruba po 5 minutách mi vyhodil chybovou hlášku (s pouze jedním tlačítkem - OK):

Cannot create file
C:/Documents and Settings/.

Po odkliknutí chybové hlášky se zdálo, že se program zasekl, ačkoliv mě program informoval ve spodní liště o stavu procesu "Resseting HOSTS file. DO NOT INTERRUPT...". Pojal jsem podezření, že nefunguje, jak má. Zkusil jsem tedy vyvolat Správce úloh, abych se přesvědčil, zdali u něj není hláška neodpovídá (a tedy je zaseklý). Po stisknutí Cltr+Alt+Del namísto vytouženého Správce úloh vyskočila chybová hláška se změtí čísel a jakýchsi příkazů. Pak přestal jít internet (tedy Google Chrome a Mozilla), dále nešla spustit nápověda a odborná pomoc systému Windows XP a na spodní liště zmizely hodiny a nápis START (bylo tam pouze prázdné zelené tlačítko bez nápisu). Co jsem nechtěl, aby se stalo, to se stalo - systém se poškodil. Vynutil jsem si tedy manuálně restart počítače. S mým údivem systém přeci jen naběhl. Je to až s podivem, ale nepozoruji žádnou nenávratnou změnu. Vše je jako před spuštěním OTL a vložením scriptu.

Nevím, jestli má cenu ještě do systému rýpat, přeci jen nejsem až tak náročný uživatel, a stačí mi když systém běží a dělá co má. Jestli v něm zůstal ještě nějaký bordel, který je neaktivní, tak s tím jsem ochoten se smířit.
Nahoru
Uživatelský avatar
Danstahr
Přítel fóra
Přítel fóra
Příspěvky: 1069
Registrován: 28 říj 2006 20:23
Bydliště: Londýn
Kontaktovat uživatele:
Kontaktovat uživatele Danstahr

Re: FB vir - prosba o pomoc

#12 Příspěvek od Danstahr »

To, že systém vypadá, jak jste psal, "zbořený", je běžná praxe, OTL při opravě ukončí všechny procesy, které pro systém nejsou kriticky důležité.

K chybě - jste přihlášen pod účtem s administrátorským oprávněním?
Koupím trochu času, cenu respektuji.
Nahoru
Czechomaniak
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 31 črc 2011 12:06

Re: FB vir - prosba o pomoc

#13 Příspěvek od Czechomaniak »

Ano, jsem přihlášen jako administrátor resp. na počítači máme zřízený jediný společný účet, který je sám o sobě Administrátor.
Nahoru
Uživatelský avatar
Danstahr
Přítel fóra
Přítel fóra
Příspěvky: 1069
Registrován: 28 říj 2006 20:23
Bydliště: Londýn
Kontaktovat uživatele:
Kontaktovat uživatele Danstahr

Re: FB vir - prosba o pomoc

#14 Příspěvek od Danstahr »

Zkuste to tedy ještě jednou s následujícím skriptem :

Kód: Vybrat vše

:Commands
[EmptyTemp]
[ResetHosts]
[EmptyFlash]

:OTL
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [22612005-loader2.exe] File not found
O4 - HKLM..\Run: [4188668.exe] File not found
O4 - HKLM..\Run: [6763545.exe] File not found
O4 - HKLM..\Run: [7717488.exe] File not found
O4 - HKLM..\Run: [9855569.exe] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [C6501Sound] File not found
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D282699C

:Files
C:\Program Files\Ask.com
22612005-loader2.exe /s
4188668.exe /s
6763545.exe /s
7717488.exe /s
9855569.exe /s
C:\WINDOWS\ufa
C:\WINDOWS\rpcminer
C:\WINDOWS\phoenix
C:\WINDOWS\update.5.0
C:\WINDOWS\update.2
C:\WINDOWS\av_ico
C:\WINDOWS\update.1
C:\WINDOWS\update.tray-7-0-lnk
C:\WINDOWS\update.tray-7-0
C:\WINDOWS\loader2.exe_ok
C:\WINDOWS\geoiplist
C:\WINDOWS\geoiplist.rar
C:\WINDOWS\phoenix.rar
C:\WINDOWS\unrar.exe
C:\WINDOWS\ufa.rar
C:\WINDOWS\rpcminer.rar
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\PEV.exe
C:\WINDOWS\MBR.exe
C:\WINDOWS\sed.exe
C:\WINDOWS\grep.exe
C:\WINDOWS\zip.exe

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\Temp\NavBrowser.exe"=-
"C:\WINDOWS\system32\muzapp.exe"=-
"C:\WINDOWS\update.1\svchost.exe"=-
"C:\WINDOWS\update.tray-7-0\svchost.exe"=-
"C:\WINDOWS\update.2\svchost.exe"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}"=-
Koupím trochu času, cenu respektuji.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“