Zamrzavání PC po startu

Zpráva

ciclik · #1 Příspěvek od **ciclik** » 01 bře 2010 16:19

Prosím o pomoc na nejmenovaném webforu mi rekli ze mi snad zde pomuzete jde o tohle kdyz zapnu PC tak mi vse nabehne a pak tak na 15-25 minut zamrzne cela dolni lista + nemuzu v podstate nic delat jelikoz se acne lagat i PC a celkem dost zde postuji log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dominik at 2010-03-01 16:14:20
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (28%) free of 25 GB
Total RAM: 1280 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:14:32, on 1.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Dominik\Plocha\RSIT.exe
C:\Program Files\trend micro\Dominik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Center Agent] C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [UniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Remote Control.lnk = C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33ADD233-73F2-4648-9100-8A415D310262}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 7588 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D5D47440-0750-463D-BAEF-A47D02414806}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-01-06 1657448]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-01-11 13666408]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-01-11 110696]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-12-29 323392]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"Center Agent"=C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe [2007-08-22 1518592]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"UniblueRegistryBooster"=C:\Program Files\Uniblue\RegistryBooster\launcher.exe [2010-02-15 60208]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Remote Control.lnk - C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-11-08 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"D:\Program Files\Valve\hl.exe"="D:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\Velve2\hl.exe"="D:\Program Files\Velve2\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\Valve\hlds.exe"="D:\Program Files\Valve\hlds.exe:*:Enabled:HLDS Launcher"
"D:\Program Files\Velve2\hlds.exe"="D:\Program Files\Velve2\hlds.exe:*:Enabled:HLDS Launcher"
"D:\xampp\apache\bin\apache.exe"="D:\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server"
"D:\wladci web\web\wow\the-Burning-Crusade.exe"="D:\wladci web\web\wow\the-Burning-Crusade.exe:*:Enabled:Blizzard Downloader"
"D:\MaNGOS\realmd.exe"="D:\MaNGOS\realmd.exe:*:Enabled:realmd"
"D:\MaNGOS1\v6766\diskw\usr\local\Apache2\bin\Apache.exe"="D:\MaNGOS1\v6766\diskw\usr\local\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"D:\MaNGOS1\v6766\realmd.exe"="D:\MaNGOS1\v6766\realmd.exe:*:Enabled:realmd"
"D:\MaNGOS\mangosd.exe"="D:\MaNGOS\mangosd.exe:*:Enabled:mangosd"
"D:\Program Files\the Burning Crusade\Launcher.exe"="D:\Program Files\the Burning Crusade\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Tom Miller - 3D hry v jazyce C# [CZ]\Zdrojové kódy\Tanky\bin\Release\Tanky.exe"="D:\Tom Miller - 3D hry v jazyce C# [CZ]\Zdrojové kódy\Tanky\bin\Release\Tanky.exe:*:Disabled: "
"D:\MaNGOS1\realmd.exe"="D:\MaNGOS1\realmd.exe:*:Enabled:realmd"
"D:\MaNGOS1\mangosd.exe"="D:\MaNGOS1\mangosd.exe:*:Enabled:mangosd"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-01 16:12:45 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2010-03-01 16:11:41 ----D---- C:\Program Files\trend micro
2010-03-01 16:11:39 ----D---- C:\rsit
2010-02-28 11:59:15 ----D---- C:\Program Files\Bonjour
2010-02-28 11:00:42 ----D---- C:\Program Files\Common Files\Macrovision Shared
2010-02-28 09:59:25 ----SHD---- C:\Config.Msi
2010-02-26 14:59:36 ----D---- C:\Program Files\Webteh
2010-02-26 14:57:54 ----D---- C:\Program Files\Kodek CZ
2010-02-24 20:30:18 ----A---- C:\WINDOWS\system32\msvcr71d.dll
2010-02-24 20:12:52 ----D---- C:\Program Files\Uniblue
2010-02-24 19:46:47 ----A---- C:\WINDOWS\msb.exe
2010-02-24 19:36:54 ----A---- C:\WINDOWS\msa.exe
2010-02-24 19:36:41 ----A---- C:\WINDOWS\system32\sshnas21.dll
2010-02-24 19:23:16 ----D---- C:\Program Files\iXi Tools
2010-02-24 14:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-24 13:13:46 ----D---- C:\Program Files\Git
2010-02-24 09:19:45 ----D---- C:\Office10
2010-02-24 09:10:01 ----D---- C:\Program Files\Microsoft Visual Studio .NET 2003
2010-02-24 09:10:00 ----D---- C:\Program Files\Microsoft Platform SDK for Windows Server 2003 R2
2010-02-23 08:01:18 ----D---- C:\Program Files\The Game Creators
2010-02-23 07:58:19 ----A---- C:\WINDOWS\system32\dswaved.dll
2010-02-23 07:58:19 ----A---- C:\WINDOWS\system32\dmusicd.dll
2010-02-23 07:58:19 ----A---- C:\WINDOWS\system32\dmsynthd.dll
2010-02-23 07:58:19 ----A---- C:\WINDOWS\system32\dmstyled.dll
2010-02-23 07:58:19 ----A---- C:\WINDOWS\system32\dmscripd.dll
2010-02-23 07:58:19 ----A---- C:\WINDOWS\system32\dmloaded.dll
2010-02-23 07:58:19 ----A---- C:\WINDOWS\system32\dmimed.dll
2010-02-23 07:58:19 ----A---- C:\WINDOWS\system32\dmcompod.dll
2010-02-23 07:58:19 ----A---- C:\WINDOWS\system32\dmbandd.dll
2010-02-23 07:58:18 ----A---- C:\WINDOWS\system32\dinput8d.dll
2010-02-23 07:58:18 ----A---- C:\WINDOWS\system32\d3dx9d_35.dll
2010-02-23 07:58:18 ----A---- C:\WINDOWS\system32\d3dx9d_33.dll
2010-02-23 07:58:18 ----A---- C:\WINDOWS\system32\d3dref9.dll
2010-02-23 07:58:18 ----A---- C:\WINDOWS\system32\d3dref8.dll
2010-02-23 07:58:18 ----A---- C:\WINDOWS\system32\d3dref.dll
2010-02-23 07:58:17 ----A---- C:\WINDOWS\system32\d3d9d.dll
2010-02-23 07:58:17 ----A---- C:\WINDOWS\system32\d3d8d.dll
2010-02-23 07:54:59 ----D---- C:\Program Files\Microsoft DirectX SDK (August 2007)
2010-02-22 20:27:28 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2010-02-22 20:26:39 ----D---- C:\Program Files\Microsoft SQL Server
2010-02-22 20:17:12 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2010-02-22 20:17:12 ----D---- C:\Program Files\Common Files\Merge Modules
2010-02-22 20:15:38 ----D---- C:\Program Files\Microsoft SDKs
2010-02-21 20:53:36 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-21 09:12:35 ----A---- C:\WINDOWS\iun6002.exe
2010-02-21 09:11:50 ----D---- C:\Program Files\BlueVoda Website Builder
2010-02-18 18:57:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Blizzard Entertainment
2010-02-10 14:04:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 14:04:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 14:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 14:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 14:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 14:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 14:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 14:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 14:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-07 18:29:45 ----D---- C:\Documents and Settings\Dominik\Data aplikací\Mozilla
2010-02-07 18:28:47 ----D---- C:\Program Files\Mozilla Firefox
2010-02-06 18:24:41 ----D---- C:\mangos
2010-02-06 14:15:37 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-02-05 18:34:19 ----A---- C:\WINDOWS\system32\muweb.dll
2010-02-05 18:34:18 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-02-05 18:34:16 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-02-05 18:23:19 ----A---- C:\WINDOWS\system32\msonpmon.dll
2010-02-05 18:11:47 ----D---- C:\Program Files\Microsoft Works
2010-02-05 18:02:53 ----D---- C:\Program Files\Microsoft Visual Studio
2010-02-05 18:02:35 ----D---- C:\Program Files\Common Files\DESIGNER
2010-02-05 17:54:58 ----D---- C:\Program Files\Microsoft.NET
2010-02-05 17:51:10 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-02-05 17:49:06 ----D---- C:\WINDOWS\SHELLNEW
2010-02-05 17:47:41 ----D---- C:\Program Files\Microsoft Office
2010-02-05 17:47:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-02-05 17:46:22 ----RHD---- C:\MSOCache
2010-02-03 12:49:30 ----D---- C:\Program Files\Google
2010-02-03 12:48:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software

======List of files/folders modified in the last 1 months======

2010-03-01 16:14:09 ----AD---- C:\WINDOWS\system32
2010-03-01 16:12:40 ----D---- C:\Documents and Settings\Dominik\Data aplikací\Skype
2010-03-01 16:11:53 ----D---- C:\WINDOWS\Prefetch
2010-03-01 16:11:41 ----RD---- C:\Program Files
2010-03-01 16:06:55 ----D---- C:\Documents and Settings\Dominik\Data aplikací\DNA
2010-03-01 16:05:14 ----D---- C:\Documents and Settings\Dominik\Data aplikací\skypePM
2010-03-01 12:16:06 ----D---- C:\WINDOWS\Temp
2010-03-01 07:36:25 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-01 07:36:04 ----D---- C:\Program Files\DNA
2010-02-28 22:45:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-28 12:04:20 ----SHD---- C:\WINDOWS\Installer
2010-02-28 12:03:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-02-28 11:59:05 ----D---- C:\Program Files\Common Files\Adobe
2010-02-28 11:57:40 ----D---- C:\Documents and Settings\Dominik\Data aplikací\Adobe
2010-02-28 11:55:41 ----D---- C:\Program Files\Adobe
2010-02-28 11:01:38 ----D---- C:\WINDOWS\WinSxS
2010-02-28 11:00:42 ----D---- C:\Program Files\Common Files
2010-02-28 10:17:15 ----RSD---- C:\WINDOWS\Fonts
2010-02-27 14:37:06 ----D---- C:\WINDOWS
2010-02-27 02:07:12 ----SD---- C:\WINDOWS\Tasks
2010-02-26 14:58:19 ----HD---- C:\WINDOWS\inf
2010-02-26 14:58:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-24 14:00:33 ----D---- C:\WINDOWS\ie8updates
2010-02-24 14:00:31 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-24 09:19:44 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-23 23:44:53 ----D---- C:\Documents and Settings\Dominik\Data aplikací\uTorrent
2010-02-23 08:01:16 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-23 07:54:58 ----D---- C:\WINDOWS\system32\DirectX
2010-02-23 07:54:39 ----RSD---- C:\WINDOWS\assembly
2010-02-22 20:51:56 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-22 20:28:04 ----D---- C:\WINDOWS\system32\mui
2010-02-22 20:23:20 ----SD---- C:\Documents and Settings\Dominik\Data aplikací\Microsoft
2010-02-16 19:02:57 ----A---- C:\WINDOWS\WORDPAD.INI
2010-02-11 19:53:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-02-11 18:48:45 ----D---- C:\WINDOWS\Debug
2010-02-10 14:04:46 ----D---- C:\WINDOWS\system32\drivers
2010-02-07 14:06:50 ----A---- C:\WINDOWS\win.ini
2010-02-07 14:06:49 ----D---- C:\Program Files\Common Files\System
2010-02-05 18:22:34 ----D---- C:\WINDOWS\system32\config
2010-02-05 18:09:45 ----D---- C:\Program Files\MSBuild
2010-02-05 17:54:58 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-02-03 12:52:34 ----D---- C:\Program Files\Alwil Software
2010-02-03 00:15:51 ----D---- C:\Documents and Settings\Dominik\Data aplikací\Hamachi

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-11 28880]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2009-11-08 41600]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-02-11 46672]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-02-11 100432]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-07-06 34064]
R3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-04-20 674048]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-02-11 23376]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-09-22 43520]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-12-29 25280]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-11-08 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-01-12 10276768]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL []
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-01-11 154216]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03 133104]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-28 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
[/code]
popripade pokud je tam neco jeste nejaky problem tak at vim dopredu
Dekuji predem za odpovedi.
Ciclik

#2 Příspěvek od **stell** » 01 bře 2010 17:47

Zdravim
ano mas tam zopar trojanov

PROSIM CITAJTE POZORNE NAVODY!!!,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte>>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Suhlasit instalacio Konzoly pre zotavenie (Recovery console)

- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

ciclik · #3 Příspěvek od **ciclik** » 01 bře 2010 18:16

Zde je log z Combofixu:

ComboFix 10-02-28.04 - Dominik 01.03.2010 17:58:02.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1280.934 [GMT 1:00]
Spuštěný z: c:\documents and settings\Dominik\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\msa.exe
c:\windows\msb.exe
c:\windows\system32\msssc.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-01 do 2010-03-01 )))))))))))))))))))))))))))))))
.

2010-03-01 15:12 . 2004-02-23 00:00 1386496 ----a-w- c:\windows\system32\msvbvm60.dll
2010-03-01 15:11 . 2010-03-01 15:27 -------- d-----w- c:\program files\trend micro
2010-03-01 15:11 . 2010-03-01 15:12 -------- d-----w- C:\rsit
2010-02-28 10:59 . 2010-02-28 10:59 -------- d-----w- c:\program files\Bonjour
2010-02-28 10:00 . 2010-02-28 10:00 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-02-26 13:59 . 2010-02-26 13:59 -------- d-----w- c:\program files\Webteh
2010-02-26 13:57 . 2010-02-26 13:57 -------- d-----w- c:\program files\Kodek CZ
2010-02-24 19:30 . 2005-07-15 13:39 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2010-02-24 19:12 . 2010-02-24 19:12 -------- d-----w- c:\program files\Uniblue
2010-02-24 18:23 . 2010-02-24 18:23 -------- d-----w- c:\program files\iXi Tools
2010-02-24 12:13 . 2010-02-24 12:14 -------- d-----w- c:\program files\Git
2010-02-24 08:19 . 2010-02-24 08:19 -------- d-----w- C:\Office10
2010-02-24 08:10 . 2010-02-24 08:10 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2003
2010-02-24 08:10 . 2010-02-24 08:12 -------- d-----w- c:\program files\Microsoft Platform SDK for Windows Server 2003 R2
2010-02-23 07:01 . 2010-02-23 07:01 -------- d-----w- c:\program files\The Game Creators
2010-02-22 19:26 . 2010-02-22 19:26 -------- d-----w- c:\program files\Microsoft SQL Server
2010-02-22 19:17 . 2010-02-22 19:20 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-02-22 19:17 . 2010-02-22 19:18 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-02-22 19:15 . 2010-02-22 19:15 -------- d-----w- c:\program files\Microsoft SDKs
2010-02-21 19:53 . 2010-02-21 19:53 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-21 08:12 . 2010-02-21 08:11 737280 ----a-w- c:\windows\iun6002.exe
2010-02-21 08:11 . 2010-02-22 12:24 -------- d-----w- c:\program files\BlueVoda Website Builder
2010-02-10 09:56 . 2009-12-04 17:25 456832 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-10 09:56 . 2009-12-09 10:03 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-10 09:56 . 2009-12-09 10:03 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-07 17:29 . 2010-02-07 17:29 0 ----a-w- c:\windows\nsreg.dat
2010-02-06 17:24 . 2010-02-25 21:14 -------- d-----w- C:\mangos
2010-02-06 13:15 . 2010-02-06 13:15 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-02-05 17:34 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-05 17:34 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-05 17:23 . 2008-11-10 10:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-02-05 17:23 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-02-05 17:11 . 2010-02-07 13:11 -------- d-----w- c:\program files\Microsoft Works
2010-02-05 16:54 . 2010-02-05 16:54 -------- d-----w- c:\program files\Microsoft.NET
2010-02-05 16:51 . 2010-02-05 16:51 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-05 16:49 . 2010-02-05 17:01 -------- d-----w- c:\windows\SHELLNEW
2010-02-05 16:46 . 2010-02-05 16:46 -------- d-----r- C:\MSOCache
2010-02-03 12:32 . 2005-07-08 13:44 159616 ----a-w- c:\windows\system32\drivers\vax347b.sys
2010-02-03 12:32 . 2004-04-30 08:33 5248 ----a-w- c:\windows\system32\drivers\vax347s.sys
2010-02-03 11:49 . 2010-02-03 11:50 -------- d-----w- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 17:05 . 2009-12-29 12:23 -------- d-----w- c:\program files\DNA
2010-02-28 10:59 . 2009-12-30 00:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-23 07:01 . 2009-12-29 12:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-23 06:58 . 2010-02-23 06:54 -------- d-----w- c:\program files\Microsoft DirectX SDK (August 2007)
2010-02-11 18:53 . 2009-12-29 11:17 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-11 18:53 . 2009-12-29 11:17 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-11 18:42 . 2009-12-29 11:17 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-11 18:42 . 2009-12-29 11:17 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-11 18:39 . 2009-12-29 11:17 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-11 18:38 . 2009-12-29 11:17 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-11 18:38 . 2009-12-29 11:17 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-11 18:38 . 2009-12-29 11:17 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-11 18:38 . 2009-12-29 11:17 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-05 17:09 . 2009-12-29 10:47 -------- d-----w- c:\program files\MSBuild
2010-02-03 11:52 . 2009-12-29 11:17 -------- d-----w- c:\program files\Alwil Software
2010-01-30 10:17 . 2010-01-30 10:17 -------- d-----w- c:\program files\XP Codec Pack
2010-01-30 08:35 . 2010-01-30 08:35 -------- d-----w- c:\program files\uTorrent
2010-01-28 12:32 . 2010-01-28 12:32 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-28 12:32 . 2009-12-29 11:40 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-28 12:32 . 2010-01-28 12:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-23 09:15 . 2009-12-29 11:34 -------- d-----w- c:\program files\Opera
2010-01-21 17:42 . 2010-01-21 17:42 -------- d-----w- c:\program files\TortoiseSVN
2010-01-21 17:42 . 2010-01-21 17:42 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2010-01-21 15:36 . 2001-10-25 11:00 77850 ----a-w- c:\windows\system32\perfc005.dat
2010-01-21 15:36 . 2001-10-25 11:00 428744 ----a-w- c:\windows\system32\perfh005.dat
2010-01-21 15:36 . 2010-01-21 15:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-01-21 15:35 . 2010-01-21 15:35 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-01-21 15:35 . 2010-01-21 15:35 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-01-21 15:35 . 2010-01-21 15:35 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-20 14:49 . 2010-01-20 14:48 -------- d-----w- c:\program files\Nmap
2010-01-20 14:49 . 2010-01-20 14:49 -------- d-----w- c:\program files\WinPcap
2010-01-14 18:18 . 2010-01-14 18:18 -------- d-----w- c:\program files\Half-Life Model Viewer
2010-01-14 15:58 . 2010-01-14 15:58 -------- d-----w- c:\program files\Custom-Strike
2010-01-12 04:03 . 2009-12-29 11:40 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-12 04:03 . 2009-12-29 11:40 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03 . 2009-12-29 11:40 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 04:03 . 2009-12-29 11:40 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 04:03 . 2009-12-29 11:40 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2009-12-29 11:40 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03 . 2009-12-29 11:40 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-12 04:03 . 2009-12-29 11:40 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2009-12-29 11:40 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-12 04:03 . 2009-12-29 11:40 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03 . 2009-12-29 11:40 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-11 21:17 . 2010-01-11 21:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-11 21:17 . 2010-01-11 21:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-11 21:17 . 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:17 . 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 21:17 . 2010-01-11 21:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-10 14:24 . 2010-01-10 14:24 -------- d-----w- c:\program files\Bradbury
2010-01-09 12:45 . 2010-01-09 12:45 -------- d-----w- c:\program files\MySQL
2010-01-03 11:19 . 2010-01-03 10:56 -------- d-----w- c:\program files\PhotoFiltre
2010-01-02 11:39 . 2010-01-02 11:39 -------- d-----w- c:\program files\Common Files\Protexis
2010-01-02 11:37 . 2010-01-02 11:37 -------- d-----w- c:\program files\Common Files\Corel
2010-01-02 11:36 . 2010-01-02 11:36 -------- d-----w- c:\program files\Corel
2010-01-02 09:22 . 2010-01-02 09:22 -------- d-----w- c:\program files\CCleaner
2010-01-02 08:33 . 2010-01-02 08:33 -------- d-----w- c:\program files\Common Files\BitDefender
2010-01-02 08:12 . 2010-01-02 08:12 -------- d-----w- c:\program files\Enigma Software Group
2010-01-01 07:58 . 2009-11-08 15:35 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 14:34 . 2009-12-31 14:34 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-30 13:16 . 2009-12-30 13:16 4608 ----a-w- c:\windows\cocowawa.dll
2009-12-29 19:43 . 2009-12-29 19:43 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-12-29 12:36 . 2009-12-29 12:36 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-29 11:01 . 2009-12-29 10:32 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-29 11:01 . 2009-12-29 10:32 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-29 11:00 . 2009-12-29 10:32 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-29 10:29 . 2009-12-29 10:29 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-21 19:02 . 2009-11-08 15:30 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2009-12-29 10:28 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2008-04-14 05:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 14:33 . 2009-08-04 21:53 2068352 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 14:33 . 2009-11-08 15:36 2191488 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-04 17:25 . 2009-11-08 15:35 456832 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

------- Sigcheck -------

[-] 2009-11-08 . 906D82AA224D5A3BA99DAEB5B9146354 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-12-29 323392]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"Center Agent"="c:\program files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe" [2007-08-22 1518592]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"UniblueRegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2010-02-15 60208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-01-06 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Remote Control.lnk - c:\program files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe [2009-12-30 77824]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"d:\\Program Files\\Velve2\\hl.exe"=
"d:\\Program Files\\Velve2\\hlds.exe"=
"d:\\xampp\\apache\\bin\\apache.exe"=
"d:\\wladci web\\web\\wow\\the-Burning-Crusade.exe"=
"d:\\MaNGOS\\realmd.exe"=
"d:\\MaNGOS\\mangosd.exe"=
"d:\\Program Files\\the Burning Crusade\\Launcher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Tom Miller - 3D hry v jazyce C# [CZ]\\Zdrojové kódy\\Tanky\\bin\\Release\\Tanky.exe"=
"d:\\MaNGOS1\\realmd.exe"=
"d:\\MaNGOS1\\mangosd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:Quice a Web
"27015:UDP"= 27015:UDP:CS

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.12.2009 15:34 721904]
R0 vax347b;vax347b;c:\windows\system32\drivers\vax347b.sys [3.2.2010 13:32 159616]
R0 vax347s;vax347s;c:\windows\system32\drivers\vax347s.sys [3.2.2010 13:32 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.12.2009 12:17 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.12.2009 12:17 19024]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.7.2009 7:47 34064]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [30.12.2009 1:01 674048]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.2.2010 12:49 133104]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 11:49]

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 11:49]
.
.
------- Doplňkový sken -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {33ADD233-73F2-4648-9100-8A415D310262} = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Dominik\Data aplikací\Mozilla\Firefox\Profiles\1ls4sdqr.default\
FF - prefs.js: browser.search.selectedEngine - Centrum.cz Search
FF - prefs.js: browser.startup.homepage - hxxp://centrum.cz/firefox
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-Wdf01000.sys

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-01 18:07
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spnv.sys >>UNKNOWN [0x8974E938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf746ecb8
\Driver\atapi -> atapi.sys @ 0xf7833b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'lsass.exe'(1128)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'explorer.exe'(672)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Uniblue\RegistryBooster\registrybooster.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2010-03-01 18:14:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-01 17:14

Před spuštěním: 7 205 777 408
Po spuštění: 7 124 197 376

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C57F388B65BC63F3205DE9225588AE00

#4 Příspěvek od **stell** » 01 bře 2010 18:30

tiahnes na plochu>Download>spustis>>vloz zeleny text a klik >look,,log vloz sem

Kód: Vybrat vše

:filefind
sshnas21.dll

ciclik · #5 Příspěvek od **ciclik** » 01 bře 2010 18:38

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 18:37 on 01/03/2010 by Dominik (Administrator - Elevation successful)

========== filefind ==========

Searching for "sshnas21.dll"
No files found.

-=End Of File=-

#6 Příspěvek od **stell** » 01 bře 2010 18:40

ok,
este
otestujte na VIRUSTOTALu
c:\windows\cocowawa.dll
c:\windows\system32\sfcfiles.dll
(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledek sem vlozte)

ciclik · #7 Příspěvek od **ciclik** » 01 bře 2010 19:08

Pokud staci odkaz na otestovany soubor?
Cocowawa.dll :
http://www.virustotal.com/cs/analisis/5 ... 1267466668

Sfcfiles.dll :
http://www.virustotal.com/cs/analisis/4 ... 1267466734

#8 Příspěvek od **stell** » 01 bře 2010 19:15

http://download.bleepingcomputer.com/ma ... -setup.exe
Stiahnes>>Malwarebytes' Anti-Malware stiahnut-nainstalovat -aktualizovat-
sprav komplet skan,,log vloz sem,

ciclik · #9 Příspěvek od **ciclik** » 01 bře 2010 22:40

Malwarebytes LOG:

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3809
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1.3.2010 22:39:46
mbam-log-2010-03-01 (22-39-40).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 283685
Uplynulý čas: 2 hour(s), 37 minute(s), 25 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\Dominik\Plocha\wow\wow hack\tnwt123a_win32.exe (Trojan.Banker) -> No action taken.
D:\System Volume Information\_restore{0BC5A5B2-DBC2-4435-AF60-F67C818950A5}\RP77\A0016456.exe (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Dominik\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.

Ty trojany mam nejspis odstranit co ???

#10 Příspěvek od **stell** » 02 bře 2010 07:57

Ano odstranit a napis ako sa chova pc.

ciclik · #11 Příspěvek od **ciclik** » 02 bře 2010 14:33

Tak sem jeodstranil ale furt to po startu pomalu nabiha nevim proc

#12 Příspěvek od **stell** » 02 bře 2010 16:09

no pockaj pisal si o romto probleme,takze toto je uz ok??

Zamrzavání PC po startu

Stahni OTListIt2>> OTL
- spust
-zafajkni
-Scan all users.
-Lop check.
-Purity check.
-v sekciiExtra Registry>zaboduj>Use SafeList
-do okna Custom Scans/Fixes>vloz zeleny text a klik Run SCAN
-scan trva [10-15 min]>.potom vloz sem
-OTL.txt (bude na ploche).

Kód: Vybrat vše

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\viamraid.sys /s /md5
%SYSTEMDRIVE%\nvata.sys /s /md5
%SYSTEMROOT%\*. /mp /s
CREATERESTOREPOINT
%SYSTEMROOT%\system32\*.dll /lockedfiles
%SYSTEMROOT%\Tasks\*.job /lockedfiles

ciclik · #13 Příspěvek od **ciclik** » 02 bře 2010 16:22

no jako takhle sem to myslel kdyz ho zapnu tak furt vzdycky zamrzne tak na tech 15 minut

log:
OTL logfile created on: 2.3.2010 16:24:16 - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\Dominik\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 6,46 Gb Free Space | 26,45% Space Free | Partition Type: NTFS
Drive D: | 50,11 Gb Total Space | 7,77 Gb Free Space | 15,50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOMINIK-POKOJ
Current User Name: Dominik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.03.02 16:23:16 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dominik\Plocha\OTL.exe
PRC - [2010.02.11 19:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009.12.29 13:23:57 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009.11.20 19:01:18 | 000,832,296 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009.11.11 10:57:36 | 001,451,520 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009.10.27 09:26:36 | 000,657,408 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009.10.27 09:15:44 | 000,132,608 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009.10.27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.10.09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009.10.09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009.08.20 12:44:38 | 000,615,688 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2008.08.04 15:45:16 | 005,779,456 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2008.04.14 06:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.08.22 22:44:36 | 001,518,592 | ---- | M] () -- C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
PRC - [2007.08.22 02:00:33 | 000,077,824 | R--- | M] () -- C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.05.25 09:56:44 | 000,139,264 | ---- | M] () -- D:\xampp\xampp-control.exe
PRC - [2007.03.05 11:23:04 | 000,016,896 | ---- | M] (Apache Software Foundation) -- D:\xampp\apache\bin\apache.exe
PRC - [2005.04.02 01:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (SafeList) ==========

MOD - [2010.03.02 16:23:16 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dominik\Plocha\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2010.02.28 11:00:44 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009.10.27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.10.25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.08.04 15:45:16 | 005,779,456 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2005.04.02 01:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - [2010.02.11 19:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.02.11 19:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.02.11 19:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.02.11 19:38:34 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.02.11 19:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.02.11 19:38:07 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010.01.12 05:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009.12.31 15:34:23 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.29 20:43:11 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.06 07:47:46 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2008.09.22 03:41:04 | 000,043,520 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FET5X86V)
DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.04.20 06:34:53 | 000,674,048 | R--- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2005.07.08 14:44:18 | 000,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vax347b.sys -- (vax347b)
DRV - [2004.04.30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vax347s.sys -- (vax347s)
DRV - [2003.07.15 16:00:00 | 000,578,368 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2002.04.01 14:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2001.10.25 12:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-1275210071-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-789336058-1275210071-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.cz/
IE - HKU\S-1-5-21-789336058-1275210071-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = cs
IE - HKU\S-1-5-21-789336058-1275210071-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 79 C0 8D 9B A2 CA 01 [binary data]
IE - HKU\S-1-5-21-789336058-1275210071-1606980848-1003\S-1-5-21-789336058-1275210071-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1275210071-1606980848-1003\S-1-5-21-789336058-1275210071-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Centrum.cz Search"
FF - prefs.js..browser.search.selectedEngine: "Centrum.cz Search"
FF - prefs.js..browser.startup.homepage: "http://centrum.cz/firefox"
FF - prefs.js..keyword.URL: "http://search.centrum.cz/index.php?tool ... m-1.0.0&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.07 18:29:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.07 18:28:48 | 000,000,000 | ---D | M]

[2010.02.07 18:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominik\Data aplikací\Mozilla\Extensions
[2010.02.28 17:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominik\Data aplikací\Mozilla\Firefox\Profiles\1ls4sdqr.default\extensions
[2010.02.13 16:08:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dominik\Data aplikací\Mozilla\Firefox\Profiles\1ls4sdqr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.07 18:28:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.29 02:22:28 | 000,001,425 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Cetrumcz_igeared.xml
[2010.01.16 01:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.16 01:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.16 01:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.16 01:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.16 01:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.03.01 18:04:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - No CLSID value found.
O3 - HKU\S-1-5-21-789336058-1275210071-1606980848-1003\..\Toolbar\WebBrowser: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKU\S-1-5-21-789336058-1275210071-1606980848-1003..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-789336058-1275210071-1606980848-1003..\Run: [Center Agent] C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe ()
O4 - HKU\S-1-5-21-789336058-1275210071-1606980848-1003..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-789336058-1275210071-1606980848-1003..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Remote Control.lnk = C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-1275210071-1606980848-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-1275210071-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-1275210071-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-1275210071-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-789336058-1275210071-1606980848-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.29 11:33:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.12.29 11:32:41 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54046588552609792)

========== Files/Folders - Created Within 30 Days ==========

[2010.03.02 16:23:16 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dominik\Plocha\OTL.exe
[2010.03.01 19:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominik\Plocha\Chudacek PC
[2010.03.01 19:28:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominik\Data aplikací\Malwarebytes
[2010.03.01 19:28:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.01 19:28:45 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.01 19:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.03.01 19:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.03.01 19:28:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.03.01 17:55:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.03.01 17:53:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.03.01 17:53:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.03.01 17:53:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.03.01 17:53:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.03.01 17:53:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.03.01 17:51:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.03.01 16:12:45 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvbvm60.dll
[2010.03.01 16:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.03.01 16:11:39 | 000,000,000 | ---D | C] -- C:\rsit
[2010.02.28 11:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.02.28 11:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010.02.28 09:59:25 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.02.28 09:55:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominik\Plocha\Desktop
[2010.02.28 09:54:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominik\Dokumenty\Version Cue
[2010.02.28 09:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominik\Dokumenty\AdobeStockPhotos
[2010.02.28 01:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominik\Plocha\Adobe CS3
[2010.02.27 19:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominik\Local Settings\Data aplikací\Bitforge
[2010.02.26 14:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Webteh
[2010.02.26 14:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Kodek CZ
[2010.02.24 20:52:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dominik\Recent
[2010.02.24 20:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominik\Plocha\mangos up
[2010.02.24 20:30:18 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71d.dll
[2010.02.24 20:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010.02.24 19:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\iXi Tools
[2010.02.24 13:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\Git
[2010.02.24 09:19:45 | 000,000,000 | ---D | C] -- C:\Office10
[2010.02.24 09:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio .NET 2003
[2010.02.24 09:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Platform SDK for Windows Server 2003 R2
[2010.02.23 08:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\The Game Creators
[2010.02.23 08:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominik\Dokumenty\MSDN
[2010.02.23 07:58:19 | 000,240,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmimed.dll
[2010.02.23 07:58:19 | 000,134,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmusicd.dll
[2010.02.23 07:58:19 | 000,117,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmstyled.dll
[2010.02.23 07:58:19 | 000,115,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmscripd.dll
[2010.02.23 07:58:19 | 000,112,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmsynthd.dll
[2010.02.23 07:58:19 | 000,073,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmcompod.dll
[2010.02.23 07:58:19 | 000,052,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmloaded.dll
[2010.02.23 07:58:19 | 000,041,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmbandd.dll
[2010.02.23 07:58:19 | 000,030,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dswaved.dll
[2010.02.23 07:58:18 | 003,886,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9d_35.dll
[2010.02.23 07:58:18 | 003,799,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9d_33.dll
[2010.02.23 07:58:18 | 000,359,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dinput8d.dll
[2010.02.23 07:58:18 | 000,349,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dref9.dll
[2010.02.23 07:58:18 | 000,248,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dref8.dll
[2010.02.23 07:58:18 | 000,106,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dref.dll
[2010.02.23 07:58:17 | 003,087,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d9d.dll
[2010.02.23 07:58:17 | 001,390,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d8d.dll
[2010.02.23 07:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft DirectX SDK (August 2007)
[2010.02.22 20:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010.02.22 20:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominik\Dokumenty\Visual Studio 2008
[2010.02.22 20:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010.02.22 20:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2010.02.22 20:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010.02.21 20:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010.02.21 09:12:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominik\Dokumenty\BlueVoda
[2010.02.21 09:12:35 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010.02.21 09:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\BlueVoda Website Builder
[2010.02.18 18:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Blizzard Entertainment
[2010.02.13 16:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominik\Dokumenty\Stažené soubory
[2010.02.12 14:03:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2010.02.10 10:56:41 | 000,456,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010.02.10 10:56:15 | 002,147,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010.02.10 10:56:14 | 002,025,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010.02.07 18:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominik\Local Settings\Data aplikací\Centrum.cz Toolbar
[2010.02.07 18:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominik\Local Settings\Data aplikací\Mozilla
[2010.02.07 18:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominik\Data aplikací\Mozilla
[2010.02.07 18:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.02.06 18:24:41 | 000,000,000 | ---D | C] -- C:\mangos
[2010.02.06 14:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010.02.06 09:09:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2010.02.05 18:34:18 | 000,017,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010.02.05 18:34:16 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010.02.05 18:23:19 | 000,032,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2010.02.05 18:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010.02.05 18:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010.02.05 18:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.02.05 17:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.02.05 17:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010.02.05 17:49:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010.02.05 17:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominik\Local Settings\Data aplikací\Microsoft Help
[2010.02.05 17:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.02.05 17:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
[2010.02.05 17:46:22 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010.02.03 23:17:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominik\Plocha\Complete_VIP_System_v30
[2010.02.03 13:32:30 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\vax347b.sys
[2010.02.03 13:32:30 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\vax347s.sys
[2010.02.03 12:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominik\Dokumenty\Downloads
[2010.02.03 12:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2010.02.03 12:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2010.02.03 12:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominik\Local Settings\Data aplikací\Temp
[2010.02.03 12:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominik\Local Settings\Data aplikací\Google
[2010.02.03 12:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010.02.03 12:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.02.02 18:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominik\Plocha\RAR
[2009.12.29 19:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\TuneUp Software
[2009.12.29 11:37:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.12.29 11:33:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2004.11.24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.03.02 16:26:29 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Dominik\NTUSER.DAT
[2010.03.02 16:23:16 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dominik\Plocha\OTL.exe
[2010.03.02 16:22:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.02 14:12:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.02 14:11:52 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.02 14:11:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.02 14:11:15 | 000,272,239 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.03.02 14:10:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.01 23:51:58 | 000,928,616 | ---- | M] () -- C:\Documents and Settings\Dominik\Plocha\Glumbie.gif
[2010.03.01 23:45:02 | 000,254,815 | ---- | M] () -- C:\Documents and Settings\Dominik\Plocha\StormwindWIP5.jpg
[2010.03.01 23:16:45 | 000,594,129 | ---- | M] () -- C:\Documents and Settings\Dominik\Plocha\Glumbie.ms3d
[2010.03.01 23:16:45 | 000,105,696 | ---- | M] () -- C:\Documents and Settings\Dominik\Plocha\Glumbie_0.png
[2010.03.01 23:16:45 | 000,038,093 | ---- | M] () -- C:\Documents and Settings\Dominik\Plocha\Glumbie_8.png
[2010.03.01 23:16:45 | 000,024,881 | ---- | M] () -- C:\Documents and Settings\Dominik\Plocha\Glumbie_5.png
[2010.03.01 23:13:52 | 000,000,094 | ---- | M] () -- C:\Documents and Settings\Dominik\Plocha\car.eq
[2010.03.01 21:57:42 | 006,324,175 | ---- | M] () -- C:\Documents and Settings\Dominik\Plocha\ZeroDB.rar
[2010.03.01 21:56:46 | 009,119,015 | ---- | M] () -- C:\Documents and Settings\Dominik\Plocha\MangosZero.rar
[2010.03.01 20:35:56 | 000,098,333 | ---- | M] () -- C:\Documents and Settings\Dominik\Plocha\sg48gtxy32grtq2tsagwumj7bpdhzs28.gif
[2010.03.01 18:05:25 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.01 18:04:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.03.01 17:55:13 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.03.01 17:51:41 | 002,636,318 | -H-- | M] () -- C:\Documents and Settings\Dominik\Local Settings\Data aplikací\IconCache.db
[2010.03.01 07:35:15 | 001,560,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.02.28 12:40:06 | 000,175,146 | ---- | M] () -- C:\Documents and Settings\Dominik\Plocha\screen.jpg
[2010.02.28 10:25:56 | 000,072,448 | ---- | M] () -- C:\Documents and Settings\Dominik\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.02.27 20:08:23 | 000,024,024 | ---- | M] () -- C:\Documents and Settings\Dominik\Plocha\nic.jpg
[2010.02.26 18:22:38 | 000,000,337 | ---- | M] () -- C:\Documents and Settings\Dominik\Plocha\ll.sql
[2010.02.25 14:49:32 | 000,000,110 | ---- | M] () -- C:\Documents and Settings\Dominik\.bash_history
[2010.02.23 11:34:12 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Dominik\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.21 09:11:45 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010.02.16 19:02:57 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010.02.12 18:01:58 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.02.11 19:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010.02.11 19:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.02.11 19:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.02.11 19:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.02.11 19:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.02.11 19:38:34 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.02.11 19:38:31 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.02.11 19:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.02.11 19:38:07 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.02.07 18:29:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010.02.07 14:06:50 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.01 23:51:58 | 000,928,616 | ---- | C] () -- C:\Documents and Settings\Dominik\Plocha\Glumbie.gif
[2010.03.01 23:39:40 | 000,254,815 | ---- | C] () -- C:\Documents and Settings\Dominik\Plocha\StormwindWIP5.jpg
[2010.03.01 23:16:45 | 000,038,093 | ---- | C] () -- C:\Documents and Settings\Dominik\Plocha\Glumbie_8.png
[2010.03.01 23:16:45 | 000,024,881 | ---- | C] () -- C:\Documents and Settings\Dominik\Plocha\Glumbie_5.png
[2010.03.01 23:16:44 | 000,594,129 | ---- | C] () -- C:\Documents and Settings\Dominik\Plocha\Glumbie.ms3d
[2010.03.01 23:16:44 | 000,105,696 | ---- | C] () -- C:\Documents and Settings\Dominik\Plocha\Glumbie_0.png
[2010.03.01 23:13:52 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\Dominik\Plocha\car.eq
[2010.03.01 21:57:28 | 006,324,175 | ---- | C] () -- C:\Documents and Settings\Dominik\Plocha\ZeroDB.rar
[2010.03.01 21:56:19 | 009,119,015 | ---- | C] () -- C:\Documents and Settings\Dominik\Plocha\MangosZero.rar
[2010.03.01 20:35:56 | 000,098,333 | ---- | C] () -- C:\Documents and Settings\Dominik\Plocha\sg48gtxy32grtq2tsagwumj7bpdhzs28.gif
[2010.03.01 17:55:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.03.01 17:55:08 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.03.01 17:53:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.03.01 17:53:44 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.03.01 17:53:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.03.01 17:53:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.03.01 17:53:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.02.28 12:34:37 | 000,175,146 | ---- | C] () -- C:\Documents and Settings\Dominik\Plocha\screen.jpg
[2010.02.27 20:08:21 | 000,024,024 | ---- | C] () -- C:\Documents and Settings\Dominik\Plocha\nic.jpg
[2010.02.26 18:22:27 | 000,000,337 | ---- | C] () -- C:\Documents and Settings\Dominik\Plocha\ll.sql
[2010.02.26 18:17:50 | 000,000,940 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.02.26 18:17:49 | 000,000,936 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.02.24 14:16:53 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\Dominik\.bash_history
[2010.02.07 18:29:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.01.22 18:59:37 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Data aplikací\anvkgp.dat
[2010.01.05 17:09:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010.01.05 15:50:47 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Dominik\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.02 13:04:55 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\KGyGaAvL.sys
[2010.01.02 13:04:55 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\AF56F769EF.sys
[2009.12.31 15:34:22 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.12.30 14:16:14 | 000,004,608 | ---- | C] () -- C:\WINDOWS\cocowawa.dll
[2009.12.30 01:01:28 | 000,001,324 | ---- | C] () -- C:\WINDOWS\TVP3XDrv.ini
[2009.12.30 01:01:11 | 000,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2009.12.30 01:01:07 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009.07.06 07:47:48 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006.10.27 08:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006.04.13 11:30:06 | 001,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll
[2004.10.12 06:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004.10.12 06:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004.10.12 06:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004.10.09 06:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004.10.05 08:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004.10.03 17:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003.07.16 13:09:32 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002.10.06 20:42:58 | 000,105,472 | ---- | C] () -- C:\WINDOWS\System32\oggds.dll
[2002.10.05 01:04:26 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002.10.05 01:04:26 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002.10.05 01:04:18 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002.05.17 22:18:30 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll

========== LOP Check ==========

[2010.02.03 12:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.01.02 09:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Auslogics
[2010.01.02 09:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\BitDefender
[2009.12.29 18:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2009.12.29 13:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MySQL
[2010.01.21 16:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2009.12.29 18:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2009.12.29 18:09:58 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.01.02 09:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominik\Data aplikací\Auslogics
[2010.01.03 13:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominik\Data aplikací\Bradsoft.com
[2010.03.02 16:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominik\Data aplikací\DNA
[2009.12.29 19:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominik\Data aplikací\GHISLER
[2009.12.30 01:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominik\Data aplikací\KWorld Multimedia
[2010.01.21 16:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominik\Data aplikací\Nokia
[2009.12.29 12:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominik\Data aplikací\Opera
[2010.01.21 16:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominik\Data aplikací\PC Suite
[2010.01.21 18:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominik\Data aplikací\Subversion
[2009.12.29 18:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominik\Data aplikací\TuneUp Software
[2010.01.16 14:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominik\Data aplikací\Uniblue
[2010.02.23 23:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominik\Data aplikací\uTorrent
[2009.12.29 19:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\TuneUp Software

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2008.04.14 06:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 06:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2008.04.14 06:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2008.04.14 06:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 06:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2008.04.14 06:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2008.04.14 06:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 06:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2008.04.14 06:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2009.11.08 16:37:41 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\WINDOWS\NLDRV\001\iastor.sys

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

< %SYSTEMROOT%\*. /mp /s >

< %SYSTEMROOT%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMROOT%\Tasks\*.job /lockedfiles >
< End of report >

#14 Příspěvek od **stell** » 02 bře 2010 18:57

spust OTL-do okna customscan/fixes vloz zeleny text a klik RUNFIX-log po restarte vloz sem

Kód: Vybrat vše

:OTL
O3 - HKLM\..\Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - No CLSID value found.
O3 - HKU\S-1-5-21-789336058-1275210071-1606980848-1003\..\Toolbar\WebBrowser: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - No CLSID value found.
:commands
[EmptyTemp]

stiahnes specialnu verziu G-Mer
Special
uloz na plochu >>
Odpojiť sa od internetu a zatvor všetky otvorené programy,
Dočasne zakázať akékoľvek real-time aktívnej ochrany,
a spust>.prebehne kratky skan,,,
ak dostanes hlasku rootkit activity and asks if you want to run scan>>kliknes NO<<
a nastavis to takto

>> kliknes scan,<<
na konci skanu >>SAVE<< nazov das mojlog.txt>>uloz na plochu a log vloz sem,,

Ak nedostanes ziadnu hlasku,,,nechas vsetko zafajknute a kliknes SCAN->>>>po skane >>SAVE<<log vloz sem,

ciclik · #15 Příspěvek od **ciclik** » 02 bře 2010 19:34

tu je log:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D5D47440-0750-463D-BAEF-A47D02414806} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5D47440-0750-463D-BAEF-A47D02414806}\ not found.
Registry value HKEY_USERS\S-1-5-21-789336058-1275210071-1606980848-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D5D47440-0750-463D-BAEF-A47D02414806} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5D47440-0750-463D-BAEF-A47D02414806}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Dominik
->Temp folder emptied: 3157436 bytes
->Temporary Internet Files folder emptied: 10778372 bytes
->FireFox cache emptied: 49400582 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 19829 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 62976 bytes
Windows Temp folder emptied: 511 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 622981386 bytes

Total Files Cleaned = 655,00 mb

OTL by OldTimer - Version 3.1.32.0 log created on 03022010_192120

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

a uz to tolik netrva

druhy log jeste dodam:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-03 06:50:36
Windows 5.1.2600 Service Pack 3
Running: lob8pecd.exe; Driver: C:\DOCUME~1\Dominik\LOCALS~1\Temp\axliipoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB478FC5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB478FB16]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF7497C70]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB47900CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB478FFF4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB478F6EC]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xF74984FE]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xF74A3CB0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB478FBF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB478F62C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB478F690]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xF749851E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB478FD10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB4790198]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB478FCD0]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xF74A3450]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB478FE50]

INT 0x62 ? 8972EBF8
INT 0x82 ? 8972EBF8
INT 0xB4 ? 894F1BF8
INT 0xB4 ? 894F1BF8
INT 0xB4 ? 894F1BF8
INT 0xB4 ? 894F1BF8
INT 0xB4 ? 894F1BF8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB479C4FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB479C322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB479C45C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 897981F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-0 89443500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8979A1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8979A1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8979A1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8979A1F8
Device \Driver\usbuhci \Device\USBPDO-1 89443500
Device \Driver\usbuhci \Device\USBPDO-2 89443500
Device \Driver\usbehci \Device\USBPDO-3 8943D500

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8972F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8972F1F8
Device \Driver\cdrom \Device\CdRom0 8949DAB0
Device \FileSystem\Rdbss \Device\FsWrap 894722E0
Device \Driver\atapi \Device\Ide\IdePort0 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 8943A500
Device \Driver\NetBT \Device\NetbiosSmb 8943A500
Device \FileSystem\Srv \Device\LanmanServer 88EB76C0

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 89443500
Device \Driver\usbuhci \Device\USBFDO-1 89443500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89434500
Device \Driver\usbuhci \Device\USBFDO-2 89443500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89434500
Device \Driver\usbehci \Device\USBFDO-3 8943D500
Device \Driver\NetBT \Device\NetBT_Tcpip_{9438F46A-0321-4E42-8FF4-0B42D0268DDE} 8943A500
Device \FileSystem\Npfs \Device\NamedPipe 8959E8B8
Device \Driver\Ftdisk \Device\FtControl 8972F1F8
Device \FileSystem\Msfs \Device\Mailslot 8956B180
Device \Driver\vax347s \Device\Scsi\vax347s1 896B7AF8
Device \Driver\vax347s \Device\Scsi\vax347s1Port2Path0Target0Lun0 896B7AF8
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 894A0D20
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 894A0D20
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 894A0D20
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 894A0D20
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 894A0D20
Device \FileSystem\Cdfs \Cdfs 8943F500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF0 0x6C 0x94 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40@ljej40 0x6B 0x79 0xCE 0x38 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF0 0x6C 0x94 0x7D ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120% (Trial Version)
Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120% (Trial Version)

---- EOF - GMER 1.0.15 ----

VIRY.CZ

Zamrzavání PC po startu

Zamrzavání PC po startu

Re: Zamrzavání PC po startu

Re: Zamrzavání PC po startu

Re: Zamrzavání PC po startu

Re: Zamrzavání PC po startu

Re: Zamrzavání PC po startu

Re: Zamrzavání PC po startu

Re: Zamrzavání PC po startu

Re: Zamrzavání PC po startu

Re: Zamrzavání PC po startu

Re: Zamrzavání PC po startu

Re: Zamrzavání PC po startu

Re: Zamrzavání PC po startu

Re: Zamrzavání PC po startu

Re: Zamrzavání PC po startu