PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

Nod mi hlásí nákazu, kterou neumí ani smazat, ani léčit+ HJT

https://pc-help.cnews.cz/viewtopic.php?f=47&t=48931

Stránka 1 z 2

Nod mi hlásí nákazu, kterou neumí ani smazat, ani léčit+ HJT

Napsal: 11 led 2010 09:28
od Wally.
Zdravím, NOD 32 mi hlásí :File is infected: C:\WINDOWS\system32\drivers\agp440.sys - infiltrace WIN32/Protector.Cvirus, C:\WINDOWS\system32\drivers\atapi.sys - infiltrace WIN32/Protector.Evirus, C:\WINDOWS\system32\drivers\cdrom.sys - infiltrace WIN32/Protector.Fvirus. Neumí je smazat ani vyléčit. Pomocí jednoho zdejšího témetu se mi podařilo ...\agp440.sys vyléčit, ale s ostatními si nevím rady. Prosím pomozte.

Re: Nod mi hlásí nákazu, kterou neumí ani smazat, ani léčit.*

Napsal: 11 led 2010 11:04
od memphisto
Vítej na fóru PC-HELP.CZ

vlož sem prosím log z programu HijackThis (návod na vytvoření logu mám v podpise)

Re: Nod mi hlásí nákazu, kterou neumí ani smazat, ani léčit+ HJT

Napsal: 11 led 2010 11:37
od Wally.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:50, on 11.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Earth\googleearth.exe
C:\misys_viewer 8.58\mview.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6482 bytes

*
*
*
při spouštění HJT NOD opět zahlásil, že našel ...\atapi.sys a ...\cdrom.sys

Re: Nod mi hlásí nákazu, kterou neumí ani smazat, ani léčit+ HJT

Napsal: 11 led 2010 13:45
od pitimir
Nazdar, tu treba tazke zbrane...mas infikovane Disk Controler drivery. Takze prvotny scan:

Stiahni OTL. Uloz na plochu a spust dvojklikom subor "OTL.exe". Otvori sa okno programu, v nom zaskrtni "Scan All Users", "Lop" aj "Purity Check" a "File Scan" zmen na 7 dni miesto 30. Do policka pod nazvom "Custom Scans/Fixes" skopiruj:

Kód: Vybrat vše

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%SYSTEMROOT%\*. /mp /s
CREATERESTOREPOINT
%SYSTEMROOT%\system32\*.dll /lockedfiles
%SYSTEMROOT%\Tasks\*.job /lockedfiles

Potom klikni na "Run Scan". Zacne scan pocitaca, po jeho ukonceni sa otvoria dva reporty - obsah oboch potrebujem vidiet.


Btw, z akeho thredu si cerpal tie info? Hod link.

Re: Nod mi hlásí nákazu, kterou neumí ani smazat, ani léčit+ HJT

Napsal: 11 led 2010 14:45
od Wally.
OTL.Txt

OTL logfile created on: 11.1.2010 14:30:15 - Run 1
OTL by OldTimer - Version 3.1.23.0 Folder = C:\Documents and Settings\Saša & Lenka\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

503,00 Mb Total Physical Memory | 236,00 Mb Available Physical Memory | 47,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 37,57 Gb Free Space | 64,11% Space Free | Partition Type: NTFS
Drive D: | 90,45 Gb Total Space | 40,51 Gb Free Space | 44,79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIREK
Current User Name: Saša & Lenka
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.01.11 14:27:49 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Saša & Lenka\Plocha\OTL.exe
PRC - [2010.01.11 11:30:33 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
PRC - [2009.04.09 14:19:08 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009.04.09 14:17:56 | 02,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008.04.14 08:52:28 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008.04.14 08:52:24 | 01,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.06.21 07:01:00 | 01,076,168 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\totalcmd\TOTALCMD.EXE
PRC - [2006.10.19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006.09.04 13:49:52 | 00,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2004.11.02 20:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2004.06.16 05:03:04 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2002.10.15 23:18:02 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2002.10.15 23:05:58 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2001.10.22 10:24:28 | 01,216,512 | R--- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe


========== Modules (SafeList) ==========

MOD - [2010.01.11 14:27:49 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Saša & Lenka\Plocha\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009.04.09 14:29:20 | 00,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.04.09 14:19:08 | 00,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008.07.29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.11.01 19:28:50 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006.10.19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006.09.04 13:49:52 | 00,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2006.08.11 14:42:50 | 00,155,715 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003.07.28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010.01.05 12:02:27 | 00,114,656 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2009.11.25 06:44:26 | 00,147,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2009.07.16 15:22:10 | 00,019,064 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Program Files\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2009.04.09 14:21:12 | 00,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.04.09 14:18:02 | 00,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.04.09 14:10:30 | 00,113,960 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.04.14 00:16:24 | 00,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.04.14 00:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.13 22:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007.11.02 14:57:42 | 00,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007.04.30 09:07:16 | 00,302,848 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\averhbtv.sys -- (AVerHybrid) AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM)
DRV - [2007.03.08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006.08.11 14:42:42 | 03,958,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006.06.14 06:56:00 | 00,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005.10.18 15:01:00 | 00,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2005.07.20 18:08:28 | 00,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2005.07.20 18:08:26 | 00,327,808 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2005.04.17 14:03:00 | 00,132,608 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\haspnt.sys -- (Haspnt)
DRV - [2005.04.06 15:57:18 | 00,387,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd.sys -- (snpstd) USB PC Camera (SN9C102)
DRV - [2004.08.03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004.05.14 05:42:00 | 00,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2004.01.31 19:14:32 | 00,420,000 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2003.09.23 15:42:34 | 00,007,296 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb)
DRV - [2002.10.25 09:03:30 | 00,071,514 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH)
DRV - [2002.10.25 09:03:22 | 00,091,774 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS)
DRV - [2002.10.25 09:02:20 | 00,080,283 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2002.10.02 00:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001.11.24 19:03:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001.10.30 13:01:50 | 00,280,782 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001.09.13 17:55:10 | 00,129,024 | ---- | M] (Compaq Computer Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\n100325.sys -- (N100)
DRV - [2001.08.17 23:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-854245398-1177238915-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-854245398-1177238915-725345543-1003\S-1-5-21-854245398-1177238915-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz"
FF - prefs.js..extensions.enabledItems: {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2007.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.08.31 06:08:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.08.31 06:08:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.05.12 09:40:27 | 00,000,000 | ---D | M]

[2008.08.06 21:44:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saša & Lenka\Data aplikací\Mozilla\Extensions
[2009.11.11 10:44:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saša & Lenka\Data aplikací\Mozilla\Firefox\Profiles\c4gtxp41.default\extensions
[2008.04.10 13:30:12 | 00,000,000 | ---D | M] (WebTran) -- C:\Documents and Settings\Saša & Lenka\Data aplikací\Mozilla\Firefox\Profiles\c4gtxp41.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
[2009.08.31 06:08:53 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008.01.31 23:02:23 | 00,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}
[2009.08.31 06:08:17 | 00,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.08.31 06:08:17 | 00,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.08.31 06:08:17 | 00,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.08.31 06:08:17 | 00,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.08.31 06:08:17 | 00,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - No CLSID value found.
O3 - HKU\S-1-5-21-854245398-1177238915-725345543-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe ()
O4 - HKU\S-1-5-21-854245398-1177238915-725345543-1003..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKU\S-1-5-21-854245398-1177238915-725345543-1003..\Run: [SharpTray] C:\Program Files\Sharp\Sharpdesk\SharpTray.exe ()
O4 - Startup: C:\Documents and Settings\Saša & Lenka\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-854245398-1177238915-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-854245398-1177238915-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-854245398-1177238915-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-854245398-1177238915-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-854245398-1177238915-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.10.31 19:57:55 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{db73c369-c917-11dc-9a38-00105ce17d0c}\Shell\AutoRun\command - "" = G:\Launch.exe -- File not found
O33 - MountPoints2\{e6ed3166-ae54-11dc-9a00-00105ce17d0c}\Shell - "" = AutoRun
O33 - MountPoints2\{e6ed3166-ae54-11dc-9a00-00105ce17d0c}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (smrgdf C:\Program Files\iolo\System Mechanic 6\) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007.10.31 19:57:18 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765225245048832)

========== Files/Folders - Created Within 7 Days ==========

[2010.01.11 14:27:32 | 00,543,744 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Saša & Lenka\Plocha\OTL.exe
[2010.01.11 11:30:33 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.01.11 11:30:17 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Saša & Lenka\Plocha\HijackThisInstaller.exe
[2010.01.11 07:57:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.01.08 10:02:34 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010.01.08 10:00:26 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.01.08 10:00:26 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.01.08 10:00:26 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.01.08 10:00:26 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.01.08 09:46:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.01.08 09:44:30 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010.01.08 08:58:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saša & Lenka\Data aplikací\Malwarebytes
[2010.01.08 08:58:05 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.01.08 08:58:01 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.01.08 08:58:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.01.08 08:57:59 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.01.08 08:57:02 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Saša & Lenka\Plocha\mbam-setup.exe
[2010.01.05 11:36:14 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2010.01.05 11:32:26 | 00,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2010.01.05 11:28:40 | 00,026,679 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\wa301b.sys
[2010.01.05 11:28:40 | 00,026,679 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\wa301a.sys
[2010.01.05 11:28:39 | 00,503,808 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2010.01.05 11:28:39 | 00,315,392 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
[2010.01.05 11:28:39 | 00,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2010.01.05 11:28:39 | 00,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2010.01.05 11:28:39 | 00,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2010.01.05 11:28:39 | 00,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2010.01.05 11:28:39 | 00,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2010.01.05 11:28:39 | 00,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2010.01.05 11:28:39 | 00,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfrc.lrc
[2010.01.05 11:28:39 | 00,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2010.01.05 11:28:39 | 00,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2010.01.05 11:28:39 | 00,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
[2010.01.05 11:28:39 | 00,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2010.01.05 11:28:39 | 00,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2010.01.05 11:28:39 | 00,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2010.01.05 11:28:39 | 00,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2010.01.05 11:28:39 | 00,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2010.01.05 11:28:39 | 00,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
[2010.01.05 11:28:39 | 00,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2010.01.05 11:28:39 | 00,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2010.01.05 11:28:39 | 00,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
[2010.01.05 11:28:39 | 00,020,021 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\vch.sys
[2010.01.05 11:28:38 | 00,221,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxeud.dll
[2010.01.05 11:28:38 | 00,204,800 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
[2010.01.05 11:28:38 | 00,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2010.01.05 11:28:38 | 00,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxreng.lrc
[2010.01.05 11:28:38 | 00,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2010.01.05 11:28:38 | 00,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
[2010.01.05 11:28:38 | 00,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2010.01.05 11:28:38 | 00,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2010.01.05 11:28:38 | 00,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2010.01.05 11:28:38 | 00,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2010.01.05 11:28:38 | 00,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrarb.lrc
[2010.01.05 11:28:38 | 00,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
[2010.01.05 11:28:38 | 00,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdiag.exe
[2010.01.05 11:28:38 | 00,147,456 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdev.dll
[2010.01.05 11:28:38 | 00,118,784 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxhk.dll
[2010.01.05 11:28:38 | 00,086,016 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2010.01.05 11:28:38 | 00,045,056 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdgps.dll
[2010.01.05 11:28:37 | 01,859,584 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmgicd.dll
[2010.01.05 11:28:37 | 00,483,328 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2010.01.05 11:28:37 | 00,184,320 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmgdev.dll
[2010.01.05 11:28:37 | 00,094,208 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2010.01.05 11:28:37 | 00,091,774 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys
[2010.01.05 11:28:37 | 00,081,979 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrem.dll
[2010.01.05 11:28:37 | 00,080,283 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmnt5.sys
[2010.01.05 11:28:37 | 00,071,514 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys
[2010.01.05 11:28:37 | 00,034,367 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrnt5.dll
[2010.01.05 11:28:36 | 00,526,914 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdd5.dll
[2010.01.05 11:28:36 | 00,163,067 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdev5.dll
[2010.01.05 11:28:36 | 00,114,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
[2010.01.05 11:28:36 | 00,114,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2010.01.05 11:28:36 | 00,086,073 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_0_v8.dll
[2010.01.05 11:28:36 | 00,077,372 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdnt5.dll
[2010.01.05 11:28:36 | 00,032,823 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a310.sys
[2010.01.05 11:28:36 | 00,030,263 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a311.sys
[2010.01.05 11:28:36 | 00,026,167 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a303.sys
[2010.01.05 11:28:36 | 00,025,655 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a304.sys
[2010.01.05 11:28:36 | 00,025,143 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a309.sys
[2010.01.05 11:28:36 | 00,020,023 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a307.sys
[2010.01.05 11:28:36 | 00,015,927 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a306.sys
[2010.01.05 11:28:36 | 00,011,319 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a305.sys
[2010.01.05 11:28:36 | 00,010,295 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a312.sys
[2010.01.05 11:28:36 | 00,010,295 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a308.sys
[2010.01.05 11:28:36 | 00,010,295 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a302.sys
[2010.01.05 11:28:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Drivers
[2010.01.05 11:27:45 | 07,197,999 | ---- | C] (Intel Corporation) -- C:\Documents and Settings\Saša & Lenka\Plocha\win2k_xpm1141.exe
[2010.01.05 11:08:12 | 00,000,000 | ---D | C] -- C:\Program Files\HWiNFO32
[2009.05.13 10:23:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2009.05.12 09:36:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2009.05.12 09:34:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.05.12 09:34:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2009.05.12 09:34:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2008.07.31 17:30:57 | 00,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd.dll
[2008.07.31 17:30:57 | 00,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll
[2008.07.31 17:30:57 | 00,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.01.11 14:27:49 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Saša & Lenka\Plocha\OTL.exe
[2010.01.11 13:12:25 | 00,020,226 | ---- | M] () -- C:\WINDOWS\MSTMON_S.INI
[2010.01.11 11:30:36 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Saša & Lenka\Plocha\HijackThis.lnk
[2010.01.11 11:29:59 | 00,003,132 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.01.11 11:11:21 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Saša & Lenka\Plocha\HijackThisInstaller.exe
[2010.01.11 07:56:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.01.11 07:53:58 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.01.11 07:09:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.01.11 07:08:32 | 08,912,896 | ---- | M] () -- C:\Documents and Settings\Saša & Lenka\ntuser.dat
[2010.01.11 07:04:29 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.01.08 14:48:56 | 00,000,272 | -HS- | M] () -- C:\Documents and Settings\Saša & Lenka\ntuser.ini
[2010.01.08 14:23:57 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.01.08 10:02:41 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010.01.08 08:58:08 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.01.08 08:57:22 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Saša & Lenka\Plocha\mbam-setup.exe
[2010.01.07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.01.07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.01.07 15:37:42 | 00,002,561 | ---- | M] () -- C:\Documents and Settings\Saša & Lenka\Plocha\Microsoft Office Word 2003.lnk
[2010.01.05 12:02:27 | 00,114,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[2010.01.05 11:27:12 | 07,197,999 | ---- | M] (Intel Corporation) -- C:\Documents and Settings\Saša & Lenka\Plocha\win2k_xpm1141.exe
[2010.01.05 06:54:55 | 00,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.01.11 11:30:36 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Saša & Lenka\Plocha\HijackThis.lnk
[2010.01.08 10:02:41 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010.01.08 10:02:36 | 00,261,312 | ---- | C] () -- C:\cmldr
[2010.01.08 10:00:26 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.01.08 10:00:26 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.01.08 10:00:26 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.01.08 10:00:26 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.01.08 10:00:26 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.01.08 09:41:25 | 03,577,586 | R--- | C] () -- C:\Documents and Settings\Saša & Lenka\Plocha\ComboFix.exe
[2010.01.08 08:58:08 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.01.05 11:28:39 | 00,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2010.01.05 11:28:38 | 00,063,438 | ---- | C] () -- C:\WINDOWS\System32\igfxhkor.lhp
[2010.01.05 11:28:38 | 00,061,237 | ---- | C] () -- C:\WINDOWS\System32\igfxhheb.lhp
[2010.01.05 11:28:38 | 00,060,026 | ---- | C] () -- C:\WINDOWS\System32\igfxhfrc.lhp
[2010.01.05 11:28:38 | 00,060,020 | ---- | C] () -- C:\WINDOWS\System32\igfxhfra.lhp
[2010.01.05 11:28:38 | 00,059,721 | ---- | C] () -- C:\WINDOWS\System32\igfxhtha.lhp
[2010.01.05 11:28:38 | 00,059,369 | ---- | C] () -- C:\WINDOWS\System32\igfxhhun.lhp
[2010.01.05 11:28:38 | 00,059,004 | ---- | C] () -- C:\WINDOWS\System32\igfxhplk.lhp
[2010.01.05 11:28:38 | 00,058,791 | ---- | C] () -- C:\WINDOWS\System32\igfxhell.lhp
[2010.01.05 11:28:38 | 00,058,752 | ---- | C] () -- C:\WINDOWS\System32\igfxhrus.lhp
[2010.01.05 11:28:38 | 00,058,049 | ---- | C] () -- C:\WINDOWS\System32\igfxhdeu.lhp
[2010.01.05 11:28:38 | 00,057,907 | ---- | C] () -- C:\WINDOWS\System32\igfxhtrk.lhp
[2010.01.05 11:28:38 | 00,057,752 | ---- | C] () -- C:\WINDOWS\System32\igfxhjpn.lhp
[2010.01.05 11:28:38 | 00,057,451 | ---- | C] () -- C:\WINDOWS\System32\igfxhcsy.lhp
[2010.01.05 11:28:38 | 00,057,353 | ---- | C] () -- C:\WINDOWS\System32\igfxhnld.lhp
[2010.01.05 11:28:38 | 00,056,981 | ---- | C] () -- C:\WINDOWS\System32\igfxhesp.lhp
[2010.01.05 11:28:38 | 00,056,933 | ---- | C] () -- C:\WINDOWS\System32\igfxhdan.lhp
[2010.01.05 11:28:38 | 00,056,878 | ---- | C] () -- C:\WINDOWS\System32\igfxhnor.lhp
[2010.01.05 11:28:38 | 00,056,679 | ---- | C] () -- C:\WINDOWS\System32\igfxhsve.lhp
[2010.01.05 11:28:38 | 00,056,669 | ---- | C] () -- C:\WINDOWS\System32\igfxhita.lhp
[2010.01.05 11:28:38 | 00,056,649 | ---- | C] () -- C:\WINDOWS\System32\igfxhptg.lhp
[2010.01.05 11:28:38 | 00,056,468 | ---- | C] () -- C:\WINDOWS\System32\igfxhfin.lhp
[2010.01.05 11:28:38 | 00,056,246 | ---- | C] () -- C:\WINDOWS\System32\igfxhptb.lhp
[2010.01.05 11:28:38 | 00,056,242 | ---- | C] () -- C:\WINDOWS\System32\igfxharb.lhp
[2010.01.05 11:28:38 | 00,056,178 | ---- | C] () -- C:\WINDOWS\System32\igfxhara.lhp
[2010.01.05 11:28:38 | 00,056,139 | ---- | C] () -- C:\WINDOWS\System32\igfxhcht.lhp
[2010.01.05 11:28:38 | 00,055,426 | ---- | C] () -- C:\WINDOWS\System32\igfxhchs.lhp
[2010.01.05 11:28:38 | 00,055,186 | ---- | C] () -- C:\WINDOWS\System32\igfxheng.lhp
[2010.01.05 11:28:38 | 00,055,002 | ---- | C] () -- C:\WINDOWS\System32\igfxhenu.lhp
[2009.11.16 13:39:01 | 00,000,075 | ---- | C] () -- C:\WINDOWS\pslabeler.ini
[2009.03.09 10:57:14 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2009.03.09 10:56:59 | 00,049,152 | ---- | C] () -- C:\WINDOWS\SDConfig.dll
[2009.01.30 11:19:59 | 00,009,136 | ---- | C] () -- C:\WINDOWS\System32\Inetwh16.dll
[2009.01.30 11:19:56 | 00,407,552 | ---- | C] () -- C:\WINDOWS\System32\M602imex.dll
[2009.01.30 11:19:56 | 00,092,672 | ---- | C] () -- C:\WINDOWS\System32\Winsys.dll
[2009.01.30 11:19:56 | 00,007,021 | ---- | C] () -- C:\WINDOWS\System32\Hierdraw.dll
[2009.01.30 10:39:05 | 00,019,256 | ---- | C] () -- C:\WINDOWS\MSUMLT_S.ini
[2008.12.16 12:29:57 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008.12.14 16:56:44 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CDESX100EXPORT.ini
[2008.11.12 17:29:17 | 00,000,016 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008.09.18 10:48:43 | 00,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2008.09.10 16:35:13 | 00,000,132 | ---- | C] () -- C:\Documents and Settings\Saša & Lenka\Local Settings\Data aplikací\fusioncache.dat
[2008.09.10 13:11:35 | 00,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2008.09.10 13:11:33 | 00,420,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\hardlock.sys
[2008.09.10 13:11:33 | 00,132,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\haspnt.sys
[2008.07.31 17:31:13 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd.dll
[2008.07.31 17:31:13 | 00,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini
[2008.07.31 17:31:05 | 00,387,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys
[2008.07.02 16:53:41 | 00,000,632 | ---- | C] () -- C:\WINDOWS\Sofplat.INI
[2008.06.09 16:43:42 | 00,000,304 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008.04.17 12:08:37 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008.04.13 12:01:39 | 00,001,191 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2008.04.10 13:13:52 | 00,491,520 | ---- | C] () -- C:\WINDOWS\WebIE.dll
[2008.04.10 13:13:20 | 00,000,069 | ---- | C] () -- C:\WINDOWS\WTRDCTM.INI
[2008.04.10 13:11:31 | 00,002,753 | ---- | C] () -- C:\WINDOWS\UN32P.INI
[2008.04.09 13:30:53 | 00,000,021 | ---- | C] () -- C:\WINDOWS\wk2000.ini
[2008.04.09 13:30:53 | 00,000,018 | ---- | C] () -- C:\WINDOWS\winklav.ini
[2008.04.09 13:29:08 | 00,003,421 | ---- | C] () -- C:\WINDOWS\wg2000.ini
[2008.04.03 21:47:51 | 00,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008.03.28 14:47:39 | 00,000,178 | ---- | C] () -- C:\WINDOWS\topocr.INI
[2008.03.18 21:13:33 | 00,000,283 | ---- | C] () -- C:\WINDOWS\level.ini
[2008.02.28 18:16:39 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.02.28 18:16:37 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.02.28 18:16:36 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.02.28 18:16:36 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.02.28 18:16:35 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.02.28 18:16:35 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.02.27 13:08:09 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008.02.24 22:12:15 | 00,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2008.01.20 19:49:49 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2007.12.19 18:20:30 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007.12.06 11:39:03 | 00,000,573 | ---- | C] () -- C:\WINDOWS\WIN_DQ.INI
[2007.12.06 10:32:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MAPSHELL.INI
[2007.11.15 12:49:34 | 00,002,339 | ---- | C] () -- C:\WINDOWS\MapyKrajskychMest.INI
[2007.11.15 12:39:30 | 00,001,884 | ---- | C] () -- C:\WINDOWS\MapaCR.INI
[2007.11.02 17:47:16 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.11.02 15:12:05 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM21.dll
[2007.11.02 15:12:05 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2007.11.01 18:43:07 | 00,000,744 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.11.01 15:34:26 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007.11.01 15:31:57 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2007.11.01 15:31:57 | 00,003,456 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2007.11.01 15:31:36 | 00,249,856 | R--- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2007.11.01 15:31:35 | 00,262,144 | R--- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2007.11.01 13:05:22 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Saša & Lenka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.01 11:18:24 | 00,003,132 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.11.01 09:15:53 | 00,004,346 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2007.11.01 09:13:46 | 00,000,284 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2007.11.01 09:13:46 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2007.10.31 22:29:10 | 00,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2007.10.31 22:20:01 | 00,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2007.10.31 22:20:01 | 00,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2007.10.31 22:20:00 | 00,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2007.10.31 22:20:00 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2007.10.31 22:20:00 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2007.10.31 22:20:00 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2007.10.31 22:20:00 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2007.10.31 22:20:00 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2007.10.31 22:20:00 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2007.10.31 22:19:59 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2006.11.06 23:49:36 | 00,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006.08.11 14:45:20 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.08.11 14:43:10 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006.08.11 14:43:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.08.11 14:43:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.08.11 14:43:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.08.11 14:43:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.08.11 14:43:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004.08.17 08:18:36 | 00,020,226 | ---- | C] () -- C:\WINDOWS\MSTMON_S.INI
[2004.08.03 21:59:54 | 00,114,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[2004.08.03 21:59:44 | 00,147,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004.06.25 12:41:32 | 00,000,027 | ---- | C] () -- C:\WINDOWS\calcpslab.ini
[2003.04.09 15:38:04 | 00,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997.06.25 14:24:16 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll

========== LOP Check ==========

[2009.01.23 17:13:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2007.11.02 16:47:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Blueberry
[2008.12.14 17:13:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\EPSON
[2009.05.12 09:40:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2007.11.22 13:11:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\gepro
[2007.12.06 17:14:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MapInfo
[2008.04.03 21:50:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MumboJumbo
[2007.11.07 21:02:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\NCH Swift Sound
[2008.05.06 19:34:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\STORMWARE
[2008.04.03 22:51:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2008.08.10 12:16:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saša & Lenka\Data aplikací\Any Video Converter
[2008.06.21 22:43:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saša & Lenka\Data aplikací\Autodesk
[2007.11.03 15:22:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saša & Lenka\Data aplikací\Blueberry
[2009.01.23 22:30:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saša & Lenka\Data aplikací\CasaPortale.de
[2008.09.11 10:41:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saša & Lenka\Data aplikací\Ectaco
[2008.12.16 15:47:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saša & Lenka\Data aplikací\EPSON
[2008.10.22 18:02:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saša & Lenka\Data aplikací\ESRI
[2008.07.06 14:55:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saša & Lenka\Data aplikací\GARMIN
[2008.12.04 11:56:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saša & Lenka\Data aplikací\LangSoft
[2007.12.06 17:19:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saša & Lenka\Data aplikací\MapInfo
[2009.01.23 17:33:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saša & Lenka\Data aplikací\My Games
[2007.11.07 20:56:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saša & Lenka\Data aplikací\NCH Swift Sound
[2009.01.30 11:23:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saša & Lenka\Data aplikací\Software602
[2008.10.09 18:49:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saša & Lenka\Data aplikací\Thinstall
[2007.12.09 10:03:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saša & Lenka\Data aplikací\Zoner

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004.08.17 14:57:28 | 18,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:10:02 | 20,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 09:10:02 | 20,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.sys
[2008.04.14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.sys
[2004.08.04 00:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004.08.04 00:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004.08.17 14:57:28 | 18,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 20,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:10:02 | 20,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004.08.03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2009.11.25 06:44:26 | 00,147,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 08:51:42 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:51:42 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 14:49:08 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004.08.17 14:49:14 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 08:51:52 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 08:51:52 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:51:52 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 14:49:18 | 00,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 08:51:56 | 00,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 08:51:56 | 00,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 00,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< %SYSTEMROOT%\*. /mp /s >

< %SYSTEMROOT%\system32\*.dll /lockedfiles >
[2008.04.14 08:51:42 | 00,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2008.04.14 08:51:42 | 00,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2008.04.14 08:51:50 | 01,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMROOT%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:5CE2502D
< End of report >

Re: Nod mi hlásí nákazu, kterou neumí ani smazat, ani léčit+ HJT

Napsal: 11 led 2010 14:46
od Wally.
Extras.Txt

OTL Extras logfile created on: 11.1.2010 14:30:15 - Run 1
OTL by OldTimer - Version 3.1.23.0 Folder = C:\Documents and Settings\Saša & Lenka\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

503,00 Mb Total Physical Memory | 236,00 Mb Available Physical Memory | 47,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 37,57 Gb Free Space | 64,11% Space Free | Partition Type: NTFS
Drive D: | 90,45 Gb Total Space | 40,51 Gb Free Space | 44,79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIREK
Current User Name: Saša & Lenka
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Saša & Lenka\Data aplikací\Thinstall\Alcohol_120%_v1.9.6.5429\4000004900003i\StarWindServiceAE.exe" = C:\Documents and Settings\Saša & Lenka\Data aplikací\Thinstall\Alcohol_120%_v1.9.6.5429\4000004900003i\StarWindServiceAE.exe:*:Disabled:StarWindServiceAE -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180DA934-D7C0-4E92-8C6E-549BB647B60A}" = InfoMapa ČR pro PPK
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{29C22873-B939-4EF9-B6E3-1EFE7FA391D1}" = ASUS nVidia Driver
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{53A178D0-A65E-11D4-ADB2-00A024384E33}" = 602ProPC SUITE 2001
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{57383270-6F61-4DC8-A9B8-C1745FC29F38}" = USB PC Camera (SN9C102)
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{5E09E82C-004D-4F08-B051-46DE6D79F71A}" = Microsoft Visual C++ Redist - ENU
"{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
"{67E0988E-EF9F-481E-B334-2965A50A5176}" = Atlas Czech 7 NT
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77812021-EECC-419F-A906-F44B78A4C5F5}" = TOPO Czech v 1.20
"{778E2400-C2C4-4797-B82C-E5876619B577}" = DeepRipper v 1.1
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{79ED0EE7-098C-465F-A853-B17F6FC6CDD8}" = GPS TrackMaker
"{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}" = Microsoft .NET Framework 2.0 Language Pack - CSY
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver Software
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F9D139-4F38-494B-BDBD-429D46B5D0D7}" = ESET NOD32 Antivirus
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF07A1C9-098F-47DD-99E0-B6558C33871B}" = Garmin MapSource
"{D2163215-573B-4CB8-9DCA-94F881765391}" = MapInfo ProViewer 9.0
"{D3C549FE-53FA-41F0-8AF0-7FB958EC331D}" = TexTif 3
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}" = Sansa Updater
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EEC8205A-E3DE-4C00-B60C-48E3B9B58B13}" = Garmin City Navigator Europe NT 2008
"{F02598C2-2A5F-4593-8F09-439F3317B2C8}" = Sentinel System Driver 5.42.1 (32-bit)
"7-Zip" = 7-Zip 4.42
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Any Video Converter_is1" = Any Video Converter 2.6.2
"ArcExplorer Java Edition" = ArcExplorer Java Edition
"doPDF 5 printer_is1" = doPDF 5.3 printer
"DVD Shrink_is1" = DVD Shrink 3.2
"DXTXTRA" = Microsoft DirectX Transform optional components
"EPSON Scanner" = EPSON Scan
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"Garmin TOPO Swiss_is1" = Garmin TOPO Swiss
"HASP Emulator PreProfessiaonal Edition V2.7 for Windows NT/W2K/XP" = HASP Emulator PreProfessiaonal Edition V2.7 for Windows NT/W2K/XP
"HijackThis" = HijackThis 2.0.2
"HWiNFO32_is1" = HWiNFO32 Version 3.32
"ImageJ_is1" = ImageJ 1.40g
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.7.5 Full
"Kokeš_0" = Kokeš 8.17 "c:\wkokes 8.17\"
"KONICA MINOLTA magicolor 2400W" = KONICA MINOLTA magicolor 2400W
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mapa České republiky_is1" = Mapa České republiky - příloha časopisu Počítač pro každého č.
"MapWinGIS ActiveX_is1" = MapWinGIS ActiveX Control
"Mapy krajských měst_is1" = Mapy krajských měst - příloha časopisu Počítač pro každého č. 8
"Microsoft .NET Framework 2.0 Language Pack - CSY" = Microsoft .NET Framework 2.0 Language Pack - CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Misys_0" = Misys 8.17 "C:\Program Files\MISYS\"
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"Mview_0" = Mview 8.58.0.14197 "c:\misys_viewer 8.58\"
"Nero - Burning Rom!UninstallKey" = Nero OEM
"PCI Audio Applications" = PCI Audio Applications
"PCI Audio Driver" = PCI Audio Driver
"Popisovač CD/DVD_is1" = Popisovač CD/DVD 2.0
"PrimoPDF3.2" = PrimoPDF
"Python 2.1" = Python 2.1
"Python 2.1 combined Win32 extensions" = Python 2.1 combined Win32 extensions
"Sharpdesk" = Sharpdesk
"STORMWARE PDF Printer_is1" = STORMWARE PDF Printer 3.0.0.353
"Theophilos_is1" = Theophilos 3
"Totalcmd" = Total Commander (Remove or Repair)
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9.9.2008 9:37:47 | Computer Name = BROUČEK | Source = Application Error | ID = 1000
Description = Chybující aplikace firefox.exe, verze 1.9.0.3105, chybující modul
msvcr80.dll, verze 8.0.50727.762, adresa chyby 0x0004ef67.

Error - 9.9.2008 11:38:48 | Computer Name = BROUČEK | Source = Application Error | ID = 1000
Description = Chybující aplikace firefox.exe, verze 1.9.0.3105, chybující modul
msvcr80.dll, verze 8.0.50727.762, adresa chyby 0x0004ef67.

Error - 10.9.2008 3:11:26 | Computer Name = BROUČEK | Source = Application Error | ID = 1000
Description = Chybující aplikace firefox.exe, verze 1.9.0.3105, chybující modul
msvcr80.dll, verze 8.0.50727.762, adresa chyby 0x0004ef67.

Error - 10.9.2008 9:56:35 | Computer Name = BROUČEK | Source = Application Error | ID = 1000
Description = Chybující aplikace firefox.exe, verze 1.9.0.3105, chybující modul
msvcr80.dll, verze 8.0.50727.762, adresa chyby 0x0004ef67.

Error - 10.9.2008 9:59:54 | Computer Name = BROUČEK | Source = Application Error | ID = 1000
Description = Chybující aplikace firefox.exe, verze 1.9.0.3105, chybující modul
msvcr80.dll, verze 8.0.50727.762, adresa chyby 0x0004ef67.

Error - 10.9.2008 10:01:17 | Computer Name = BROUČEK | Source = Application Error | ID = 1000
Description = Chybující aplikace firefox.exe, verze 1.9.0.3105, chybující modul
msvcr80.dll, verze 8.0.50727.762, adresa chyby 0x0004ef67.

Error - 10.9.2008 10:06:26 | Computer Name = BROUČEK | Source = Application Error | ID = 1000
Description = Chybující aplikace firefox.exe, verze 1.9.0.3105, chybující modul
msvcr80.dll, verze 8.0.50727.762, adresa chyby 0x0004ef67.

Error - 10.9.2008 10:07:00 | Computer Name = BROUČEK | Source = Application Error | ID = 1000
Description = Chybující aplikace firefox.exe, verze 1.9.0.3105, chybující modul
msvcr80.dll, verze 8.0.50727.762, adresa chyby 0x0004ef67.

Error - 10.9.2008 10:07:52 | Computer Name = BROUČEK | Source = Application Error | ID = 1000
Description = Chybující aplikace firefox.exe, verze 1.9.0.3105, chybující modul
msvcr80.dll, verze 8.0.50727.762, adresa chyby 0x0004ef67.

Error - 10.9.2008 10:12:38 | Computer Name = BROUČEK | Source = Application Error | ID = 1000
Description = Chybující aplikace firefox.exe, verze 1.9.0.3105, chybující modul
msvcr80.dll, verze 8.0.50727.762, adresa chyby 0x0004ef67.

[ System Events ]
Error - 8.1.2010 9:07:50 | Computer Name = MIREK | Source = Service Control Manager | ID = 7034
Description = Služba Machine Debug Manager byla neočekávaně ukončena. Tento stav
nastal již 1krát.

Error - 8.1.2010 9:07:50 | Computer Name = MIREK | Source = Service Control Manager | ID = 7034
Description = Služba Windows User Mode Driver Framework byla neočekávaně ukončena.
Tento stav nastal již 1krát.

Error - 8.1.2010 9:07:50 | Computer Name = MIREK | Source = Service Control Manager | ID = 7034
Description = Služba Služba brány aplikačního rozhraní byla neočekávaně ukončena.
Tento stav nastal již 1krát.

Error - 8.1.2010 9:07:50 | Computer Name = MIREK | Source = Service Control Manager | ID = 7034
Description = Služba Zařazování tisku byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 8.1.2010 9:21:25 | Computer Name = MIREK | Source = Service Control Manager | ID = 7034
Description = Služba ATK Keyboard Service byla neočekávaně ukončena. Tento stav
nastal již 1krát.

Error - 8.1.2010 9:21:25 | Computer Name = MIREK | Source = Service Control Manager | ID = 7034
Description = Služba LightScribeService Direct Disc Labeling Service byla neočekávaně
ukončena. Tento stav nastal již 1krát.

Error - 8.1.2010 9:21:25 | Computer Name = MIREK | Source = Service Control Manager | ID = 7034
Description = Služba Machine Debug Manager byla neočekávaně ukončena. Tento stav
nastal již 1krát.

Error - 8.1.2010 9:21:25 | Computer Name = MIREK | Source = Service Control Manager | ID = 7034
Description = Služba Windows User Mode Driver Framework byla neočekávaně ukončena.
Tento stav nastal již 1krát.

Error - 8.1.2010 9:21:25 | Computer Name = MIREK | Source = Service Control Manager | ID = 7034
Description = Služba Služba brány aplikačního rozhraní byla neočekávaně ukončena.
Tento stav nastal již 1krát.

Error - 8.1.2010 9:21:25 | Computer Name = MIREK | Source = Service Control Manager | ID = 7034
Description = Služba Zařazování tisku byla neočekávaně ukončena. Tento stav nastal
již 1krát.


< End of report >
*
*
*
*
během scanu NODem opět několikrát nahlášena ...\atapi.sys a ...\cdrom.sys

toho ...\agp440.sys jsem se zbavil pomocí viewtopic.php?f=47&t=44712


a díky za rady

Re: Nod mi hlásí nákazu, kterou neumí ani smazat, ani léčit+ HJT

Napsal: 13 led 2010 07:12
od Wally.
věděl by si s tím teď někdo rady?

Re: Nod hlásí nákazu, kterou neumí ani smazat, ani léčit+HJT+OTL

Napsal: 13 led 2010 13:41
od Wally.
.

Re: Nod mi hlásí nákazu, kterou neumí ani smazat, ani léčit+ HJT

Napsal: 13 led 2010 20:29
od pitimir
Wally píše:...toho ...\agp440.sys jsem se zbavil pomocí viewtopic.php?f=47&t=44712

Nechapem...akeho \agp440.sys? Ten driver si nehlasil ako infikovany...

Vidim pouzity COmboFix, naco? A ked si ho uz pouzil, hod sem z neho log...

Re: Nod mi hlásí nákazu, kterou neumí ani smazat, ani léčit+ HJT

Napsal: 14 led 2010 09:59
od Wally.
ten původní log, kde bylo napsáno ...\agp440.sys vyléčeno, se nejspíš přepsal a v PC jsem ho již nenašel...jestli to pomůže dávám sem o něco starší
*
*
*
*

ComboFix 09-11-26.02 - Saša & Lenka 08.01.2010 10:03.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.503.227 [GMT 1:00]
Spuštěný z: c:\documents and settings\Saša
Použité ovládací přepínače :: c:\documents and settings\Saša & Lenka\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

Nakažená kopie c:\windows\system32\drivers\AGP440.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\agp440.sys

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\beep.sys --> c:\windows\system32\drivers\beep.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-08 do 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-08 07:58 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 07:58 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-08 07:57 . 2010-01-08 07:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 10:32 . 2002-10-15 22:18 155648 ----a-w- c:\windows\system32\igfxres.dll
2010-01-05 10:08 . 2010-01-05 10:08 -------- d-----w- c:\program files\HWiNFO32

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 11:02 . 2004-08-03 20:59 114656 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-01-05 10:28 . 2007-10-31 21:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-10 05:36 . 2001-11-24 18:02 432332 ----a-w- c:\windows\system32\perfh005.dat
2009-12-10 05:36 . 2001-11-24 18:02 79174 ----a-w- c:\windows\system32\perfc005.dat
2009-11-25 05:44 . 2004-08-03 20:59 147904 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-16 12:38 . 2009-11-16 12:38 -------- d-----w- c:\program files\Popisovač CD-DVD
2009-10-29 05:26 . 2004-08-17 13:49 668160 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2004-08-17 13:49 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-17 13:49 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 21:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-17 13:49 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-17 13:49 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:40 . 2004-08-17 13:49 79872 ----a-w- c:\windows\system32\raschap.dll
2008-04-03 20:47 . 2008-04-03 20:47 0 ----a-w- c:\program files\temp01
2004-10-01 14:00 . 2007-10-31 21:29 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

[-] 2009-11-25 05:44 . 86172AC2AB99C0C7551AB0D109144A10 . 147904 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SharpTray"="c:\program files\Sharp\Sharpdesk\SharpTray.exe" [2003-07-18 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-10-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-10-15 114688]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-11 1519616]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2001-10-22 1216512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Saça & Lenka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\Saça & Lenka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\Saça & Lenka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\Saça & Lenka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\Saça & Lenka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6\

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Saša & Lenka\\Data aplikací\\Thinstall\\Alcohol_120%_v1.9.6.5429\\4000004900003i\\StarWindServiceAE.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.4.2009 14:18 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.4.2009 14:21 94360]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [5.1.2010 11:08 19064]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.4.2009 14:19 731840]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [1.11.2007 15:34 302848]
S3 N100;Compaq Ethernet or Fast Ethernet NIC Driver;c:\windows\system32\drivers\n100325.sys [31.10.2007 20:43 129024]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.11.2007 14:57 685816]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db73c369-c917-11dc-9a38-00105ce17d0c}]
\Shell\AutoRun\command - G:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6ed3166-ae54-11dc-9a00-00105ce17d0c}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Saša & Lenka\Data aplikací\Mozilla\Firefox\Profiles\c4gtxp41.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKCU-Run-OEXPRESS - (no file)
HKCU-Run-WEBTRAN - (no file)
HKLM-Run-CorelDRAW Graphics Suite 11b - c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-08 10:10
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\ATKKBService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-01-08 10:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-08 09:13

Před spuštěním: Volných bajtů: 39 510 265 856
Po spuštění: Volných bajtů: 40 379 736 064

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4F2B0659005985D16E8F0BC371583FE3
ComboFix 09-11-26.02 - Saša & Lenka 08.01.2010 10:20.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.503.190 [GMT 1:00]
Spuštěný z: c:\documents and settings\Saša
Použité ovládací přepínače :: c:\documents and settings\Saša & Lenka\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\beep.sys --> c:\windows\system32\drivers\beep.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-08 do 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-08 07:58 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 07:58 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-08 07:57 . 2010-01-08 07:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 10:32 . 2002-10-15 22:18 155648 ----a-w- c:\windows\system32\igfxres.dll
2010-01-05 10:08 . 2010-01-05 10:08 -------- d-----w- c:\program files\HWiNFO32

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 11:02 . 2004-08-03 20:59 114656 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-01-05 10:28 . 2007-10-31 21:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-10 05:36 . 2001-11-24 18:02 432332 ----a-w- c:\windows\system32\perfh005.dat
2009-12-10 05:36 . 2001-11-24 18:02 79174 ----a-w- c:\windows\system32\perfc005.dat
2009-11-25 05:44 . 2004-08-03 20:59 147904 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-16 12:38 . 2009-11-16 12:38 -------- d-----w- c:\program files\Popisovač CD-DVD
2009-10-29 05:26 . 2004-08-17 13:49 668160 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2004-08-17 13:49 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-17 13:49 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 21:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-17 13:49 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-17 13:49 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:40 . 2004-08-17 13:49 79872 ----a-w- c:\windows\system32\raschap.dll
2008-04-03 20:47 . 2008-04-03 20:47 0 ----a-w- c:\program files\temp01
2004-10-01 14:00 . 2007-10-31 21:29 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

[-] 2009-11-25 05:44 . 86172AC2AB99C0C7551AB0D109144A10 . 147904 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SharpTray"="c:\program files\Sharp\Sharpdesk\SharpTray.exe" [2003-07-18 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-10-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-10-15 114688]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-11 1519616]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2001-10-22 1216512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Saça & Lenka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\Saça & Lenka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\Saça & Lenka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\Saça & Lenka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\Saça & Lenka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6\

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Saša & Lenka\\Data aplikací\\Thinstall\\Alcohol_120%_v1.9.6.5429\\4000004900003i\\StarWindServiceAE.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.4.2009 14:18 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.4.2009 14:21 94360]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [5.1.2010 11:08 19064]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.4.2009 14:19 731840]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [1.11.2007 15:34 302848]
S3 N100;Compaq Ethernet or Fast Ethernet NIC Driver;c:\windows\system32\drivers\n100325.sys [31.10.2007 20:43 129024]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.11.2007 14:57 685816]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db73c369-c917-11dc-9a38-00105ce17d0c}]
\Shell\AutoRun\command - G:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6ed3166-ae54-11dc-9a00-00105ce17d0c}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Saša & Lenka\Data aplikací\Mozilla\Firefox\Profiles\c4gtxp41.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-08 10:21
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-01-08 10:24
ComboFix-quarantined-files.txt 2010-01-08 09:24
ComboFix2.txt 2010-01-08 09:13

Před spuštěním: Volných bajtů: 40 387 981 312
Po spuštění: Volných bajtů: 40 377 237 504

- - End Of File - - B5BF073E4389DA16400D1B8D2FD1040B

Re: Nod mi hlásí nákazu, kterou neumí ani smazat, ani léčit+ HJT

Napsal: 14 led 2010 10:02
od Wally.
ještě přidávám ComboFix-quarantined-files.txt
*
*
*
*
2010-01-08 09:13:05 . 2010-01-08 09:13:05 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-ShockwaveFlash.reg.dat
2010-01-08 09:13:05 . 2010-01-08 09:13:05 826 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-NVIDIA Drivers.reg.dat
2010-01-08 09:12:32 . 2010-01-08 09:12:32 288 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CorelDRAW Graphics Suite 11b.reg.dat
2010-01-08 09:12:24 . 2010-01-08 09:12:24 94 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-WEBTRAN.reg.dat
2010-01-08 09:12:24 . 2010-01-08 09:12:24 95 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-OEXPRESS.reg.dat
2010-01-08 09:12:24 . 2010-01-08 09:12:24 175 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-DriverUpdaterPro.reg.dat
2010-01-08 09:03:43 . 2010-01-08 13:40:26 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2010-01-08 08:46:40 . 2010-01-11 06:51:08 612 ----a-w- C:\Qoobox\Quarantine\catchme.log
2007-10-31 19:43:02 . 2009-11-06 05:54:15 94,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\agp440.sys.vir
2001-11-24 17:45:44 . 2001-11-24 17:45:44 4,224 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\beep.sys.vir

Re: Nod mi hlásí nákazu, kterou neumí ani smazat, ani léčit+ HJT  Vyřešeno

Napsal: 14 led 2010 13:18
od pitimir
Ty snad zartujes? Vies, co sa pri tych tvojich skriptoch mohlo stat? Nespravne umiestnenie CF, stara verzia...hroza len pomaylsiet...

Stiahni novy a spust ho - log potrebujem vidiet. A uz prosim ta neexperimentuj.
Časové pásmo: UTC+02:00
Stránka 1 z 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/