Zpomalil se mi počítač .Prosim o kontolu děkuji.
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 16:33:34, on 27.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
G:\čistící program\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
--
End of file - 3654 bytes
Prosim o kontrolu logu
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosim o kontrolu logu
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost Uložit protokol a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost Uložit protokol a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Prosim o kontrolu logu
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4148
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
27.5.2010 18:47:54
mbam-log-2010-05-27 (18-47-54).txt
Typ skenu: Rychlý sken
Skenované objekty: 111980
Uplynulý čas: 16 minuta(y), 16 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
www.malwarebytes.org
Verze databáze: 4148
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
27.5.2010 18:47:54
mbam-log-2010-05-27 (18-47-54).txt
Typ skenu: Rychlý sken
Skenované objekty: 111980
Uplynulý čas: 16 minuta(y), 16 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosim o kontrolu logu
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Prosim o kontrolu logu
ComboFix 10-05-26.04 - Tomáš 27.05.2010 19:24:41.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.383.102 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tomáš\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-27 do 2010-05-27 )))))))))))))))))))))))))))))))
.
2010-05-27 16:29 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-27 16:29 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-15 11:16 . 2010-05-15 11:18 -------- d-----w- c:\windows\system32\URTTemp
2010-05-15 10:30 . 2006-05-03 09:57 520192 ------w- c:\windows\system32\ati2sgag.exe
2010-05-15 10:29 . 2010-05-15 11:25 -------- d-----w- c:\program files\ATI Technologies
2010-05-15 10:29 . 2010-05-15 10:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-15 10:27 . 2010-05-15 10:31 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-15 10:26 . 2010-05-15 10:26 -------- d-----w- C:\ATI
2010-05-15 10:18 . 2010-02-25 06:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-15 10:18 . 2010-02-25 06:18 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-15 10:18 . 2010-02-25 06:18 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-15 10:18 . 2010-02-25 06:18 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-05-15 10:18 . 2010-02-25 06:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-15 10:18 . 2010-02-25 09:48 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-05-15 10:16 . 2010-05-15 12:06 -------- d-----w- c:\windows\ie8updates
2010-05-15 10:12 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-15 10:03 . 2010-05-15 10:11 -------- dc-h--w- c:\windows\ie8
2010-05-15 10:03 . 2010-05-15 10:10 -------- d-----w- c:\windows\system32\cs-CZ
2010-05-10 16:02 . 2010-05-10 16:03 -------- d-----w- c:\program files\Common Files\Motive
2010-05-10 16:02 . 2010-05-10 16:05 -------- d-----w- c:\program files\TO2SSM
2010-05-07 13:07 . 2010-05-07 13:07 227 ----a-w- c:\windows\PowerReg.dat
2010-05-07 13:05 . 1999-05-29 08:08 45568 ----a-w- c:\windows\UniFish3.exe
2010-05-07 13:05 . 2010-05-07 13:05 -------- d-----w- c:\program files\Hasbro Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-16 13:00 . 2001-10-25 14:00 62138 ----a-w- c:\windows\system32\perfc005.dat
2010-05-16 13:00 . 2001-10-25 14:00 379568 ----a-w- c:\windows\system32\perfh005.dat
2010-05-06 20:59 . 2010-02-13 16:29 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2010-02-13 16:29 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-02-13 16:29 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-02-13 16:29 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-02-13 16:29 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2010-02-13 16:29 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2010-02-13 16:29 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2010-02-13 16:29 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2010-02-13 16:29 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-10 06:17 . 2002-09-20 18:04 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-03 18:10 . 2010-03-03 18:10 0 ----a-w- c:\windows\nsreg.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Tom ç\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PowerReg Scheduler.exe [2010-5-7 189952]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Medal of Honor\\moh_spearhead.exe"=
"f:\\metin2client.bin"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.2.2010 18:29 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.2.2010 18:29 19024]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\uswrid3x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
---- NASTAVENÍ FIREFOXU ----
c:\documents and settings\Tom ç\Plocha\nŘco\greprefs\all.js - pref("ui.use_native_colors", true);
c:\documents and settings\Tom ç\Plocha\nŘco\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\documents and settings\Tom ç\Plocha\nŘco\greprefs\all.js - pref("svg.smil.enabled", false);
c:\documents and settings\Tom ç\Plocha\nŘco\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\documents and settings\Tom ç\Plocha\nŘco\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\documents and settings\Tom ç\Plocha\nŘco\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\documents and settings\Tom ç\Plocha\nŘco\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\documents and settings\Tom ç\Plocha\nŘco\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\documents and settings\Tom ç\Plocha\nŘco\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\documents and settings\Tom ç\Plocha\nŘco\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\documents and settings\Tom ç\Plocha\nŘco\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-27 19:32
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(524)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2824)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-05-27 19:38:39
ComboFix-quarantined-files.txt 2010-05-27 17:38
Před spuštěním: 4 066 856 960
Po spuštění: 4 031 078 400
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 46EF110C11F5FC81FF40259EFF7D7554
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.383.102 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tomáš\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-27 do 2010-05-27 )))))))))))))))))))))))))))))))
.
2010-05-27 16:29 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-27 16:29 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-15 11:16 . 2010-05-15 11:18 -------- d-----w- c:\windows\system32\URTTemp
2010-05-15 10:30 . 2006-05-03 09:57 520192 ------w- c:\windows\system32\ati2sgag.exe
2010-05-15 10:29 . 2010-05-15 11:25 -------- d-----w- c:\program files\ATI Technologies
2010-05-15 10:29 . 2010-05-15 10:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-15 10:27 . 2010-05-15 10:31 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-15 10:26 . 2010-05-15 10:26 -------- d-----w- C:\ATI
2010-05-15 10:18 . 2010-02-25 06:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-15 10:18 . 2010-02-25 06:18 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-15 10:18 . 2010-02-25 06:18 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-15 10:18 . 2010-02-25 06:18 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-05-15 10:18 . 2010-02-25 06:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-15 10:18 . 2010-02-25 09:48 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-05-15 10:16 . 2010-05-15 12:06 -------- d-----w- c:\windows\ie8updates
2010-05-15 10:12 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-15 10:03 . 2010-05-15 10:11 -------- dc-h--w- c:\windows\ie8
2010-05-15 10:03 . 2010-05-15 10:10 -------- d-----w- c:\windows\system32\cs-CZ
2010-05-10 16:02 . 2010-05-10 16:03 -------- d-----w- c:\program files\Common Files\Motive
2010-05-10 16:02 . 2010-05-10 16:05 -------- d-----w- c:\program files\TO2SSM
2010-05-07 13:07 . 2010-05-07 13:07 227 ----a-w- c:\windows\PowerReg.dat
2010-05-07 13:05 . 1999-05-29 08:08 45568 ----a-w- c:\windows\UniFish3.exe
2010-05-07 13:05 . 2010-05-07 13:05 -------- d-----w- c:\program files\Hasbro Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-16 13:00 . 2001-10-25 14:00 62138 ----a-w- c:\windows\system32\perfc005.dat
2010-05-16 13:00 . 2001-10-25 14:00 379568 ----a-w- c:\windows\system32\perfh005.dat
2010-05-06 20:59 . 2010-02-13 16:29 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2010-02-13 16:29 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-02-13 16:29 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-02-13 16:29 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-02-13 16:29 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2010-02-13 16:29 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2010-02-13 16:29 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2010-02-13 16:29 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2010-02-13 16:29 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-10 06:17 . 2002-09-20 18:04 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-03 18:10 . 2010-03-03 18:10 0 ----a-w- c:\windows\nsreg.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Tom ç\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PowerReg Scheduler.exe [2010-5-7 189952]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Medal of Honor\\moh_spearhead.exe"=
"f:\\metin2client.bin"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.2.2010 18:29 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.2.2010 18:29 19024]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\uswrid3x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
---- NASTAVENÍ FIREFOXU ----
c:\documents and settings\Tom ç\Plocha\nŘco\greprefs\all.js - pref("ui.use_native_colors", true);
c:\documents and settings\Tom ç\Plocha\nŘco\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\documents and settings\Tom ç\Plocha\nŘco\greprefs\all.js - pref("svg.smil.enabled", false);
c:\documents and settings\Tom ç\Plocha\nŘco\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\documents and settings\Tom ç\Plocha\nŘco\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\documents and settings\Tom ç\Plocha\nŘco\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\documents and settings\Tom ç\Plocha\nŘco\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\documents and settings\Tom ç\Plocha\nŘco\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\documents and settings\Tom ç\Plocha\nŘco\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\documents and settings\Tom ç\Plocha\nŘco\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\documents and settings\Tom ç\Plocha\nŘco\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-27 19:32
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(524)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2824)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-05-27 19:38:39
ComboFix-quarantined-files.txt 2010-05-27 17:38
Před spuštěním: 4 066 856 960
Po spuštění: 4 031 078 400
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 46EF110C11F5FC81FF40259EFF7D7554
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosim o kontrolu logu
Vypni antivir a pokud máš i Antispyware a odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start -> Spustit a zadej do řádku: Combofix[mezera]/uninstall
*****************************************************************************************************************************************
Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.
c:\windows\UniFish3.exe
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na Minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť LOP a Kontrola na havěť Purity. Stáří souborů změň na 7 dnů. Všechny ostatní nastavení ponech jak jsou. Klikni na Prohledat. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj
ComboFix se odinstaluje takto:
Start -> Spustit a zadej do řádku: Combofix[mezera]/uninstall
*****************************************************************************************************************************************
Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.
c:\windows\UniFish3.exe
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na Minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť LOP a Kontrola na havěť Purity. Stáří souborů změň na 7 dnů. Všechny ostatní nastavení ponech jak jsou. Klikni na Prohledat. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Prosim o kontrolu logu
OTL logfile created on: 27.5.2010 21:40:46 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Tomáš\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
383,00 Mb Total Physical Memory | 183,00 Mb Available Physical Memory | 48,00% Memory free
922,00 Mb Paging File | 690,00 Mb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,31 Gb Total Space | 4,61 Gb Free Space | 49,53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 68,36 Gb Total Space | 54,32 Gb Free Space | 79,46% Space Free | Partition Type: NTFS
Drive G: | 68,36 Gb Total Space | 55,72 Gb Free Space | 81,51% Space Free | Partition Type: NTFS
Drive H: | 96,16 Gb Total Space | 86,17 Gb Free Space | 89,60% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Computer Name: TOM-CA4TLFGKGOR
Current User Name: Tomáš
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.05.27 21:31:33 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomáš\Plocha\OTL.exe
PRC - [2010.05.06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008.08.15 18:33:08 | 001,473,536 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\TO2SSM\McciTrayApp.exe
PRC - [2006.01.02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004.08.17 16:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010.05.27 21:31:33 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomáš\Plocha\OTL.exe
MOD - [2004.08.17 16:48:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004.08.04 00:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
========== Driver Services (SafeList) ==========
DRV - [2010.05.06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.05.06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.05.06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.05.06 22:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.05.06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.05.06 22:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008.03.29 11:20:55 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008.03.29 11:20:55 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2006.05.03 18:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.08.04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004.08.03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002.08.29 01:00:56 | 000,084,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97via.sys -- (VIAudio) Zvukový řadič VIA AC'97 (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Documents and Settings\Tomáš\Plocha\něco\components [2010.05.27 19:10:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Documents and Settings\Tomáš\Plocha\něco\plugins [2010.05.27 19:10:43 | 000,000,000 | ---D | M]
[2010.03.03 20:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Extensions
[2010.03.13 12:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\uswrid3x.default\extensions
O1 HOSTS File: ([2001.10.25 16:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Tomáš\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.05 19:42:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.05.27 21:31:27 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tomáš\Plocha\OTL.exe
[2010.05.27 20:37:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.05.27 19:38:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.05.27 19:21:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.05.27 19:05:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.05.27 18:29:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Data aplikací\Malwarebytes
[2010.05.27 18:29:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.05.27 18:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.05.27 18:29:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.05.27 16:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Data aplikací\TuneUp Software
[2010.05.15 13:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\ATI
[2010.05.15 13:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Data aplikací\ATI
[2010.05.15 13:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\ApplicationHistory
[2010.05.15 12:59:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tomáš\PrivacIE
[2010.05.15 12:47:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tomáš\IETldCache
[2010.05.15 12:29:12 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010.05.15 12:29:06 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010.05.15 12:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010.05.15 12:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\McAfee
[2010.05.11 15:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\MumboJumbo
[2010.05.10 18:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Data aplikací\Motive
[2010.05.10 18:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Motive
[2010.05.10 18:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010.05.10 18:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\TO2SSM
[2010.05.07 15:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Hasbro Interactive
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.05.27 21:31:33 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomáš\Plocha\OTL.exe
[2010.05.27 19:38:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.27 19:33:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.27 19:21:49 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.05.27 18:29:50 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.05.27 16:33:13 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Tomáš\Plocha\HiJackThis.lnk
[2010.05.27 15:45:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.27 15:44:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.25 21:24:05 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Tomáš\ntuser.dat
[2010.05.25 21:24:05 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tomáš\ntuser.ini
[2010.05.25 21:22:47 | 001,045,216 | -H-- | M] () -- C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\IconCache.db
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.05.27 18:29:50 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.05.27 16:32:55 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\Tomáš\Plocha\HiJackThis.lnk
[2010.05.15 13:35:12 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\fusioncache.dat
[2002.03.25 22:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
========== LOP Check ==========
[2010.02.13 18:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.05.11 15:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MumboJumbo
[2010.05.27 16:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomáš\Data aplikací\TuneUp Software
========== Purity Check ==========
< End of report >
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Tomáš\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
383,00 Mb Total Physical Memory | 183,00 Mb Available Physical Memory | 48,00% Memory free
922,00 Mb Paging File | 690,00 Mb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,31 Gb Total Space | 4,61 Gb Free Space | 49,53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 68,36 Gb Total Space | 54,32 Gb Free Space | 79,46% Space Free | Partition Type: NTFS
Drive G: | 68,36 Gb Total Space | 55,72 Gb Free Space | 81,51% Space Free | Partition Type: NTFS
Drive H: | 96,16 Gb Total Space | 86,17 Gb Free Space | 89,60% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Computer Name: TOM-CA4TLFGKGOR
Current User Name: Tomáš
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.05.27 21:31:33 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomáš\Plocha\OTL.exe
PRC - [2010.05.06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008.08.15 18:33:08 | 001,473,536 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\TO2SSM\McciTrayApp.exe
PRC - [2006.01.02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004.08.17 16:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010.05.27 21:31:33 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomáš\Plocha\OTL.exe
MOD - [2004.08.17 16:48:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004.08.04 00:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
========== Driver Services (SafeList) ==========
DRV - [2010.05.06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.05.06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.05.06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.05.06 22:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.05.06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.05.06 22:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008.03.29 11:20:55 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008.03.29 11:20:55 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2006.05.03 18:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.08.04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004.08.03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002.08.29 01:00:56 | 000,084,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97via.sys -- (VIAudio) Zvukový řadič VIA AC'97 (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Documents and Settings\Tomáš\Plocha\něco\components [2010.05.27 19:10:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Documents and Settings\Tomáš\Plocha\něco\plugins [2010.05.27 19:10:43 | 000,000,000 | ---D | M]
[2010.03.03 20:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Extensions
[2010.03.13 12:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\uswrid3x.default\extensions
O1 HOSTS File: ([2001.10.25 16:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Tomáš\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.05 19:42:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.05.27 21:31:27 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tomáš\Plocha\OTL.exe
[2010.05.27 20:37:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.05.27 19:38:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.05.27 19:21:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.05.27 19:05:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.05.27 18:29:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Data aplikací\Malwarebytes
[2010.05.27 18:29:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.05.27 18:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.05.27 18:29:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.05.27 16:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Data aplikací\TuneUp Software
[2010.05.15 13:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\ATI
[2010.05.15 13:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Data aplikací\ATI
[2010.05.15 13:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\ApplicationHistory
[2010.05.15 12:59:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tomáš\PrivacIE
[2010.05.15 12:47:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tomáš\IETldCache
[2010.05.15 12:29:12 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010.05.15 12:29:06 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010.05.15 12:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010.05.15 12:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\McAfee
[2010.05.11 15:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\MumboJumbo
[2010.05.10 18:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Data aplikací\Motive
[2010.05.10 18:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Motive
[2010.05.10 18:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010.05.10 18:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\TO2SSM
[2010.05.07 15:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Hasbro Interactive
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.05.27 21:31:33 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomáš\Plocha\OTL.exe
[2010.05.27 19:38:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.27 19:33:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.27 19:21:49 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.05.27 18:29:50 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.05.27 16:33:13 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Tomáš\Plocha\HiJackThis.lnk
[2010.05.27 15:45:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.27 15:44:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.25 21:24:05 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Tomáš\ntuser.dat
[2010.05.25 21:24:05 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tomáš\ntuser.ini
[2010.05.25 21:22:47 | 001,045,216 | -H-- | M] () -- C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\IconCache.db
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.05.27 18:29:50 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.05.27 16:32:55 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\Tomáš\Plocha\HiJackThis.lnk
[2010.05.15 13:35:12 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\fusioncache.dat
[2002.03.25 22:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
========== LOP Check ==========
[2010.02.13 18:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.05.11 15:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MumboJumbo
[2010.05.27 16:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomáš\Data aplikací\TuneUp Software
========== Purity Check ==========
< End of report >
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosim o kontrolu logu
Extras se nevytvořil? Řekl bych, že nebylo zaškrtnuto to, co jsem chtěl - tak si to řádně přečti a zopakuj:
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na Minimální výstup.Pod Běžné registry změň na Vše, Specifické registry na Použít whitelist. Zatrhni Kontrola na havěť LOP a Kontrola na havěť Purity. Stáří souborů změň na 14 dnů. Všechny ostatní nastavení ponech jak jsou. Klikni na Prohledat.
Potřebuji taky ještě ten soubor zkontrolovaný na virustotalu. (červený).
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na Minimální výstup.Pod Běžné registry změň na Vše, Specifické registry na Použít whitelist. Zatrhni Kontrola na havěť LOP a Kontrola na havěť Purity. Stáří souborů změň na 14 dnů. Všechny ostatní nastavení ponech jak jsou. Klikni na Prohledat.
Potřebuji taky ještě ten soubor zkontrolovaný na virustotalu. (červený).
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Prosim o kontrolu logu
nevim co tim červenym myslíš nic nemohu najít.
OTL logfile created on: 28.5.2010 16:10:53 - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Tomáš\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
383,00 Mb Total Physical Memory | 154,00 Mb Available Physical Memory | 40,00% Memory free
922,00 Mb Paging File | 690,00 Mb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,31 Gb Total Space | 4,51 Gb Free Space | 48,41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 68,36 Gb Total Space | 54,32 Gb Free Space | 79,46% Space Free | Partition Type: NTFS
Drive G: | 68,36 Gb Total Space | 55,72 Gb Free Space | 81,51% Space Free | Partition Type: NTFS
Drive H: | 96,16 Gb Total Space | 86,17 Gb Free Space | 89,60% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Computer Name: TOM-CA4TLFGKGOR
Current User Name: Tomáš
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Tomáš\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\TO2SSM\McciTrayApp.exe (Motive Communications, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Tomáš\Plocha\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\Motive\McciContextHook_6-1-0_DSR.dll (Motive Communications, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
========== Driver Services (SafeList) ==========
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (VIAudio) Zvukový řadič VIA AC'97 (WDM) -- C:\WINDOWS\system32\drivers\ac97via.sys (VIA Technologies, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Documents and Settings\Tomáš\Plocha\něco\components [2010.05.27 19:10:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Documents and Settings\Tomáš\Plocha\něco\plugins [2010.05.27 19:10:43 | 000,000,000 | ---D | M]
[2010.03.03 20:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Extensions
[2010.03.13 12:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\uswrid3x.default\extensions
O1 HOSTS File: ([2001.10.25 16:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Tomáš\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.05 19:42:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 14 Days ==========
[2010.05.27 21:31:27 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tomáš\Plocha\OTL.exe
[2010.05.27 20:37:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.05.27 19:38:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.05.27 19:21:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.05.27 19:05:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.05.27 18:29:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Data aplikací\Malwarebytes
[2010.05.27 18:29:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.05.27 18:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.05.27 18:29:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.05.27 16:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Data aplikací\TuneUp Software
[2010.05.15 13:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\ATI
[2010.05.15 13:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Data aplikací\ATI
[2010.05.15 13:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\ApplicationHistory
[2010.05.15 13:16:30 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010.05.15 13:16:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010.05.15 13:16:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010.05.15 12:59:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tomáš\PrivacIE
[2010.05.15 12:47:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tomáš\IETldCache
[2010.05.15 12:29:12 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010.05.15 12:29:06 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010.05.15 12:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010.05.15 12:26:12 | 000,000,000 | ---D | C] -- C:\ATI
[2010.05.15 12:18:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010.05.15 12:18:26 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010.05.15 12:18:25 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010.05.15 12:18:23 | 011,070,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010.05.15 12:16:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010.05.15 12:10:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010.05.15 12:03:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.05.15 12:03:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cs-CZ
[2010.05.15 12:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\McAfee
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010.05.28 16:03:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.28 16:02:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.28 16:00:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.28 05:07:38 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Tomáš\ntuser.dat
[2010.05.28 05:07:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tomáš\ntuser.ini
[2010.05.28 05:06:58 | 002,105,384 | -H-- | M] () -- C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\IconCache.db
[2010.05.27 21:31:33 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomáš\Plocha\OTL.exe
[2010.05.27 19:33:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.27 19:21:49 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.05.27 18:29:50 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.05.27 16:33:13 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Tomáš\Plocha\HiJackThis.lnk
[2010.05.16 15:00:15 | 000,860,982 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.05.16 15:00:15 | 000,380,486 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.05.16 15:00:15 | 000,379,568 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.05.16 15:00:15 | 000,062,138 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.05.16 15:00:15 | 000,052,900 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.05.16 12:02:09 | 000,080,771 | ---- | M] () -- C:\Documents and Settings\Tomáš\Plocha\533082_kraken.jpg
[2010.05.15 14:07:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.05.15 13:35:12 | 000,000,125 | ---- | M] () -- C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\fusioncache.dat
[2010.05.15 13:31:52 | 000,001,895 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\ Catalyst Control Center.lnk
[2010.05.15 12:17:02 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.05.27 18:29:50 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.05.27 16:32:55 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\Tomáš\Plocha\HiJackThis.lnk
[2010.05.16 12:02:02 | 000,080,771 | ---- | C] () -- C:\Documents and Settings\Tomáš\Plocha\533082_kraken.jpg
[2010.05.15 13:43:47 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\Tomáš\Plocha\Zástupce - moh_spearhead.lnk
[2010.05.15 13:35:12 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\fusioncache.dat
[2010.05.15 13:31:52 | 000,001,895 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\ Catalyst Control Center.lnk
[2010.05.15 12:30:51 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2002.03.25 22:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
========== LOP Check ==========
[2010.02.13 18:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.05.11 15:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MumboJumbo
[2010.05.27 16:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomáš\Data aplikací\TuneUp Software
========== Purity Check ==========
< End of report >
OTL logfile created on: 28.5.2010 16:10:53 - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Tomáš\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
383,00 Mb Total Physical Memory | 154,00 Mb Available Physical Memory | 40,00% Memory free
922,00 Mb Paging File | 690,00 Mb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,31 Gb Total Space | 4,51 Gb Free Space | 48,41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 68,36 Gb Total Space | 54,32 Gb Free Space | 79,46% Space Free | Partition Type: NTFS
Drive G: | 68,36 Gb Total Space | 55,72 Gb Free Space | 81,51% Space Free | Partition Type: NTFS
Drive H: | 96,16 Gb Total Space | 86,17 Gb Free Space | 89,60% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Computer Name: TOM-CA4TLFGKGOR
Current User Name: Tomáš
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Tomáš\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\TO2SSM\McciTrayApp.exe (Motive Communications, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Tomáš\Plocha\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\Motive\McciContextHook_6-1-0_DSR.dll (Motive Communications, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
========== Driver Services (SafeList) ==========
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (VIAudio) Zvukový řadič VIA AC'97 (WDM) -- C:\WINDOWS\system32\drivers\ac97via.sys (VIA Technologies, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Documents and Settings\Tomáš\Plocha\něco\components [2010.05.27 19:10:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Documents and Settings\Tomáš\Plocha\něco\plugins [2010.05.27 19:10:43 | 000,000,000 | ---D | M]
[2010.03.03 20:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Extensions
[2010.03.13 12:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\uswrid3x.default\extensions
O1 HOSTS File: ([2001.10.25 16:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Tomáš\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.05 19:42:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 14 Days ==========
[2010.05.27 21:31:27 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tomáš\Plocha\OTL.exe
[2010.05.27 20:37:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.05.27 19:38:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.05.27 19:21:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.05.27 19:05:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.05.27 18:29:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Data aplikací\Malwarebytes
[2010.05.27 18:29:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.05.27 18:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.05.27 18:29:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.05.27 16:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Data aplikací\TuneUp Software
[2010.05.15 13:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\ATI
[2010.05.15 13:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Data aplikací\ATI
[2010.05.15 13:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\ApplicationHistory
[2010.05.15 13:16:30 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010.05.15 13:16:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010.05.15 13:16:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010.05.15 12:59:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tomáš\PrivacIE
[2010.05.15 12:47:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tomáš\IETldCache
[2010.05.15 12:29:12 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010.05.15 12:29:06 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010.05.15 12:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010.05.15 12:26:12 | 000,000,000 | ---D | C] -- C:\ATI
[2010.05.15 12:18:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010.05.15 12:18:26 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010.05.15 12:18:25 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010.05.15 12:18:23 | 011,070,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010.05.15 12:16:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010.05.15 12:10:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010.05.15 12:03:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.05.15 12:03:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cs-CZ
[2010.05.15 12:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\McAfee
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010.05.28 16:03:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.28 16:02:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.28 16:00:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.28 05:07:38 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Tomáš\ntuser.dat
[2010.05.28 05:07:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tomáš\ntuser.ini
[2010.05.28 05:06:58 | 002,105,384 | -H-- | M] () -- C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\IconCache.db
[2010.05.27 21:31:33 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomáš\Plocha\OTL.exe
[2010.05.27 19:33:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.27 19:21:49 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.05.27 18:29:50 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.05.27 16:33:13 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Tomáš\Plocha\HiJackThis.lnk
[2010.05.16 15:00:15 | 000,860,982 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.05.16 15:00:15 | 000,380,486 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.05.16 15:00:15 | 000,379,568 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.05.16 15:00:15 | 000,062,138 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.05.16 15:00:15 | 000,052,900 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.05.16 12:02:09 | 000,080,771 | ---- | M] () -- C:\Documents and Settings\Tomáš\Plocha\533082_kraken.jpg
[2010.05.15 14:07:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.05.15 13:35:12 | 000,000,125 | ---- | M] () -- C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\fusioncache.dat
[2010.05.15 13:31:52 | 000,001,895 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\ Catalyst Control Center.lnk
[2010.05.15 12:17:02 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.05.27 18:29:50 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.05.27 16:32:55 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\Tomáš\Plocha\HiJackThis.lnk
[2010.05.16 12:02:02 | 000,080,771 | ---- | C] () -- C:\Documents and Settings\Tomáš\Plocha\533082_kraken.jpg
[2010.05.15 13:43:47 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\Tomáš\Plocha\Zástupce - moh_spearhead.lnk
[2010.05.15 13:35:12 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\fusioncache.dat
[2010.05.15 13:31:52 | 000,001,895 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\ Catalyst Control Center.lnk
[2010.05.15 12:30:51 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2002.03.25 22:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
========== LOP Check ==========
[2010.02.13 18:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.05.11 15:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MumboJumbo
[2010.05.27 16:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomáš\Data aplikací\TuneUp Software
========== Purity Check ==========
< End of report >
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosim o kontrolu logu
Tento soubor: c:\windows\UniFish3.exe . Nebo ho nemůžeš najít v PC? Je tam i postup, pokud je soubor skrytý.
Extras nevytvořil?
Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/Opravy do okénka vlož následující text, zobrazený zeleně:
Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
Extras nevytvořil?
Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/Opravy do okénka vlož následující text, zobrazený zeleně:
Kód: Vybrat vše
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
:Files
C:\WINDOWS\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\system32\SET*.tmp
C:\RECYCLER
C:\$RECYCLE.BIN
C:\Documents and Settings\LocalService\Data aplikací\McAfee
C:\WINDOWS\tasks\SA.DAT
C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\fusioncache.dat
:Reg
:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]
Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Prosim o kontrolu logu
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
File rity] not found.
File ptytemp] not found.
File ptyflash] not found.
File art explorer] not found.
File boot] not found.
OTL by OldTimer - Version 3.2.5.0 log created on 05282010_172809
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
========== OTL ==========
No active process named explorer.exe was found!
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
File rity] not found.
File ptytemp] not found.
File ptyflash] not found.
File art explorer] not found.
File boot] not found.
OTL by OldTimer - Version 3.2.5.0 log created on 05282010_172809
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Re: Prosim o kontrolu logu
omlouvám se musel jsem přehlídnout tade je ten sken
Soubor UniFish3.exe přijatý 2010.05.28 15:41:21 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 1/41 (2.44%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.28.01 2010.05.28 -
AntiVir 8.2.1.242 2010.05.28 -
Antiy-AVL 2.0.3.7 2010.05.26 Worm/Win32.Polip.gen
Authentium 5.2.0.5 2010.05.28 -
Avast 4.8.1351.0 2010.05.28 -
Avast5 5.0.332.0 2010.05.28 -
AVG 9.0.0.787 2010.05.28 -
BitDefender 7.2 2010.05.28 -
CAT-QuickHeal 10.00 2010.05.28 -
ClamAV 0.96.0.3-git 2010.05.28 -
Comodo 4942 2010.05.25 -
DrWeb 5.0.2.03300 2010.05.28 -
eSafe 7.0.17.0 2010.05.27 -
eTrust-Vet 35.2.7516 2010.05.28 -
F-Prot 4.6.0.103 2010.05.28 -
F-Secure 9.0.15370.0 2010.05.28 -
Fortinet 4.1.133.0 2010.05.28 -
GData 21 2010.05.28 -
Ikarus T3.1.1.84.0 2010.05.28 -
Jiangmin 13.0.900 2010.05.28 -
Kaspersky 7.0.0.125 2010.05.28 -
McAfee 5.400.0.1158 2010.05.28 -
McAfee-GW-Edition 2010.1 2010.05.28 -
Microsoft 1.5802 2010.05.28 -
NOD32 5154 2010.05.28 -
Norman 6.04.12 2010.05.27 -
nProtect 2010-05-28.01 2010.05.28 -
Panda 10.0.2.7 2010.05.28 -
PCTools 7.0.3.5 2010.05.28 -
Prevx 3.0 2010.05.28 -
Rising 22.49.04.04 2010.05.28 -
Sophos 4.53.0 2010.05.28 -
Sunbelt 6369 2010.05.28 -
Symantec 20101.1.0.89 2010.05.28 -
TheHacker 6.5.2.0.288 2010.05.27 -
TrendMicro 9.120.0.1004 2010.05.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.28 -
VBA32 3.12.12.5 2010.05.28 -
ViRobot 2010.5.20.2326 2010.05.28 -
VirusBuster 5.0.27.0 2010.05.28 -
Rozšiřující informace
File size: 45568 bytes
MD5...: 80e8a9d877445cd90ec72b630704af0a
SHA1..: aac5925f7c7d51c8344e040aecfef1aa58a643d5
SHA256: c9afec414c346fe4785b5b03143254f23b3d5dfec2d81b6c1982483f510da941
ssdeep: 768:ykrxsAxLy8PuBZA1HZb/olZnFaWLX/okB+4rsGC2PE0VUa85ux:lrxs2OQuB
+j8lZFhLvokB+Ei0qa8U
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x3380
timedatestamp.....: 0x36c15d25 (Wed Feb 10 10:19:17 1999)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6866 0x6a00 6.35 db5bb0e356deb1b618b663ea14d344f3
.rdata 0x8000 0x360 0x400 4.62 c92097c461f13fc0e06004843520ecf0
.data 0x9000 0x3788 0x2000 4.19 1949249196a56e797ef84e8d1d771a63
.idata 0xd000 0x8f6 0xa00 4.77 be78da64278b9a78def21b0a71fdeb1e
.rsrc 0xe000 0x8e4 0xa00 3.46 ce34680208b09f90503e628aa66b14ca
.reloc 0xf000 0xa48 0xc00 5.61 8b194fb28344a620c908ec23b543c0e0
( 5 imports )
> KERNEL32.dll: GetSystemDefaultLangID, lstrlenA, lstrcmpiA, lstrcatA, GetCurrentDirectoryA, RemoveDirectoryA, FindNextFileA, CloseHandle, SetEnvironmentVariableA, CompareStringW, HeapReAlloc, GetStringTypeW, GetStringTypeA, CompareStringA, LoadLibraryA, GetProcAddress, SetEndOfFile, CreateFileA, SetFilePointer, GetTimeZoneInformation, SetStdHandle, WriteFile, FlushFileBuffers, GetFileType, SetHandleCount, GetStdHandle, GetACP, GetCPInfo, HeapFree, HeapAlloc, GetLastError, FindFirstFileA, lstrcpyA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, HeapCreate, UnhandledExceptionFilter, GetOEMCP, ReadFile, ExitProcess, TerminateProcess, GetCurrentProcess, RtlUnwind, GetModuleFileNameA, FreeEnvironmentStringsA, MultiByteToWideChar, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, WideCharToMultiByte
> USER32.dll: ExitWindowsEx, EndDialog, MessageBoxA, SetWindowTextA, ShowWindow, EnableWindow, SetCursor, LoadCursorA, SendDlgItemMessageA, GetDlgItem, SetDlgItemTextA, DialogBoxParamA, FindWindowA, SendMessageA, wsprintfA, wvsprintfA
> GDI32.dll: DeleteObject, CreateFontIndirectA
> ADVAPI32.dll: RegDeleteKeyA, RegCloseKey, RegQueryValueExA, RegOpenKeyA, RegDeleteValueA
> SHELL32.dll: SHGetMalloc, SHBrowseForFolder, SHGetPathFromIDList, SHFileOperationA
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ 4.x (64.8%)
Win32 Executable MS Visual C++ (generic) (18.1%)
Windows Screen Saver (6.3%)
Win32 Executable Generic (4.1%)
Win32 Dynamic Link Library (generic) (3.6%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
VAROVÁNÍ VAROVÁNÍ: VirusTotal je služba poskytovaná zdarma společnosti Hispasec Sistemas. Kvalita výsledků není nijak zaručena. Výsledky jsou závislé na tvůrci daného produktu. Vysledky testů nemusí být 100% správné. Tyto výsledky nemusí znamenat, že daný soubor je infikován, nebo čistý!
Soubor UniFish3.exe přijatý 2010.05.28 15:41:21 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 1/41 (2.44%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.28.01 2010.05.28 -
AntiVir 8.2.1.242 2010.05.28 -
Antiy-AVL 2.0.3.7 2010.05.26 Worm/Win32.Polip.gen
Authentium 5.2.0.5 2010.05.28 -
Avast 4.8.1351.0 2010.05.28 -
Avast5 5.0.332.0 2010.05.28 -
AVG 9.0.0.787 2010.05.28 -
BitDefender 7.2 2010.05.28 -
CAT-QuickHeal 10.00 2010.05.28 -
ClamAV 0.96.0.3-git 2010.05.28 -
Comodo 4942 2010.05.25 -
DrWeb 5.0.2.03300 2010.05.28 -
eSafe 7.0.17.0 2010.05.27 -
eTrust-Vet 35.2.7516 2010.05.28 -
F-Prot 4.6.0.103 2010.05.28 -
F-Secure 9.0.15370.0 2010.05.28 -
Fortinet 4.1.133.0 2010.05.28 -
GData 21 2010.05.28 -
Ikarus T3.1.1.84.0 2010.05.28 -
Jiangmin 13.0.900 2010.05.28 -
Kaspersky 7.0.0.125 2010.05.28 -
McAfee 5.400.0.1158 2010.05.28 -
McAfee-GW-Edition 2010.1 2010.05.28 -
Microsoft 1.5802 2010.05.28 -
NOD32 5154 2010.05.28 -
Norman 6.04.12 2010.05.27 -
nProtect 2010-05-28.01 2010.05.28 -
Panda 10.0.2.7 2010.05.28 -
PCTools 7.0.3.5 2010.05.28 -
Prevx 3.0 2010.05.28 -
Rising 22.49.04.04 2010.05.28 -
Sophos 4.53.0 2010.05.28 -
Sunbelt 6369 2010.05.28 -
Symantec 20101.1.0.89 2010.05.28 -
TheHacker 6.5.2.0.288 2010.05.27 -
TrendMicro 9.120.0.1004 2010.05.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.28 -
VBA32 3.12.12.5 2010.05.28 -
ViRobot 2010.5.20.2326 2010.05.28 -
VirusBuster 5.0.27.0 2010.05.28 -
Rozšiřující informace
File size: 45568 bytes
MD5...: 80e8a9d877445cd90ec72b630704af0a
SHA1..: aac5925f7c7d51c8344e040aecfef1aa58a643d5
SHA256: c9afec414c346fe4785b5b03143254f23b3d5dfec2d81b6c1982483f510da941
ssdeep: 768:ykrxsAxLy8PuBZA1HZb/olZnFaWLX/okB+4rsGC2PE0VUa85ux:lrxs2OQuB
+j8lZFhLvokB+Ei0qa8U
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x3380
timedatestamp.....: 0x36c15d25 (Wed Feb 10 10:19:17 1999)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6866 0x6a00 6.35 db5bb0e356deb1b618b663ea14d344f3
.rdata 0x8000 0x360 0x400 4.62 c92097c461f13fc0e06004843520ecf0
.data 0x9000 0x3788 0x2000 4.19 1949249196a56e797ef84e8d1d771a63
.idata 0xd000 0x8f6 0xa00 4.77 be78da64278b9a78def21b0a71fdeb1e
.rsrc 0xe000 0x8e4 0xa00 3.46 ce34680208b09f90503e628aa66b14ca
.reloc 0xf000 0xa48 0xc00 5.61 8b194fb28344a620c908ec23b543c0e0
( 5 imports )
> KERNEL32.dll: GetSystemDefaultLangID, lstrlenA, lstrcmpiA, lstrcatA, GetCurrentDirectoryA, RemoveDirectoryA, FindNextFileA, CloseHandle, SetEnvironmentVariableA, CompareStringW, HeapReAlloc, GetStringTypeW, GetStringTypeA, CompareStringA, LoadLibraryA, GetProcAddress, SetEndOfFile, CreateFileA, SetFilePointer, GetTimeZoneInformation, SetStdHandle, WriteFile, FlushFileBuffers, GetFileType, SetHandleCount, GetStdHandle, GetACP, GetCPInfo, HeapFree, HeapAlloc, GetLastError, FindFirstFileA, lstrcpyA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, HeapCreate, UnhandledExceptionFilter, GetOEMCP, ReadFile, ExitProcess, TerminateProcess, GetCurrentProcess, RtlUnwind, GetModuleFileNameA, FreeEnvironmentStringsA, MultiByteToWideChar, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, WideCharToMultiByte
> USER32.dll: ExitWindowsEx, EndDialog, MessageBoxA, SetWindowTextA, ShowWindow, EnableWindow, SetCursor, LoadCursorA, SendDlgItemMessageA, GetDlgItem, SetDlgItemTextA, DialogBoxParamA, FindWindowA, SendMessageA, wsprintfA, wvsprintfA
> GDI32.dll: DeleteObject, CreateFontIndirectA
> ADVAPI32.dll: RegDeleteKeyA, RegCloseKey, RegQueryValueExA, RegOpenKeyA, RegDeleteValueA
> SHELL32.dll: SHGetMalloc, SHBrowseForFolder, SHGetPathFromIDList, SHFileOperationA
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ 4.x (64.8%)
Win32 Executable MS Visual C++ (generic) (18.1%)
Windows Screen Saver (6.3%)
Win32 Executable Generic (4.1%)
Win32 Dynamic Link Library (generic) (3.6%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
VAROVÁNÍ VAROVÁNÍ: VirusTotal je služba poskytovaná zdarma společnosti Hispasec Sistemas. Kvalita výsledků není nijak zaručena. Výsledky jsou závislé na tvůrci daného produktu. Vysledky testů nemusí být 100% správné. Tyto výsledky nemusí znamenat, že daný soubor je infikován, nebo čistý!
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 82 hostů