trojan-spy.Win32.zbot.ikh Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Zamčeno
Migu3L
nováček
Příspěvky: 21
Registrován: srpen 09
Pohlaví: Muž
Stav:
Offline

Re: trojan-spy.Win32.zbot.ikh

Příspěvekod Migu3L » 13 srp 2009 19:17

Tak tady to je,ale nejak mi to nesedi.

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2551
Windows 6.1.7100 (Safe Mode)

13.8.2009 19:11:26
mbam-log-2009-08-13 (19-11-26).txt

Typ skenu: Rychlý sken
Objektu skenováno: 84266
Uplynulý cas: 4 minute(s), 3 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
Nahoru
Reklama
Top
Uživatelský avatar
Damned
Tvůrce článků
Master Level 9
Master Level 9
Příspěvky: 8353
Registrován: prosinec 06
Bydliště: Rokycany
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Damned

Re: trojan-spy.Win32.zbot.ikh

Příspěvekod Damned » 13 srp 2009 19:28

V normálním režimu ti to nejede?

Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All.. Zatrhni LOP Check a Purity Check. Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTListIt.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Nahoru
Migu3L
nováček
Příspěvky: 21
Registrován: srpen 09
Pohlaví: Muž
Stav:
Offline

Re: trojan-spy.Win32.zbot.ikh

Příspěvekod Migu3L » 13 srp 2009 20:24

Uz to v normalnim rezimu jde, jsem to radeji nezkousel, aby se ten virus odnekud z kouta zase nenainstaloval.

Video a hudba jde prehravat, na internet se dostanu a co je hlavni, nevyskakuje mi hned po startu ta bila obrazovka a spravce uloh funguje.

Mam tedy jeste spustit to OTL nebo to jiz neni potreba?
Nahoru
Uživatelský avatar
Damned
Tvůrce článků
Master Level 9
Master Level 9
Příspěvky: 8353
Registrován: prosinec 06
Bydliště: Rokycany
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Damned

Re: trojan-spy.Win32.zbot.ikh

Příspěvekod Damned » 13 srp 2009 20:28

Ano, OTL najde chyby, které MbAM nenašel.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Nahoru
Migu3L
nováček
Příspěvky: 21
Registrován: srpen 09
Pohlaví: Muž
Stav:
Offline

Re: trojan-spy.Win32.zbot.ikh

Příspěvekod Migu3L » 13 srp 2009 21:14

OTL.txt 1/2

OTL logfile created on: 13.8.2009 21:00:56 - Run 1
OTL by OldTimer - Version 3.0.10.6 Folder = C:\Users\Migu3L\Desktop
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,36% Memory free
4,00 Gb Paging File | 3,11 Gb Available in Paging File | 77,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70,48 Gb Total Space | 31,36 Gb Free Space | 44,50% Space Free | Partition Type: NTFS
Drive D: | 150,68 Gb Total Space | 138,13 Gb Free Space | 91,67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIGU3L
Current User Name: Migu3L
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Windows\System32\PnkBstrA.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
PRC - C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Users\Migu3L\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE (Vodafone)
PRC - C:\Users\Migu3L\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\program files\windows defender\MpCmdRun.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AMD External Events Utility [Auto | Running]) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AppIDSvc [On_Demand | Stopped]) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (AxInstSV [On_Demand | Stopped]) -- C:\Windows\System32\AxInstSV.dll (Microsoft Corporation)
SRV - (BDESVC [Unknown | Stopped]) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (defragsvc [On_Demand | Stopped]) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (Dhcp [Auto | Running]) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache [On_Demand | Stopped]) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (HomeGroupListener [On_Demand | Running]) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider [On_Demand | Running]) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (p2pimsvc [On_Demand | Running]) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc [On_Demand | Stopped]) -- C:\Windows\System32\peerdistsvc.dll (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\Windows\System32\PnkBstrA.exe ()
SRV - (PNRPAutoReg [On_Demand | Stopped]) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (PNRPsvc [On_Demand | Running]) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (Power [Auto | Running]) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (RpcEptMapper [Unknown | Running]) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc [On_Demand | Stopped]) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (sppsvc [Auto | Stopped]) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (sppuinotify [On_Demand | Stopped]) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (Themes [Auto | Running]) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (VMCService [Auto | Running]) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (WbioSrvc [On_Demand | Stopped]) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WwanSvc [On_Demand | Stopped]) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (1394ohci [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (AcpiPmi [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (adp94xx [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adpu320 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (AmdPPM [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (amdsata [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\amdsata.sys (AMD)
DRV - (amdsbs [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (amdxata [Boot | Running]) -- C:\Windows\system32\DRIVERS\amdxata.sys (AMD)
DRV - (AppID [On_Demand | Stopped]) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (arc [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (arcsas [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\Windows\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt [Auto | Running]) -- C:\Windows\System32\DRIVERS\aswMonFlt.sys (ALWIL Software)
DRV - (aswRdr [System | Running]) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (athr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\athr.sys (Atheros Communications, Inc.)
DRV - (atikmdag [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (b06bdrv [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (b57nd60x [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\b57nd60x.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (Brserid [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (cmdide [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (CNG [Boot | Running]) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (CompositeBus [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (discache [System | Running]) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (ebdrv [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (elxstor [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (FsDepends [On_Demand | Stopped]) -- C:\Windows\System32\drivers\FsDepends.sys (Microsoft Corporation)
DRV - (GarenaPEngine [On_Demand | Stopped]) -- C:\Users\Migu3L\AppData\Local\Temp\RPU732E.tmp ()
DRV - (hcw85cir [On_Demand | Stopped]) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (HidBatt [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (HpSAMD [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (hwdatacard [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwpolicy [Boot | Running]) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (iaStorV [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (iirsp [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (itecir [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\itecir.sys (ITE Tech. Inc. )
DRV - (KSecPkg [Boot | Running]) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_FC [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (LSI_SAS2 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (LSI_SCSI [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (megasas [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (MegaSR [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mshidkmdf [On_Demand | Stopped]) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (NdisCap [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ndiscap.sys (Microsoft Corporation)
DRV - (nfrd960 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (nvraid [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (pcw [Boot | Running]) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (ql2300 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (RasAgileVpn [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AgileVpn.sys (Microsoft Corporation)
DRV - (rdpbus [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP [System | Running]) -- C:\Windows\System32\drivers\rdprefmp.sys (Microsoft Corporation)
DRV - (rdyboost [Boot | Running]) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (RTL8167 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rt86win7.sys (Realtek Corporation )
DRV - (s3cap [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (scfilter [Unknown | Stopped]) -- C:\Windows\System32\DRIVERS\scfilter.sys (Microsoft Corporation)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (smserial [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\smserial.sys (Motorola Inc.)
DRV - (sptd [Boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (stexstor [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (storflt [Boot | Running]) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (UmPass [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (vdrvroot [Boot | Running]) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (vhdmp [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (viaide [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (vmbus [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (VMBusHID [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (vsmraid [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vwifibus [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\vwifibus.sys (Microsoft Corporation)
DRV - (vwififlt [System | Running]) -- C:\Windows\System32\DRIVERS\vwififlt.sys (Microsoft Corporation)
DRV - (WfpLwf [System | Running]) -- C:\Windows\System32\DRIVERS\wfplwf.sys (Microsoft Corporation)
DRV - (WIMMount [On_Demand | Stopped]) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} [Auto | Running]) -- C:\Program Files\CyberLink\PowerDVD8\000.fcl (Cyberlink Corp.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ant.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "seznam.cz"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:1.4
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: {b66bc4c3-6d25-4a10-8c59-01daa9063051}:1.5.1
FF - prefs.js..extensions.enabledItems: {71bfcce7-421d-4042-95d4-a585a821cbca}:2.1.10
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.5.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.04.22 10:55:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.08.07 20:15:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.08.07 20:15:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.07.16 23:57:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009.07.04 20:40:33 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\mozilla\Extensions
[2009.07.04 20:40:33 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.08.13 08:30:21 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\mozilla\Firefox\Profiles\6jbynplu.default\extensions
[2009.07.04 20:58:45 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\mozilla\Firefox\Profiles\6jbynplu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.08.07 17:31:37 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\mozilla\Firefox\Profiles\6jbynplu.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2009.07.04 21:17:16 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\mozilla\Firefox\Profiles\6jbynplu.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2009.07.14 20:00:53 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\mozilla\Firefox\Profiles\6jbynplu.default\extensions\{71bfcce7-421d-4042-95d4-a585a821cbca}
[2009.07.04 21:08:01 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\mozilla\Firefox\Profiles\6jbynplu.default\extensions\{b66bc4c3-6d25-4a10-8c59-01daa9063051}
[2009.07.18 23:33:11 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\mozilla\Firefox\Profiles\6jbynplu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.07.31 10:22:37 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\mozilla\Firefox\Profiles\6jbynplu.default\extensions\anttoolbar@ant.com
[2009.08.12 22:30:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.08.07 20:15:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.07.05 02:36:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009.08.07 20:15:29 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009.08.07 20:15:29 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009.07.05 02:36:09 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009.08.07 20:15:29 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006.10.26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009.07.25 10:27:52 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009.07.25 10:27:52 | 00,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2009.07.25 10:27:52 | 00,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2009.07.25 10:27:52 | 00,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2009.07.25 10:27:52 | 00,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2009.07.25 10:27:52 | 00,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: (824 bytes) - C:\Windows\System32\drivers\etc\Hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Google Update] C:\Users\Migu3L\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
F3 - HKLM WinNT: Run - (C:\Windows\system32\portmap.exe) - C:\Windows\System32\portmap.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_10)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.20 17:42:25 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{62d98291-68fa-11de-998b-00030d8e8052}\Shell - "" = AutoRun
O33 - MountPoints2\{62d98291-68fa-11de-998b-00030d8e8052}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{62d98291-68fa-11de-998b-00030d8e8052}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe -- File not found
O33 - MountPoints2\{889f2016-76ea-11de-ae5a-00030d8e8052}\Shell - "" = AutoRun
O33 - MountPoints2\{889f2016-76ea-11de-ae5a-00030d8e8052}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{889f201d-76ea-11de-ae5a-00030d8e8052}\Shell - "" = AutoRun
O33 - MountPoints2\{889f201d-76ea-11de-ae5a-00030d8e8052}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
Nahoru
Migu3L
nováček
Příspěvky: 21
Registrován: srpen 09
Pohlaví: Muž
Stav:
Offline

Re: trojan-spy.Win32.zbot.ikh

Příspěvekod Migu3L » 13 srp 2009 21:17

OTL.txt 2/2

========== Files/Folders - Created Within 30 Days ==========

[2009.08.13 20:16:16 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Migu3L\Desktop\OTL.exe
[2009.08.13 18:54:40 | 00,000,000 | ---D | C] -- C:\Users\Migu3L\AppData\Roaming\Malwarebytes
[2009.08.13 18:54:38 | 00,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.08.13 18:54:35 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.08.13 18:54:34 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.08.13 18:54:34 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.08.13 18:54:34 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009.08.13 18:53:37 | 03,942,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Migu3L\Desktop\mbam-setup.exe
[2009.08.13 17:30:08 | 00,001,124 | ---- | C] () -- C:\Users\Migu3L\Desktop\DrWeb.csv
[2009.08.13 15:26:46 | 15,520,408 | ---- | C] (Doctor Web, Ltd.) -- C:\Users\Migu3L\Desktop\launch.exe
[2009.08.13 14:06:49 | 03,124,187 | ---- | C] () -- C:\Users\Migu3L\Desktop\ComboFix.exe
[2009.08.13 14:06:36 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf
[2009.08.13 14:06:28 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009.08.13 14:03:30 | 00,002,045 | ---- | C] () -- C:\Users\Migu3L\Desktop\HijackThis.lnk
[2009.08.13 14:03:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009.08.13 08:33:52 | 00,299,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009.08.12 11:03:07 | 00,000,000 | ---D | C] -- C:\Users\Migu3L\AppData\Roaming\Opera
[2009.08.12 11:03:07 | 00,000,000 | ---D | C] -- C:\Users\Migu3L\AppData\Local\Opera
[2009.08.10 22:25:44 | 00,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2009.08.10 11:28:30 | 00,000,000 | ---D | C] -- C:\Users\Migu3L\Desktop\Pardubice rozpis
[2009.08.07 20:59:09 | 00,000,091 | ---- | C] () -- C:\Windows\CIV.INI
[2009.08.06 16:57:00 | 00,001,948 | ---- | C] () -- C:\Users\Migu3L\Desktop\DOSBox 0.72.lnk
[2009.08.06 16:56:59 | 00,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.72
[2009.07.30 18:15:18 | 00,000,000 | ---D | C] -- C:\Users\Migu3L\AppData\Roaming\Ahead
[2009.07.29 09:59:31 | 10,974,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009.07.29 09:59:30 | 05,954,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009.07.22 22:02:33 | 00,000,000 | ---D | C] -- C:\Users\Migu3L\AppData\Roaming\Vodafone
[2009.07.22 22:02:31 | 00,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2009.07.22 22:02:29 | 00,101,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2009.07.22 22:02:21 | 00,000,000 | ---D | C] -- C:\Users\Migu3L\AppData\Local\Programs
[2009.07.22 22:02:09 | 00,002,755 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
[2009.07.22 22:02:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Vodafone
[2009.07.22 22:02:03 | 00,000,000 | ---D | C] -- C:\Program Files\Vodafone
[2009.07.22 22:02:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009.07.22 22:01:36 | 00,000,000 | ---D | C] -- C:\Users\Migu3L\AppData\Local\{964CEE3F-13E8-4AC2-B7DF-F35C205D6334}
[2009.07.20 22:35:24 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009.07.20 17:39:53 | 00,000,933 | ---- | C] () -- C:\Users\Migu3L\Desktop\HLSW.lnk
[2009.07.20 17:38:23 | 00,000,000 | ---D | C] -- C:\Users\Migu3L\AppData\Roaming\Xfire
[2009.07.20 17:38:22 | 00,000,927 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2009.07.20 17:38:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2009.07.20 17:38:20 | 00,000,000 | ---D | C] -- C:\Program Files\Xfire
[2009.07.18 19:15:42 | 00,001,048 | ---- | C] () -- C:\Users\Migu3L\Desktop\Frozen Throne – zástupce.lnk
[2009.07.17 23:51:13 | 00,000,000 | ---D | C] -- C:\ProgramData\ATI
[2009.07.17 23:48:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2009.07.17 23:46:13 | 00,000,000 | ---D | C] -- C:\ATI
[2009.07.17 00:54:14 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009.07.16 23:57:46 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.16 23:57:45 | 00,000,000 | ---D | C] -- C:\Users\Migu3L\AppData\Roaming\Thunderbird
[2009.07.16 23:57:45 | 00,000,000 | ---D | C] -- C:\Users\Migu3L\AppData\Local\Thunderbird
[2009.07.16 23:57:42 | 00,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2009.07.16 23:57:39 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2009.07.16 22:31:04 | 00,000,000 | ---D | C] -- C:\Users\Migu3L\AppData\Local\Microsoft Games
[2009.07.16 03:43:35 | 00,000,945 | ---- | C] () -- C:\Users\Migu3L\Desktop\Garena.lnk
[2009.07.16 03:43:27 | 00,001,010 | ---- | C] () -- C:\Users\Migu3L\Desktop\dotakeys.lnk
[2009.07.16 02:19:09 | 00,000,000 | ---D | C] -- C:\Windows\Eurobattle.net
[2009.07.15 16:39:05 | 00,000,000 | ---D | C] -- C:\Program Files\Motorola
[2009.07.15 16:38:17 | 00,291,582 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2009.07.15 16:38:16 | 00,625,514 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2009.07.15 16:38:16 | 00,119,752 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2009.07.15 16:38:16 | 00,036,010 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2009.07.15 16:37:30 | 00,000,000 | ---D | C] -- C:\Windows\cs-CZ
[2009.07.15 16:37:27 | 00,000,000 | ---D | C] -- C:\Windows\System32\cs
[2009.07.15 16:37:12 | 00,000,000 | ---D | C] -- C:\Windows\System32\XPSViewer
[2009.07.15 16:37:11 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\cs-CZ
[2009.07.15 16:33:11 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\volsnap.sys.mui
[2009.07.15 16:33:11 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\usbport.sys.mui
[2009.07.15 16:33:11 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\usbhub.sys.mui
[2009.07.15 16:33:11 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vhdmp.sys.mui
[2009.07.15 16:33:11 | 00,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\cs-CZ\pscr.sys.mui
[2009.07.15 16:33:11 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\tpm.sys.mui
[2009.07.15 16:33:11 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\portcls.sys.mui
[2009.07.15 16:33:11 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\umbus.sys.mui
[2009.07.15 16:33:11 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\serscan.sys.mui
[2009.07.15 16:33:11 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\wd.sys.mui
[2009.07.15 16:33:08 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\pcmcia.sys.mui
[2009.07.15 16:33:07 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\mpio.sys.mui
[2009.07.15 16:33:07 | 00,033,792 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\cs-CZ\yk62x86.sys.mui
[2009.07.15 16:33:07 | 00,020,992 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\cs-CZ\e1y6032.sys.mui
[2009.07.15 16:33:07 | 00,020,992 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\cs-CZ\e1e6032.sys.mui
[2009.07.15 16:33:07 | 00,017,920 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\cs-CZ\E1G60I32.sys.mui
[2009.07.15 16:33:07 | 00,012,800 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\cs-CZ\k57nd60x.sys.mui
[2009.07.15 16:33:07 | 00,012,800 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\cs-CZ\b57nd60x.sys.mui
[2009.07.15 16:33:07 | 00,011,264 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\cs-CZ\e1q6032.sys.mui
[2009.07.15 16:33:07 | 00,010,752 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\cs-CZ\e1k6032.sys.mui
[2009.07.15 16:33:07 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\serial.sys.mui
[2009.07.15 16:33:07 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\i8042prt.sys.mui
[2009.07.15 16:33:07 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\msdsm.sys.mui
[2009.07.15 16:33:07 | 00,005,632 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\cs-CZ\bcm4sbxp.sys.mui
[2009.07.15 16:33:07 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\sermouse.sys.mui
[2009.07.15 16:33:07 | 00,005,120 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\cs-CZ\e100b325.sys.mui
[2009.07.15 16:33:07 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\mouclass.sys.mui
[2009.07.15 16:33:07 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\parport.sys.mui
[2009.07.15 16:33:07 | 00,003,072 | ---- | C] (VIA Technologies, Inc. ) -- C:\Windows\System32\drivers\cs-CZ\getn62.sys.mui
[2009.07.15 16:33:07 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\rndismpx.sys.mui
[2009.07.15 16:33:07 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\rndismp6.sys.mui
[2009.07.15 16:33:07 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\ataport.sys.mui
[2009.07.15 16:33:07 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vwifibus.sys.mui
[2009.07.15 16:33:07 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\parvdm.sys.mui
[2009.07.15 16:33:07 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\MTConfig.sys.mui
[2009.07.15 16:33:07 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\mouhid.sys.mui
[2009.07.15 16:33:07 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\amdide.sys.mui
[2009.07.15 16:33:06 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\afd.sys.mui
[2009.07.15 16:33:05 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\bfe.dll.mui
[2009.07.15 16:33:05 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\wdf01000.sys.mui
[2009.07.15 16:33:05 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\ws2ifsl.sys.mui
[2009.07.15 16:33:04 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\tcpip.sys.mui
[2009.07.15 16:33:04 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\tunnel.sys.mui
[2009.07.15 16:33:04 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\modem.sys.mui
[2009.07.15 16:33:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\usbrpm.sys.mui
[2009.07.15 16:33:02 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\fvevol.sys.mui
[2009.07.15 16:33:02 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\scfilter.sys.mui
[2009.07.15 16:33:01 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\rdbss.sys.mui
[2009.07.15 16:33:00 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\pacer.sys.mui
[2009.07.15 16:33:00 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\qwavedrv.sys.mui
[2009.07.15 16:33:00 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\partmgr.sys.mui
[2009.07.15 16:32:59 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\ntfs.sys.mui
[2009.07.15 16:32:59 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\nwifi.sys.mui
[2009.07.15 16:32:58 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\ndis.sys.mui
[2009.07.15 16:32:58 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\ndisuio.sys.mui
[2009.07.15 16:32:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\ndiscap.sys.mui
[2009.07.15 16:32:55 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\luafv.sys.mui
[2009.07.15 16:32:55 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\mountmgr.sys.mui
[2009.07.15 16:32:53 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\http.sys.mui
[2009.07.15 16:32:51 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\fltmgr.sys.mui
[2009.07.15 16:32:50 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\volmgrx.sys.mui
[2009.07.15 16:32:48 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\pnpmem.sys.mui
[2009.07.15 16:32:47 | 00,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\cs-CZ\BrSerIb.sys.mui
[2009.07.15 16:32:47 | 00,009,728 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\cs-CZ\ltmdmnt.sys.mui
[2009.07.15 16:32:47 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\pci.sys.mui
[2009.07.15 16:32:47 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\IPMIDrv.sys.mui
[2009.07.15 16:32:47 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vdrvroot.sys.mui
[2009.07.15 16:32:47 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\kbdclass.sys.mui
[2009.07.15 16:32:47 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\isapnp.sys.mui
[2009.07.15 16:32:47 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\mssmbios.sys.mui
[2009.07.15 16:32:47 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\VIAAGP.SYS.mui
[2009.07.15 16:32:47 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\ULIAGPKX.SYS.mui
[2009.07.15 16:32:47 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\SISAGP.SYS.mui
[2009.07.15 16:32:47 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\NV_AGP.SYS.mui
[2009.07.15 16:32:47 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\kbdhid.sys.mui
[2009.07.15 16:32:47 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\AMDAGP.SYS.mui
[2009.07.15 16:32:47 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\AGP440.sys.mui
[2009.07.15 16:32:46 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\viac7.sys.mui
[2009.07.15 16:32:46 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\processr.sys.mui
[2009.07.15 16:32:46 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\intelppm.sys.mui
[2009.07.15 16:32:46 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\amdppm.sys.mui
[2009.07.15 16:32:46 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\amdk8.sys.mui
[2009.07.15 16:32:46 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\battc.sys.mui
[2009.07.15 16:32:46 | 00,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\cs-CZ\BrSerId.sys.mui
[2009.07.15 16:32:46 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\bthport.sys.mui
[2009.07.15 16:32:46 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\bthpan.sys.mui
[2009.07.15 16:32:46 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\wacompen.sys.mui
[2009.07.15 16:32:46 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\hdaudbus.sys.mui
[2009.07.15 16:32:46 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\HdAudio.sys.mui
[2009.07.15 16:32:46 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\hidbth.sys.mui
[2009.07.15 16:32:46 | 00,003,072 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\cs-CZ\atikmdag.sys.mui
[2009.07.15 16:32:46 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\Dot4usb.sys.mui
[2009.07.15 16:32:46 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\BTHUSB.SYS.mui
[2009.07.15 16:32:46 | 00,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\cs-CZ\BrParwdm.sys.mui
[2009.07.15 16:32:46 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\disk.sys.mui
[2009.07.15 16:32:46 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\cdrom.sys.mui
[2009.07.15 16:32:46 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\bthenum.sys.mui
[2009.07.15 16:32:45 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\ohci1394.sys.mui
[2009.07.15 16:32:45 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\1394ohci.sys.mui
[2009.07.15 16:32:45 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\acpi.sys.mui
[2009.07.15 16:32:45 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\UAGP35.SYS.mui
[2009.07.15 16:32:45 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\GAGP30KX.SYS.mui
[2009.07.15 16:27:27 | 00,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2009.07.15 16:27:27 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys
[2009.07.15 16:27:27 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.15 16:27:27 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys
[2009.07.15 13:30:09 | 00,000,000 | ---D | C] -- C:\Users\Migu3L\AppData\Roaming\SView5
[2009.07.15 12:51:36 | 00,189,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2009.07.15 12:07:30 | 00,000,000 | --SD | C] -- C:\Program Files\HLSW
[2009.07.15 12:07:30 | 00,000,000 | ---D | C] -- C:\Users\Migu3L\AppData\Roaming\HLSW
[2009.07.08 01:56:18 | 00,041,808 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009.07.05 15:00:34 | 00,139,584 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.07.05 14:59:52 | 00,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009.07.05 11:23:17 | 00,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.07.05 02:05:45 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.05.16 05:22:51 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.04.22 07:58:02 | 00,000,478 | ---- | C] () -- C:\Windows\win.ini
[2009.04.22 07:58:02 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009.04.22 05:50:07 | 00,073,216 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.04.22 05:40:32 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== Files - Modified Within 30 Days ==========

[2009.08.13 20:44:57 | 01,453,580 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.08.13 20:44:57 | 00,625,514 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2009.08.13 20:44:57 | 00,610,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.08.13 20:44:57 | 00,119,752 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2009.08.13 20:44:57 | 00,104,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.08.13 20:37:00 | 00,000,966 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2133983501-503862174-1491650278-1000UA.job
[2009.08.13 20:07:44 | 00,013,392 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009.08.13 20:07:44 | 00,013,392 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009.08.13 20:00:20 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.08.13 20:00:06 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.08.13 19:59:55 | 16,093,75744 | -HS- | M] () -- C:\hiberfil.sys
[2009.08.13 19:59:22 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Migu3L\Desktop\OTL.exe
[2009.08.13 18:54:38 | 00,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.08.13 18:51:58 | 03,942,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Migu3L\Desktop\mbam-setup.exe
[2009.08.13 17:30:08 | 00,001,124 | ---- | M] () -- C:\Users\Migu3L\Desktop\DrWeb.csv
[2009.08.13 15:24:20 | 15,520,408 | ---- | M] (Doctor Web, Ltd.) -- C:\Users\Migu3L\Desktop\launch.exe
[2009.08.13 14:06:37 | 00,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf
[2009.08.13 14:03:30 | 00,002,045 | ---- | M] () -- C:\Users\Migu3L\Desktop\HijackThis.lnk
[2009.08.13 13:56:04 | 03,124,187 | ---- | M] () -- C:\Users\Migu3L\Desktop\ComboFix.exe
[2009.08.11 01:48:41 | 00,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2133983501-503862174-1491650278-1000Core.job
[2009.08.08 17:39:39 | 00,000,091 | ---- | M] () -- C:\Windows\CIV.INI
[2009.08.06 16:57:00 | 00,001,948 | ---- | M] () -- C:\Users\Migu3L\Desktop\DOSBox 0.72.lnk
[2009.08.03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.08.03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.07.25 08:09:12 | 05,954,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009.07.25 08:08:01 | 10,974,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009.07.22 22:02:09 | 00,002,755 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
[2009.07.20 22:35:24 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009.07.20 17:39:53 | 00,000,933 | ---- | M] () -- C:\Users\Migu3L\Desktop\HLSW.lnk
[2009.07.20 17:38:22 | 00,000,927 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2009.07.20 11:55:09 | 00,139,584 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.07.20 11:55:00 | 00,189,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2009.07.20 11:55:00 | 00,189,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
[2009.07.18 19:15:42 | 00,001,048 | ---- | M] () -- C:\Users\Migu3L\Desktop\Frozen Throne – zástupce.lnk
[2009.07.18 05:28:21 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009.07.16 23:57:46 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009.07.16 23:57:42 | 00,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2009.07.16 03:43:35 | 00,000,945 | ---- | M] () -- C:\Users\Migu3L\Desktop\Garena.lnk
[2009.07.16 03:43:27 | 00,001,010 | ---- | M] () -- C:\Users\Migu3L\Desktop\dotakeys.lnk
[2009.07.15 16:36:48 | 00,291,582 | ---- | M] () -- C:\Windows\System32\perfi005.dat
[2009.07.15 16:36:48 | 00,036,010 | ---- | M] () -- C:\Windows\System32\perfd005.dat
[2009.07.15 12:17:25 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe

========== LOP Check ==========

[2009.08.13 18:54:40 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming
[2009.07.30 18:15:18 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\Ahead
[2009.07.05 15:22:23 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\ATI
[2009.07.05 10:36:14 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\CyberLink
[2009.07.05 02:28:23 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\DAEMON Tools
[2009.07.05 02:28:23 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\DAEMON Tools Lite
[2009.07.05 11:50:51 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\GHISLER
[2009.07.04 21:48:56 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\GRETECH
[2009.07.20 17:39:59 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\HLSW
[2009.04.22 12:24:12 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\Media Center Programs
[2009.08.12 11:03:07 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\Opera
[2009.07.15 13:30:09 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\SView5
[2009.07.16 23:57:46 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\Thunderbird
[2009.07.22 22:02:33 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\Vodafone
[2009.07.24 21:28:25 | 00,000,000 | ---D | M] -- C:\Users\Migu3L\AppData\Roaming\Xfire
[2009.08.11 01:48:41 | 00,000,914 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2133983501-503862174-1491650278-1000Core.job
[2009.08.13 20:37:00 | 00,000,966 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2133983501-503862174-1491650278-1000UA.job
[2009.08.13 20:00:20 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009.04.22 10:27:21 | 00,026,258 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >


Extras.txt

OTL Extras logfile created on: 13.8.2009 21:00:56 - Run 1
OTL by OldTimer - Version 3.0.10.6 Folder = C:\Users\Migu3L\Desktop
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,36% Memory free
4,00 Gb Paging File | 3,11 Gb Available in Paging File | 77,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70,48 Gb Total Space | 31,36 Gb Free Space | 44,50% Space Free | Partition Type: NTFS
Drive D: | 150,68 Gb Total Space | 138,13 Gb Free Space | 91,67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIGU3L
Current User Name: Migu3L
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0ADF67A4-4E1A-5CD6-D07B-FE4CE9AE4CC7}" = ccc-core-static
"{1724C8B7-FE78-DCCB-C931-0CECE15E1186}" = CCC Help Chinese Standard
"{1847F009-CE79-3ACA-699C-1D4C7C0DA1BF}" = CCC Help Norwegian
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
"{29F405DD-97B3-047F-1097-3B91872BBE87}" = CCC Help Polish
"{2A1E2E7F-8B47-2FEE-F28E-B53D9ABD5A28}" = Catalyst Control Center Graphics Light
"{2B59A2CC-459D-BE4C-CE8B-C426EDA2D4F2}" = CCC Help Czech
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2DE6ADB0-58E2-3B8F-2F29-81C641B25C0C}" = ccc-utility
"{32A3A4F4-B792-11D6-A78A-00B0D0160100}" = Java(TM) SE Development Kit 6 Update 10
"{3EC4E3B7-0555-7FF7-FDA9-1FFAE3E81F49}" = ATI MCE Encoder
"{42CBFCF3-7B6C-2C23-7C27-9D5575827DE5}" = CCC Help Danish
"{44EE1D8B-49FC-D385-A85C-7FFE6B792331}" = CCC Help Russian
"{45B02038-639D-A8E9-B01C-54AF9F3950F3}" = Catalyst Control Center HydraVision Full
"{55B3DDE7-F38B-5A66-6C90-E377B1B30755}" = CCC Help Thai
"{5F55BC38-D963-9C93-4EF3-21E03E8EF592}" = Catalyst Control Center Graphics Previews Common
"{607C3599-45AB-B333-668D-0AA8A9294698}" = Catalyst Control Center Localization All
"{609E8DAE-880F-0BB0-08FF-7FEA19DB1B8A}" = CCC Help Italian
"{639A8CE9-B1D4-1733-C99D-10DFD208BE05}" = CCC Help German
"{69EED970-054C-65F7-9BF1-75FCA773A401}" = ATI Catalyst Install Manager
"{6AFBCEE1-442E-84BD-F43F-AD345D0E6ADE}" = Catalyst Control Center Graphics Full Existing
"{6DE416CA-764D-2E86-3282-6B7D5C67B042}" = CCC Help English
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73DA5340-024C-7D5C-622B-54DE1AEA8FAC}" = Catalyst Control Center Graphics Previews Vista
"{7798D30D-99A4-5692-E63B-79DA1D3B6DE9}" = CCC Help French
"{7E7EFE9E-96F6-AFD8-C2BE-431CE40500D1}" = CCC Help Chinese Traditional
"{81CB66FE-D19E-D540-8F12-6B30608B1F58}" = CCC Help Turkish
"{81CD6232-10F5-4832-B3DA-1B88B1571029}" = Nero 7 Essentials
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A227997-35F3-FE09-0B8A-EEE31150D7B0}" = CCC Help Japanese
"{8B3776EC-5F0A-4996-A7DF-BB5DA95B240E}" = Vodafone Mobile Connect Lite
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00B2-0405-0000-0000000FF1CE}" = Doplněk Microsoft Save as PDF or XPS pro aplikace sady Microsoft Office 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{908B4902-9BD1-EC1D-4D74-66B6E7649FB9}" = CCC Help Spanish
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{974F693E-7F14-7391-E95F-CD5162DD06B1}" = CCC Help Swedish
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F8963C-0CBA-3478-3A14-5DC4B9BFA03B}" = CCC Help Hungarian
"{A3633A05-6BC5-97B0-FAE9-0E5EFA1E8005}" = CCC Help Dutch
"{A4B096F7-6ABE-D09A-7F95-A1F30FD1A1AA}" = CCC Help Finnish
"{ABE3461D-9631-7E34-4CD6-44272EA132D1}" = CCC Help Korean
"{AF54EDCD-1631-B573-B447-A2618BA41590}" = Catalyst Control Center Graphics Full New
"{BD5119A4-5D00-86A5-3002-BB4148A76C22}" = Catalyst Control Center Core Implementation
"{C86359C7-0974-F988-D198-F1633D23C44B}" = Catalyst Control Center InstallProxy
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{DEC85AEE-6EFA-1D9C-4CE7-4347742AF2C5}" = CCC Help Greek
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E465A033-BBE7-937F-E110-3AF1673721D4}" = CCC Help Portuguese
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.702
"Czech Soccer Manager 2002 Final Editionverze 4.0 (31.3.2006)" = Czech Soccer Manager 2002 Final Edition
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eurobattle.net2.0" = Eurobattle.net
"ExtractNow_is1" = ExtractNow
"Foxit Reader" = Foxit Reader
"GOM Player" = GOM Player
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.3.2.1
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mathcad 2000 Professional" = Mathcad 2000 Professional
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"nbi-glassfish-2.0.2.4.20080515" = GlassFish V2 UR2
"nbi-nb-base-6.1.0.1.200805300101" = NetBeans IDE 6.1
"OpenTTD" = OpenTTD 0.5.3
"PSPad editor_is1" = PSPad editor
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SopCast" = SopCast 3.0.3
"Totalcmd" = Total Commander (Remove or Repair)
"Winamp" = Winamp
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"QIP 2005" = QIP 2005 8092

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 13.8.2009 5:53:02 | Computer Name = Migu3L | Source = avast! | ID = 33554522
Description = Nastala interní chyba v modulu aswar scan function failed!, funkce
00000002.

Error - 13.8.2009 6:53:23 | Computer Name = Migu3L | Source = avast! | ID = 33554522
Description = Chyba v aswChestC: chestOpenList Error 1753.

Error - 13.8.2009 6:53:23 | Computer Name = Migu3L | Source = avast! | ID = 33554522
Description = aswChestInterface - Program vyvolal nestandardní stav. Informace o
chybě: CChestListView::LoadFiles() chestOpenList() failed: 2147422219.

[ Application Events ]
Error - 13.8.2009 4:06:02 | Computer Name = Migu3L | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 13.8.2009 5:30:43 | Computer Name = Migu3L | Source = Application Error | ID = 1000
Description = Název chybující aplikace: frog.exe, verze: 0.0.0.0, časové razítko:
0x4a663ab7 Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód
výjimky: 0xc0000005 Posun chyby: 0x00000000 ID chybujícího procesu: 0xd08 Čas spuštění
chybující aplikace: 0x01ca1bf8b8da46ab Cesta k chybující aplikaci: C:\Users\Migu3L\Desktop\Download\frog\frog.exe
Cesta
k chybujícímu modulu: unknown ID zprávy: f86e6d07-87eb-11de-ac9d-00030d8e8052

Error - 13.8.2009 5:35:43 | Computer Name = Migu3L | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 13.8.2009 5:38:13 | Computer Name = Migu3L | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 13.8.2009 5:40:44 | Computer Name = Migu3L | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 13.8.2009 5:42:23 | Computer Name = Migu3L | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 13.8.2009 5:43:08 | Computer Name = Migu3L | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 13.8.2009 6:55:09 | Computer Name = Migu3L | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 13.8.2009 14:00:34 | Computer Name = Migu3L | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 13.8.2009 14:00:53 | Computer Name = Migu3L | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 13.8.2009 5:48:34 | Computer Name = Migu3L | Source = Service Control Manager | ID = 7001
Description = Služba Network List Service závisí na službě Network Location Awareness,
která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 13.8.2009 5:48:34 | Computer Name = Migu3L | Source = Service Control Manager | ID = 7001
Description = Služba Network List Service závisí na službě Network Location Awareness,
která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 13.8.2009 5:48:34 | Computer Name = Migu3L | Source = Service Control Manager | ID = 7001
Description = Služba Network List Service závisí na službě Network Location Awareness,
která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 13.8.2009 5:48:34 | Computer Name = Migu3L | Source = Service Control Manager | ID = 7001
Description = Služba Network List Service závisí na službě Network Location Awareness,
která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 13.8.2009 5:48:34 | Computer Name = Migu3L | Source = Service Control Manager | ID = 7001
Description = Služba Network List Service závisí na službě Network Location Awareness,
která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 13.8.2009 6:57:09 | Computer Name = Migu3L | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: aswSP discache spldr Wanarpv6

Error - 13.8.2009 7:02:18 | Computer Name = Migu3L | Source = DCOM | ID = 10005
Description =

Error - 13.8.2009 7:02:25 | Computer Name = Migu3L | Source = DCOM | ID = 10005
Description =

Error - 13.8.2009 7:02:28 | Computer Name = Migu3L | Source = DCOM | ID = 10005
Description =

Error - 13.8.2009 7:02:28 | Computer Name = Migu3L | Source = DCOM | ID = 10005
Description =


< End of report >
Nahoru
Uživatelský avatar
Damned
Tvůrce článků
Master Level 9
Master Level 9
Příspěvky: 8353
Registrován: prosinec 06
Bydliště: Rokycany
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Damned

Re: trojan-spy.Win32.zbot.ikh

Příspěvekod Damned » 13 srp 2009 21:42

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O33 - MountPoints2\{62d98291-68fa-11de-998b-00030d8e8052}\Shell - "" = AutoRun
O33 - MountPoints2\{62d98291-68fa-11de-998b-00030d8e8052}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{62d98291-68fa-11de-998b-00030d8e8052}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe -- File not found
O33 - MountPoints2\{889f2016-76ea-11de-ae5a-00030d8e8052}\Shell - "" = AutoRun
O33 - MountPoints2\{889f2016-76ea-11de-ae5a-00030d8e8052}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{889f201d-76ea-11de-ae5a-00030d8e8052}\Shell - "" = AutoRun
O33 - MountPoints2\{889f201d-76ea-11de-ae5a-00030d8e8052}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found

:Files
C:\Windows\tasks\SA.DAT

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Nahoru
Migu3L
nováček
Příspěvky: 21
Registrován: srpen 09
Pohlaví: Muž
Stav:
Offline

Re: trojan-spy.Win32.zbot.ikh

Příspěvekod Migu3L » 13 srp 2009 22:08

Tak zde mas ten log po restartu

All processes killed
Error: Unable to interpret <:OTLI> in the current context!
Error: Unable to interpret <PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{62d98291-68fa-11de-998b-00030d8e8052}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{62d98291-68fa-11de-998b-00030d8e8052}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe -- File not found> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{62d98291-68fa-11de-998b-00030d8e8052}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe -- File not found> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{889f2016-76ea-11de-ae5a-00030d8e8052}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{889f2016-76ea-11de-ae5a-00030d8e8052}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{889f201d-76ea-11de-ae5a-00030d8e8052}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{889f201d-76ea-11de-ae5a-00030d8e8052}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found> in the current context!
Error: Unable to interpret <O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found> in the current context!
========== FILES ==========
C:\Windows\tasks\SA.DAT moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Amilo

User: Default
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes

User: Migu3L
->Temp folder emptied: 41004490 bytes
->Java cache emptied: 1663651 bytes
->FireFox cache emptied: 45790501 bytes
->Google Chrome cache emptied: 6181449 bytes
->Opera cache emptied: 1441174 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Windows Temp folder emptied: 3367000 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 94,84 mb


OTL by OldTimer - Version 3.0.10.6 log created on 08132009_215655

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Nahoru
Uživatelský avatar
Damned
Tvůrce článků
Master Level 9
Master Level 9
Příspěvky: 8353
Registrován: prosinec 06
Bydliště: Rokycany
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Damned

Re: trojan-spy.Win32.zbot.ikh

Příspěvekod Damned » 13 srp 2009 22:21

Velmi dobře. Vlož mi sem ještě nový log z HijackThis.
*****************************************************************************************************************************************
Start-spustit-napiš: notepad a dej OK. Do něho vlož tento celý (bledě zelený) text:

Kód: Vybrat vše

dir \portmap.exe /a h /s > File.txt

uložit na plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Nahoru
Migu3L
nováček
Příspěvky: 21
Registrován: srpen 09
Pohlaví: Muž
Stav:
Offline

Re: trojan-spy.Win32.zbot.ikh

Příspěvekod Migu3L » 13 srp 2009 22:40

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:35:10, on 13.8.2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Migu3L\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{23F208A5-7DFD-49AA-B6FC-398AB1BE1C7D}: NameServer = 10.107.10.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 5309 bytes
Nahoru
Migu3L
nováček
Příspěvky: 21
Registrován: srpen 09
Pohlaví: Muž
Stav:
Offline

Re: trojan-spy.Win32.zbot.ikh

Příspěvekod Migu3L » 13 srp 2009 22:42

File.txt
Svazek v jednotce C je system.
S‚riov‚ źˇslo svazku je 03A4-D87D.
Nahoru
Uživatelský avatar
Damned
Tvůrce článků
Master Level 9
Master Level 9
Příspěvky: 8353
Registrován: prosinec 06
Bydliště: Rokycany
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Damned

Re: trojan-spy.Win32.zbot.ikh

Příspěvekod Damned » 13 srp 2009 22:52

No, řekl bych, že je tu už v pořádku. Win7 je nový, ještě ho neznám, ale toho šmejda tam už nikde nevidím.

OTL i jeho složku můžeš smazat.

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found,
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
pak klik empty selected.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Kdyby něco, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se. :bigups:
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Nahoru
Zamčeno

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 7 hostů