PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

Dlouhý start XP

https://pc-help.cnews.cz/viewtopic.php?f=70&t=72872

Stránka 1 z 3

Dlouhý start XP

Napsal: 02 zář 2011 20:56
od milancz
Ahoj, mám problém se startem XPček. Když naběhne plocha s ikonama trvá 5-6 min než můžu cokoli spustit. Pak vše naběhne a PC funguje normálně. Myslím že to bude nějaký červ, ale antivir ani antimalware nic nenašly :-(
Prosím o kontrolu logu z HJT. Díky

Re: Dlouhý start XP

Napsal: 02 zář 2011 20:59
od guest
Bez logu ti to asi nezkontrolují!

Re: Dlouhý start XP

Napsal: 02 zář 2011 21:03
od milancz
Hmm, to sem teda ... Díky

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:02:20, on 2.9.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
H:\transbase\tbmux32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9780596593
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Transbase - Transaction Software, D 81737 Munich - H:\transbase\tbmux32.exe

--
End of file - 7066 bytes

Re: Dlouhý start XP

Napsal: 02 zář 2011 22:03
od jaro3
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si na svojí plochu StartupLite .exe by MalwareBytes

Tento program identifikuje a dává volbu k odstranění nepotřebných položek k vyprázdnění paměti.
Poklepej na ikonu StartupLite.exe (by MalwareBytes ) ke spuštění programu. Ve vistě a windows 7 spusť jako správce (pravým klik na ikonu a vyber-spustit jako správce).Vytvoří se list nepotřebných vstupů po spuštění. Nech všechny položky jako deaktivované a klikni na Continue . Restartuj PC.


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

Re: Dlouhý start XP

Napsal: 03 zář 2011 06:57
od milancz
Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3.9.2011 6:56:19
mbam-log-2011-09-03 (06-56-19).txt

Typ: Rychlá kontrola
Kontrolované objekty: 169100
Uplynulý čas: 3 minut, 13 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)


Nicméně problém trvá..

Re: Dlouhý start XP

Napsal: 03 zář 2011 11:08
od jaro3
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Re: Dlouhý start XP

Napsal: 03 zář 2011 21:58
od milancz
ComboFix 11-09-03.01 - Milan Šindelář 03.09.2011 21:28:31.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1579 [GMT 2:00]
Spuštěný z: c:\documents and settings\Milan Őindelß°\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\dasetup.log
c:\windows\IsUn0405.exe
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
c:\windows\system32\winchap.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-03 do 2011-09-03 )))))))))))))))))))))))))))))))
.
.
2011-09-02 18:34 . 2011-09-02 18:34 0 ----a-w- c:\windows\ativpsrm.bin
2011-09-02 18:29 . 2011-09-02 18:29 -------- d-----w- C:\_OTL
2011-08-21 20:12 . 2011-08-21 20:12 -------- d---a-w- c:\windows\system32\runouce.exe
2011-08-21 20:12 . 2011-08-21 20:12 -------- d---a-w- c:\windows\rundll16.exe
2011-08-21 20:12 . 2011-08-21 20:12 -------- d---a-w- c:\windows\logo1_.exe
2011-08-21 20:06 . 2011-08-21 20:06 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-08-21 20:06 . 2011-08-21 20:06 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-08-21 20:06 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2011-08-21 20:06 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2011-08-21 20:06 . 2011-08-21 20:06 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-08-21 20:06 . 2011-08-21 20:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2011-08-21 19:34 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-21 19:34 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-21 19:34 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-21 19:34 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-21 19:34 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-21 19:34 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-08-21 19:34 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-08-21 19:34 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-21 19:33 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-21 19:33 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-10 16:34 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 16:34 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-09 20:31 . 2011-08-09 20:31 -------- d-----w- c:\program files\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-18 04:59 . 2011-05-16 17:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-18 12:00 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-18 12:00 10496 ------w- c:\windows\system32\drivers\ndistapi.sys
2011-07-08 04:12 . 2011-03-10 18:46 7023104 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-07-08 04:09 . 2009-09-30 02:08 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-07-08 03:45 . 2009-09-30 01:27 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-07-08 03:45 . 2009-09-30 01:27 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-07-08 03:42 . 2009-09-30 01:26 5111808 ----a-w- c:\windows\system32\aticaldd.dll
2011-07-08 03:38 . 2009-09-30 02:07 17989632 ----a-w- c:\windows\system32\atioglxx.dll
2011-07-08 03:23 . 2009-09-30 02:20 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-08 03:22 . 2008-04-14 03:21 302592 ----a-w- c:\windows\system32\ati2dvag.dll
2011-07-08 03:21 . 2008-04-14 03:21 4091648 ----a-w- c:\windows\system32\ati3duag.dll
2011-07-08 03:15 . 2011-07-24 12:33 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-07-08 03:05 . 2009-09-30 02:10 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-07-08 03:05 . 2009-09-30 02:10 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-07-08 03:04 . 2009-09-30 02:10 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-07-08 03:04 . 2009-09-30 02:10 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-07-08 03:04 . 2009-09-30 02:10 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-07-08 03:03 . 2009-09-30 02:08 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-07-08 03:03 . 2008-04-14 03:21 3155072 ----a-w- c:\windows\system32\ativvaxx.dll
2011-07-08 03:01 . 2009-09-30 02:07 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-07-08 03:00 . 2011-07-24 12:33 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-08 02:56 . 2009-09-30 01:30 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-07-08 02:53 . 2009-09-30 01:26 507904 ----a-w- c:\windows\system32\atiok3x2.dll
2011-07-08 02:53 . 2009-09-30 01:28 208896 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-08 02:52 . 2009-09-30 01:28 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-07-08 02:47 . 2008-04-14 03:21 868352 ----a-w- c:\windows\system32\ati2cqag.dll
2011-07-08 02:46 . 2009-10-02 02:32 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-07-08 02:46 . 2009-09-30 01:34 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-07-08 02:46 . 2009-09-30 01:27 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-07 21:37 . 2011-07-07 21:37 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-07-07 21:36 . 2011-07-07 21:36 13904896 ----a-w- c:\windows\system32\amdocl.dll
2011-07-06 17:52 . 2011-05-29 05:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-05-29 05:50 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10 . 2011-03-10 17:14 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2004-08-18 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-18 12:00 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-18 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-16 01:34 . 2011-06-16 01:34 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-16 01:34 . 2011-06-16 01:34 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-14 14:55 . 2011-07-24 12:36 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-06-09 10:03 . 2011-07-23 05:37 3486088 ----a-w- c:\program files\Common Files\ApnToolbarInstaller.exe
2011-06-09 10:03 . 2011-07-23 05:37 143240 ----a-w- c:\program files\Common Files\ApnStub.exe
2011-06-06 11:35 . 2004-08-18 12:00 1858944 ------w- c:\windows\system32\win32k.sys
2010-01-26 08:11 . 2011-04-18 19:23 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2011-09-01 19:27 . 2011-05-07 16:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}]
2009-11-06 23:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BDARemote.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BDARemote.lnk
backup=c:\windows\pss\BDARemote.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^E-Color.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\E-Color.lnk
backup=c:\windows\pss\E-Color.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk
backup=c:\windows\pss\Rychlé spuštění aplikace HP Image Zone.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Milan Šindelář^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Milan Šindelář\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiagAP8169]
c:\program files\MSI\LAN Utility\DiagAP8169 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-11 17:32 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-11-19 17:41 75048 ------w- c:\program files\CyberLink\Shared Files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrystalDiskInfo]
2010-12-31 09:40 1002456 ----a-w- c:\program files\CrystalDiskInfo\DiskInfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 14:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 12:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 11:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 09:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2009-04-27 16:50 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-07-06 13:22 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2004-09-23 11:41 860160 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 08:11 1388544 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-09-29 21:13 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2004-08-02 14:32 176128 ----a-w- c:\program files\WinFast\WFTVFM\WFWIZ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"h:\\javaclient\\jre1.5.0_11\\bin\\java.exe"=
"h:\\javaclient\\ETK.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57849:TCP"= 57849:TCP:Pando Media Booster
"57849:UDP"= 57849:UDP:Pando Media Booster
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21.8.2011 21:34 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.8.2011 21:34 309848]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/03/17 19:59];c:\program files\CyberLink\PowerDVD9\000.fcl [28.2.2009 20:40 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.8.2011 21:34 19544]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 15:39 490280]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27.1.2010 4:09 50704]
R2 Transbase;Transbase;h:\transbase\tbmux32.exe [3.4.2011 12:53 385024]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [24.7.2011 14:31 101392]
R3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [24.7.2011 14:35 433920]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.3.2011 21:51 136176]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [11.3.2011 0:01 209171]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [11.3.2011 0:01 9284]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [11.3.2011 0:01 36261]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10.3.2011 21:51 136176]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [10.5.2010 11:44 25912]
S3 NTIOLib_1_0_8;NTIOLib_1_0_8;c:\progra~1\MSI\MSIWDev\NTIOLib.sys [27.1.2011 15:43 7680]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [11.3.2011 0:05 9510]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: DhcpNameServer = 88.83.161.210 192.168.2.1
FF - ProfilePath - c:\documents and settings\Milan Šindelář\Data aplikací\Mozilla\Firefox\Profiles\ofuj1tmj.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-CTFMON - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-03 21:38
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2011-09-03 21:42:59
ComboFix-quarantined-files.txt 2011-09-03 19:42
.
Před spuštěním: Volných bajtů: 12 836 831 232
Po spuštění: Volných bajtů: 12 790 628 352
.
- - End Of File - - 0571FA471759EE93F84795F08C840E13

Re: Dlouhý start XP

Napsal: 03 zář 2011 22:25
od bledulka
Jak to vypadá s počítačem ted?

Re: Dlouhý start XP

Napsal: 03 zář 2011 22:51
od milancz
Je to malinko lepší, ale pořád musím čekat než něco naběhne..

Re: Dlouhý start XP

Napsal: 04 zář 2011 07:39
od bledulka
Odinstaluj combofix přes
Start >> Spustit zkopíruj do okénka:
ComboFix /Uninstall

stiskni Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


**********************************************

Stáhni T-Cleaner
http://tharifas.sweb.cz/T-Cleaner.exe

-Spusť,pro potvrzení volby mačkej klávesu A, Enter
-po použití prográmek vymaž.Pozor,antiviry ho mohou falešně označit za vir


************************************************

Stáhni OTL
http://oldtimer.geekstogo.com/OTL.exe
-do spodního okénka vlož tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c

-dej fajfku do čtverečku u řádku Pro všechny uživatele
-nech ostatní položky jak je nastaveno na screenu
- potvrď tlačítko Prohledat.
-provede se sken, log OTL.Txt sem vlož

Obrázek

Re: Dlouhý start XP

Napsal: 04 zář 2011 09:24
od milancz
Hned problém:

cfo.JPG

Re: Dlouhý start XP

Napsal: 04 zář 2011 09:43
od milancz
OTL logfile created on: 4.9.2011 9:29:34 - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = g:\Software\O
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,59% Memory free
3,85 Gb Paging File | 3,21 Gb Available in Paging File | 83,42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 14,20 Gb Free Space | 29,08% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 53,33 Gb Free Space | 28,97% Space Free | Partition Type: NTFS
Drive F: | 443,23 Gb Total Space | 56,35 Gb Free Space | 12,71% Space Free | Partition Type: NTFS
Drive G: | 488,28 Gb Total Space | 139,80 Gb Free Space | 28,63% Space Free | Partition Type: NTFS
Drive H: | 149,04 Gb Total Space | 16,02 Gb Free Space | 10,75% Space Free | Partition Type: NTFS
Drive I: | 232,88 Gb Total Space | 60,62 Gb Free Space | 26,03% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Milan Šindelář | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - g:\Software\O\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - H:\transbase\tbmux32.exe (Transaction Software, D 81737 Munich)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\11090301\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\11090301\aswRep.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - c:\Program Files\Adobe\Reader 9.0\Reader\RdLang32.CZE ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\EScript.CZE ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\updater.CZE ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annots.CZE ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll ()
MOD - C:\Program Files\WinRAR\rarlng.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
SRV - (Transbase) -- H:\transbase\tbmux32.exe (Transaction Software, D 81737 Munich)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices)
DRV - (NTIOLib_1_0_8) -- C:\Program Files\MSI\MSIWDev\NTIOLib.sys (MSI)
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys (Your Corporation)
DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (WFLR6654) WinFast TV2000 XP Expert (FM1216MK3) -- C:\WINDOWS\system32\drivers\wfeaglxt.sys (Leadtek Research Inc.)
DRV - (DefragFS) -- C:\WINDOWS\System32\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (WF23880) -- C:\WINDOWS\system32\drivers\wf88vcap.sys (Copyright @2000-2006 Leadtek Research Inc.)
DRV - (WFTUNE) -- C:\WINDOWS\system32\drivers\wf88tune.sys (Copyright @2000-2006 Leadtek Research Inc.)
DRV - (WF88XBAR) -- C:\WINDOWS\system32\drivers\WF88XBAR.sys (Copyright @2000-2006 Leadtek Research Inc.)
DRV - (WFIOCTL) -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.sys (Leadtek Research Inc.)
DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage

IE - HKU\S-1-5-21-1935655697-1035525444-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1935655697-1035525444-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.cz"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox [2011.07.23 07:37:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.08.21 21:33:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.01 21:27:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.01 21:20:06 | 000,000,000 | ---D | M]

[2011.09.02 20:37:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Milan Šindelář\Data aplikací\Mozilla\Extensions
[2011.09.03 06:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Milan Šindelář\Data aplikací\Mozilla\Firefox\Profiles\ofuj1tmj.default\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MILAN ŠINDELář\DATA APLIKACí\MOZILLA\FIREFOX\PROFILES\OFUJ1TMJ.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011.05.18 23:25:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.05.31 23:10:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.09.01 21:27:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.18 23:25:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.07 18:12:07 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2011.05.07 18:12:07 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.03.03 19:52:54 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2011.05.07 18:12:07 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.05.07 18:12:07 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.05.07 18:12:07 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.09.03 21:38:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1935655697-1035525444-725345543-1004\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1935655697-1035525444-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-1035525444-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1935655697-1035525444-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1935655697-1035525444-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 9780596593 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.83.161.210 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAECC029-1C56-4DE5-85F7-7AB00EAC757C}: DhcpNameServer = 88.83.161.210 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Milan Šindelář\Data aplikací\Mozilla\Firefox\Pozadí plochy.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Milan Šindelář\Data aplikací\Mozilla\Firefox\Pozadí plochy.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.09.03 21:26:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.09.03 21:25:10 | 004,194,725 | R--- | C] (Swearware) -- C:\Documents and Settings\Milan Šindelář\Plocha\ComboFix.exe
[2011.09.03 06:46:32 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\Milan Šindelář\Plocha\StartUpLite.exe
[2011.09.02 20:20:59 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Milan Šindelář\Plocha\OTL.exe
[2011.08.30 20:06:58 | 000,524,288 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8tif.dil
[2011.08.30 20:06:58 | 000,479,232 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8xPDF.del
[2011.08.30 20:06:58 | 000,401,408 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8xtif.del
[2011.08.30 20:06:58 | 000,368,640 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\ImgMan81.dll
[2011.08.30 20:06:58 | 000,348,160 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8fpx.dil
[2011.08.30 20:06:58 | 000,266,240 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8JP2.dil
[2011.08.30 20:06:58 | 000,253,952 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8xjp2.del
[2011.08.30 20:06:58 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\System32\PCDLIB32.DLL
[2011.08.30 20:06:58 | 000,202,480 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IMACTX80.ocx
[2011.08.30 20:06:58 | 000,143,360 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8xjpg.del
[2011.08.30 20:06:58 | 000,143,360 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8jpg.dil
[2011.08.30 20:06:58 | 000,126,976 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8png.dil
[2011.08.30 20:06:58 | 000,110,592 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8xpng.del
[2011.08.30 20:06:58 | 000,086,016 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8dxf.dil
[2011.08.30 20:06:58 | 000,081,920 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8gif.dil
[2011.08.30 20:06:58 | 000,069,632 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8xgif.del
[2011.08.30 20:06:58 | 000,069,632 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8eps.dil
[2011.08.30 20:06:58 | 000,057,344 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8xpcx.del
[2011.08.30 20:06:58 | 000,057,344 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8xeps.del
[2011.08.30 20:06:58 | 000,057,344 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8xdcx.del
[2011.08.30 20:06:58 | 000,057,344 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8pcx.dil
[2011.08.30 20:06:58 | 000,053,248 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8wpg.dil
[2011.08.30 20:06:58 | 000,053,248 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8wmf.dil
[2011.08.30 20:06:58 | 000,049,152 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8xbmp.del
[2011.08.30 20:06:58 | 000,049,152 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8tga.dil
[2011.08.30 20:06:58 | 000,049,152 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8pcd.dil
[2011.08.30 20:06:58 | 000,049,152 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8img.dil
[2011.08.30 20:06:58 | 000,049,152 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\im8bmp.dil
[2011.08.30 20:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Electrolux_EFS
[2011.08.30 20:06:49 | 000,000,000 | ---D | C] -- C:\Electrolux_EFS
[2011.08.26 20:11:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Milan Šindelář\Recent
[2011.08.21 21:34:18 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011.08.21 21:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\avast! Free Antivirus
[2011.08.21 21:34:17 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011.08.21 21:34:15 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011.08.21 21:34:15 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011.08.21 21:34:15 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011.08.21 21:34:14 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011.08.21 21:34:14 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011.08.21 21:34:13 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011.08.21 21:33:55 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011.08.21 21:33:55 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011.08.11 23:30:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\VideoLAN
[2011.08.10 18:34:45 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011.08.10 18:34:21 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011.08.09 22:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011.08.09 22:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Catalyst Control Center
[2011.07.23 07:37:22 | 003,486,088 | ---- | C] (Ask) -- C:\Program Files\Common Files\ApnToolbarInstaller.exe
[2011.07.23 07:37:22 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\ApnStub.exe

========== Files - Modified Within 30 Days ==========

[2011.09.04 09:22:45 | 000,039,812 | ---- | M] () -- C:\Documents and Settings\Milan Šindelář\Plocha\cfo.JPG
[2011.09.04 09:11:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.09.03 21:38:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.09.03 21:25:24 | 004,194,725 | R--- | M] (Swearware) -- C:\Documents and Settings\Milan Šindelář\Plocha\ComboFix.exe
[2011.09.03 07:21:00 | 001,821,931 | ---- | M] () -- C:\Documents and Settings\Milan Šindelář\Plocha\pmp-cs-okcv-125.pdf
[2011.09.03 07:19:10 | 000,381,654 | ---- | M] () -- C:\Documents and Settings\Milan Šindelář\Plocha\dzd-cs-okcv-125-200.pdf
[2011.09.03 06:46:32 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\Milan Šindelář\Plocha\StartUpLite.exe
[2011.09.02 20:34:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2011.09.02 20:21:01 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Milan Šindelář\Plocha\OTL.exe
[2011.09.02 20:12:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.09.02 06:13:46 | 000,000,167 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2011.09.01 21:27:11 | 000,000,278 | ---- | M] () -- C:\WINDOWS\hpqgrcpy.INI
[2011.08.30 20:06:58 | 000,000,427 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Launch Electrolux_EFS.exe.lnk
[2011.08.28 17:47:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.08.21 21:34:15 | 000,002,552 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.08.20 07:06:47 | 000,119,644 | ---- | M] () -- C:\Documents and Settings\Milan Šindelář\Plocha\628SCi.JPG
[2011.08.18 06:59:15 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.08.11 23:30:19 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\VLC media player.lnk
[2011.08.10 22:06:34 | 000,463,526 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.08.10 22:06:34 | 000,445,854 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.08.10 22:06:34 | 000,094,114 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.08.10 22:06:34 | 000,074,112 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.08.05 19:43:54 | 000,192,590 | ---- | M] () -- C:\Documents and Settings\Milan Šindelář\Plocha\P1040681.jpg
[2011.08.05 19:42:53 | 000,149,054 | ---- | M] () -- C:\Documents and Settings\Milan Šindelář\Plocha\P1040684.jpg

========== Files Created - No Company Name ==========

[2011.09.04 09:21:14 | 000,039,812 | ---- | C] () -- C:\Documents and Settings\Milan Šindelář\Plocha\cfo.JPG
[2011.09.03 07:21:00 | 001,821,931 | ---- | C] () -- C:\Documents and Settings\Milan Šindelář\Plocha\pmp-cs-okcv-125.pdf
[2011.09.03 07:19:10 | 000,381,654 | ---- | C] () -- C:\Documents and Settings\Milan Šindelář\Plocha\dzd-cs-okcv-125-200.pdf
[2011.09.02 20:34:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.09.02 20:10:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.08.30 20:06:58 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Launch Electrolux_EFS.exe.lnk
[2011.08.20 07:06:47 | 000,119,644 | ---- | C] () -- C:\Documents and Settings\Milan Šindelář\Plocha\628SCi.JPG
[2011.08.11 23:30:19 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\VLC media player.lnk
[2011.08.05 19:43:54 | 000,192,590 | ---- | C] () -- C:\Documents and Settings\Milan Šindelář\Plocha\P1040681.jpg
[2011.08.05 19:42:53 | 000,149,054 | ---- | C] () -- C:\Documents and Settings\Milan Šindelář\Plocha\P1040684.jpg
[2011.07.24 14:35:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011.07.23 07:49:52 | 000,234,712 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2011.07.07 23:37:28 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011.06.27 21:15:40 | 000,000,507 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011.06.07 22:59:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\wrginst.ini
[2011.05.18 23:18:28 | 000,074,752 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2011.05.15 08:22:50 | 000,000,571 | ---- | C] () -- C:\WINDOWS\videotoaudio.ini
[2011.05.15 08:20:47 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\SySatm.dat
[2011.04.24 08:25:10 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\Milan Šindelář\Data aplikací\vso_ts_preview.xml
[2011.04.24 08:24:47 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Milan Šindelář\Data aplikací\inst.exe
[2011.04.24 08:24:47 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Milan Šindelář\Data aplikací\pcouffin.cat
[2011.04.24 08:24:47 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Milan Šindelář\Data aplikací\pcouffin.inf
[2011.04.18 21:23:31 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2011.04.16 19:01:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2011.04.16 18:59:49 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL
[2011.03.22 20:17:20 | 000,000,278 | ---- | C] () -- C:\WINDOWS\hpqgrcpy.INI
[2011.03.19 18:30:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wintab32.dll
[2011.03.13 13:44:58 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Milan Šindelář\Data aplikací\Adobe Formát PNG CS5 – předvolby
[2011.03.11 00:55:47 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Milan Šindelář\Local Settings\Data aplikací\fusioncache.dat
[2011.03.11 00:45:51 | 000,085,288 | ---- | C] () -- C:\WINDOWS\hpgins01.dat
[2011.03.11 00:45:51 | 000,000,145 | ---- | C] () -- C:\WINDOWS\hpgmdl01.dat
[2011.03.10 23:58:12 | 000,000,423 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011.03.10 23:58:12 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2030.DAT
[2011.03.10 23:34:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011.03.10 21:49:20 | 000,000,313 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2011.03.10 21:49:20 | 000,000,167 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2011.03.10 21:49:20 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2011.03.10 21:49:15 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2011.03.10 21:49:15 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2011.03.10 21:49:15 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2011.03.10 21:49:14 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2030.INI
[2011.03.10 21:36:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2011.03.10 21:24:16 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011.03.10 20:35:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.03.10 20:07:08 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Milan Šindelář\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.10 20:05:13 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.03.10 20:04:02 | 003,639,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.03.10 19:19:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.03.10 19:15:15 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.01.27 04:09:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.09.30 03:46:56 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009.09.30 03:46:56 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009.04.23 23:29:16 | 000,234,142 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008.05.26 23:22:14 | 000,015,552 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 23:22:10 | 000,021,464 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 23:22:04 | 000,014,910 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2004.08.18 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.18 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.18 14:00:00 | 000,463,526 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2004.08.18 14:00:00 | 000,445,854 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.18 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.18 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2004.08.18 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.18 14:00:00 | 000,094,114 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2004.08.18 14:00:00 | 000,074,112 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.18 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.18 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2004.08.18 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.18 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.18 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.18 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.18 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< c:\windows\*.* /U >


< MD5 for: AGP440.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.03.10 20:51:05 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011.03.10 20:51:05 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.03.10 20:51:05 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011.03.10 20:51:05 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.18 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2011.03.10 20:51:05 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2011.03.10 20:51:05 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.18 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: LSASS.EXE >
[2004.08.18 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.18 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.18 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.18 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.18 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.18 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.18 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.18 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< End of report >
Časové pásmo: UTC+02:00
Stránka 1 z 3
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/