Prosím o kontrolu logu Vyřešeno
Re: Prosím o kontrolu logu
ježiši já sem ti omylem poslal něco jiného... mmnt hned to opravím
Re: Prosím o kontrolu logu
Spust Otl bez skriptu, klikni pouze na scan
Re: Prosím o kontrolu logu
C:\WINDOWS\System32\reader_s.exe
Kategorie: Infikované soubory
Popis virů: Win32:Crypt-GBI [Trj]
Kategorie: Infikované soubory
Popis virů: Win32:Crypt-GBI [Trj]
Re: Prosím o kontrolu logu
Jak dlouho se bude dělat ten scan.. nevíš??
Re: Prosím o kontrolu logu
zrovna se to dodělalo..OTL logfile created on: 20.7.2010 20:20:10 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Radim\Dokumenty\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
511,00 Mb Total Physical Memory | 266,00 Mb Available Physical Memory | 52,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,55 Gb Total Space | 5,27 Gb Free Space | 7,07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DOMACI
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.07.20 17:09:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Radim\Dokumenty\Downloads\OTL (1).exe
PRC - [2010.06.29 04:27:23 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2010.06.28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010.07.20 17:09:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Radim\Dokumenty\Downloads\OTL (1).exe
MOD - [2006.08.25 17:51:20 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004.08.03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009.10.17 12:20:52 | 000,181,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2009.09.28 23:41:12 | 000,024,645 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\hosting\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009.06.01 22:20:12 | 000,222,968 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2007.07.20 07:20:16 | 000,057,344 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\hosting\tomcat\bin\tomcat6.exe -- (tomcat6)
SRV - [2007.01.19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006.02.10 22:33:37 | 000,507,904 | ---- | M] (Eset ) [Auto | Stopped] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2002.03.15 22:37:46 | 000,081,920 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\CoachVc.sys -- (CoachVc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\CoachUsb.sys -- (CoachUsb)
DRV - [2010.06.28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.06.28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.06.28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.06.28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.06.28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.06.28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.02.04 15:34:30 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.06.20 11:52:06 | 000,225,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008.03.26 15:56:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.03.26 15:55:00 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.03.26 15:55:00 | 000,012,800 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007.01.12 20:09:53 | 000,082,296 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006.07.10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006.07.05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2006.02.10 22:33:38 | 000,502,368 | ---- | M] (Eset ) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2005.10.01 23:15:13 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2005.09.26 16:47:46 | 000,008,576 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DynCal.sys -- (DynCal)
DRV - [2005.08.16 11:13:00 | 000,460,800 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2005.08.16 11:13:00 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2005.06.29 05:01:56 | 001,241,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.11.24 14:36:18 | 000,010,368 | ---- | M] (FotoNation Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CoachAud.sys -- (CoachAud)
DRV - [2004.11.18 12:49:14 | 000,045,534 | ---- | M] (EUTRON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eusk3usb.sys -- (eusk3usb)
DRV - [2004.11.18 12:49:14 | 000,024,786 | ---- | M] (EUTRON) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\eusk2par.sys -- (eusk2par)
DRV - [2004.08.03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004.08.03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
DRV - [2004.05.20 20:47:22 | 000,258,560 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mrv8ka51.sys -- (W8100XP)
DRV - [2003.12.05 12:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003.07.16 08:27:40 | 000,043,264 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003.07.01 22:42:00 | 000,027,904 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003.04.28 13:03:36 | 000,227,200 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cccp106.sys -- (CCCP106) CIF USB Camera (2110A)
DRV - [2002.11.19 13:17:18 | 000,022,400 | R--- | M] (Conexant Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2002.11.19 13:13:12 | 000,166,144 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002.11.19 13:11:44 | 000,585,472 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2002.11.19 13:09:36 | 001,067,008 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002.03.22 14:10:58 | 000,991,656 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002.03.22 14:10:20 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS -- (emupia)
DRV - [2002.03.22 14:10:10 | 000,211,724 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2002.03.22 14:09:54 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2002.03.22 14:09:52 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002.03.22 14:09:40 | 000,835,636 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002.03.22 14:08:12 | 000,114,944 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k)
DRV - [2001.10.10 17:10:26 | 000,003,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VtPr.sys -- (VtPr)
DRV - [2001.09.06 15:21:02 | 000,004,448 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Devx.sys -- (Devx)
DRV - [2001.08.17 21:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001.08.17 21:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001.08.17 21:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001.08.17 21:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001.08.17 21:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001.08.17 21:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001.08.17 21:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001.08.17 21:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001.08.17 21:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001.08.17 21:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [1999.12.17 03:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-1229272821-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.30 12:46:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.20 15:32:56 | 000,000,000 | ---D | M]
[2010.07.20 16:57:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.07.20 15:33:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.04.01 18:51:34 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.04.01 18:51:34 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.04.01 18:51:34 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.04.01 18:51:34 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.04.01 18:51:34 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2005.09.29 20:15:18 | 000,000,000 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (MyPlayCity Toolbar) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll (Conduit Ltd.)
O2 - BHO: (Bitlord Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (GdfrDUEn Class) - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Stylish Profile\enlbrdr.dll (TODO: <Company name>)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (MyPlayCity Toolbar) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bitlord Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (&Seznam Bezpečný Internet) - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam Bezpecny Internet\SBI.dll (Seznam.cz a.s.)
O3 - HKLM\..\Toolbar: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CARPService] C:\WINDOWS\System32\carpserv.exe (Conexant Systems)
O4 - HKLM..\Run: [D_V_T] File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\rfpicon.exe (Ruling Tec Pte Ltd)
O4 - HKLM..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe (Ulead Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HostingClientShortcut.lnk = C:\hosting\client\HostingClient.exe (HostingClient)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\hp instant support.lnk = C:\Program Files\Hewlett-Packard\HP Instant Support DI\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1229272821-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm ()
O9 - Extra 'Tools' menuitem : StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm ()
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshell/G ... meHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.08.15 18:25:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 7 Days ==========
[2010.07.20 20:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dokumenty\Downloads
[2010.07.20 19:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
[2010.07.20 19:56:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google
[2010.07.20 18:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2010.07.20 15:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010.07.20 15:44:20 | 000,018,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010.07.20 15:44:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.07.20 15:35:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.07.20 15:32:55 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.07.20 15:32:55 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.07.20 15:32:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.07.20 15:32:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.07.19 23:56:29 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.07.19 23:56:28 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.07.19 23:56:23 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.07.19 23:56:20 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.07.19 23:56:20 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.07.19 23:56:19 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.07.19 23:54:58 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010.07.19 23:54:52 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.07.19 23:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010.07.19 23:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.07.19 21:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2010.07.19 09:34:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010.07.14 12:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2005.12.09 22:12:30 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2010.07.20 20:08:35 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.07.20 19:54:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.20 19:53:01 | 000,023,412 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000A-00001102-00000004-00511102}.rfx
[2010.07.20 19:53:01 | 000,023,412 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000A-00001102-00000004-00511102}.rfx
[2010.07.20 19:53:01 | 000,018,672 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000A-00001102-00000004-00511102}.rfx
[2010.07.20 19:53:01 | 000,018,672 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000A-00001102-00000004-00511102}.rfx
[2010.07.20 19:53:01 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.07.20 19:53:01 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.07.20 19:53:01 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000004-00511102}.dat
[2010.07.20 19:53:01 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000A-00001102-00000004-00511102}.dat
[2010.07.20 19:52:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.20 19:51:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010.07.20 19:51:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010.07.20 19:08:31 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.20 19:01:25 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.07.20 16:24:03 | 000,000,960 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.07.20 16:23:29 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010.07.20 16:23:10 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.20 16:23:04 | 000,000,558 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Radim.job
[2010.07.20 16:09:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.07.20 15:02:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.20 09:57:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.07.20 00:15:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010.07.20 00:15:12 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010.07.19 23:56:21 | 000,002,599 | ---- | M] () -- C:\WINDOWS\System32\config.nt
[2010.07.19 18:18:19 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.07.18 23:08:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010.07.18 23:08:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010.07.17 19:09:31 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010.07.17 19:09:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010.07.16 22:00:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010.07.16 22:00:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010.07.15 23:00:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010.07.15 23:00:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010.07.14 23:27:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010.07.14 23:27:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010.07.13 22:13:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010.07.13 22:13:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.07.19 21:39:51 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010.06.05 14:42:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010.02.22 18:01:37 | 000,001,390 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2009.02.04 15:34:27 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.02.02 16:45:26 | 000,000,032 | ---- | C] () -- C:\WINDOWS\wowCP.ini
[2009.01.27 19:48:04 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2009.01.18 15:57:09 | 000,002,736 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2008.11.29 19:03:51 | 000,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\VtPr.sys
[2008.11.29 19:03:50 | 000,004,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\Devx.sys
[2008.11.12 16:08:57 | 000,002,543 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007.10.21 22:04:19 | 000,000,238 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2006.10.18 16:51:05 | 000,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2006.02.11 11:47:57 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2006.02.11 11:32:25 | 000,000,151 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2005.12.24 00:33:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MelodyExe.INI
[2005.12.23 22:56:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MessageExe.INI
[2005.12.23 22:46:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EngineExe.INI
[2005.12.23 22:23:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2005.12.23 22:21:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2005.12.23 22:18:40 | 000,000,090 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI
[2005.12.09 22:12:31 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2sodbc.dll
[2005.12.09 22:12:31 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2005.12.09 22:12:31 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2005.12.09 22:12:30 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2bbnd.dll
[2005.09.29 19:11:14 | 000,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini
[2005.08.16 11:24:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.08.16 11:13:00 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2005.08.15 20:51:29 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2005.08.15 19:53:36 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2005.08.15 19:16:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\infcpy.dll
[2005.08.15 19:08:27 | 000,000,598 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.08.15 18:45:23 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005.08.15 18:09:54 | 000,000,158 | ---- | C] () -- C:\WINDOWS\pagesuit.ini
[2005.08.15 18:09:52 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2005.08.15 17:58:01 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\dcccp106.dll
[2005.08.15 17:58:01 | 000,015,542 | R--- | C] () -- C:\WINDOWS\cccp106.ini
[2005.08.15 17:58:01 | 000,000,321 | R--- | C] () -- C:\WINDOWS\DC2110a.ini
[2005.08.15 17:58:00 | 000,227,200 | R--- | C] () -- C:\WINDOWS\System32\drivers\cccp106.sys
[2005.08.15 17:58:00 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\vcccp106.dll
[2005.08.15 17:47:50 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005.08.15 17:46:36 | 000,034,914 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2005.08.15 17:46:36 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005.08.15 17:46:22 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005.08.15 17:45:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004.08.18 18:00:00 | 000,000,012 | ---- | C] () -- C:\WINDOWS\ws386.ini
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.05.16 03:15:02 | 000,552,960 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
< End of report >
Re: Prosím o kontrolu logu
Ty jsi tomáš kudr?
Re: Prosím o kontrolu logu
jo já jsem tomáš kudr..
Re: Prosím o kontrolu logu
Fajn, vypadá to dobře, asi to virut nebude, planej poplach . Lepší planý poplach než virut 
.
Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.
. Lepší planý poplach než virut .Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.
Re: Prosím o kontrolu logu
Combofix jsem spouštěl včera, napsalo to že to skenuje, pak to psalo jednotlivé fáze (fáze 1 dokončena... fáze 50 dokončena), pak to napsalo něco ve smyslu že to našlo infekční soubory a že je to smaže. Začalo to mazat soubory, u 6. souboru se to seklo a bylo to tak asi 30 minut tak jsem to vypl a šel sem spát. Dneska sem to zkoušel znova a seklo se to u fáze 50... dál to nic nedělalo. Nešel mi zrovna net.. bylo to kvůli tomu a mám to zkusit znova???
Re: Prosím o kontrolu logu
Kvůli tomu to určitě nebylo.
Prosím tě, složku qoobox dej do raru a pošli mi ji na www.leteckaposta.cz- Link ke stránce mi vlož do sz.
Ted to vypadá s počítačem jak?
Stahni AVPtool http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
-nainstaluj, nech provést sken všechn jednotek
-co najde nech léčit
-pak sem vlož log.
Prosím tě, složku qoobox dej do raru a pošli mi ji na www.leteckaposta.cz- Link ke stránce mi vlož do sz.
Ted to vypadá s počítačem jak?
Stahni AVPtool http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
-nainstaluj, nech provést sken všechn jednotek
-co najde nech léčit
-pak sem vlož log.
Re: Prosím o kontrolu logu
Prosím tě, zkus spustit ten combofix ještě v nouzovém režimu, předtím ho přejmenuj na cokoliv.com.
Potřebovala bych z něj dostat ten log a neukončil se správně.
Pokud to nepůjde, napiš.
AVptool udělej až pak.
Potřebovala bych z něj dostat ten log a neukončil se správně.
Pokud to nepůjde, napiš.
AVptool udělej až pak.
Re: Prosím o kontrolu logu
Tady máš ten log z combofixu:
ComboFix 10-07-20.01 - Administrator 21.07.2010 12:55:17.1.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.373 [GMT 2:00]
Spuštěný z: c:\documents and settings\Radim\Dokumenty\Downloads\cokoliv.com
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\paytime.exe
c:\windows\ws386.ini
Nakažená kopie c:\windows\system32\kernel32.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
Nakažená kopie c:\windows\system32\drivers\ndis.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\ndis.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-21 do 2010-07-21 )))))))))))))))))))))))))))))))
.
2010-07-21 10:00 . 2010-07-21 10:02 -------- d-----w- c:\windows\LastGood.Tmp
2010-07-21 10:00 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\42574892.sys
2010-07-21 10:00 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\4257489.sys
2010-07-21 10:00 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\42574891.sys
2010-07-21 08:05 . 2010-07-21 08:05 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-21 08:05 . 2010-07-21 08:05 -------- d-----w- C:\_OTL
2010-07-21 08:03 . 2010-07-21 08:04 -------- d-----w- c:\program files\Eset
2010-07-21 07:27 . 2010-07-21 08:03 -------- d-----w- C:\ComboFix(2)
2010-07-20 13:58 . 2004-08-17 13:49 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-07-20 13:53 . 2010-07-20 13:53 -------- d-----w- c:\program files\MSXML 4.0
2010-07-20 13:44 . 2010-07-20 13:44 -------- d-----w- c:\program files\Trend Micro
2010-07-20 13:35 . 2010-07-20 13:35 -------- d-----w- c:\program files\Common Files\Java
2010-07-20 13:32 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-19 21:56 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-19 21:56 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-19 21:56 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-19 21:56 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-07-19 21:56 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-07-19 21:56 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-19 21:54 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-19 21:54 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-19 21:50 . 2010-07-19 21:53 -------- d-----w- c:\program files\Alwil Software
2010-07-19 19:39 . 2010-07-19 19:39 -------- d-----w- c:\program files\Glary Utilities
2010-07-19 07:34 . 2010-07-19 10:02 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-07-19 05:54 . 2008-04-21 21:28 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-07-14 10:51 . 2010-07-14 10:51 -------- d-----w- c:\program files\EA GAMES
2010-06-29 17:00 . 2010-07-21 11:26 -------- d-----w- c:\program files\Steam
2010-06-25 17:51 . 2010-06-30 10:52 -------- d-----w- c:\program files\Metin2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 11:32 . 2001-10-25 14:00 47206 ----a-w- c:\windows\system32\perfc005.dat
2010-07-21 11:32 . 2001-10-25 14:00 312970 ----a-w- c:\windows\system32\perfh005.dat
2010-07-21 10:24 . 2005-08-15 17:04 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000004-00511102}.dat
2010-07-21 10:24 . 2005-08-15 17:04 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-0000000A-00001102-00000004-00511102}.dat
2010-07-21 08:48 . 2009-12-15 14:25 -------- d-----w- c:\program files\Valve
2010-07-21 08:25 . 2009-07-15 19:48 -------- d-----w- c:\program files\ICQ6.5
2010-07-20 15:13 . 2009-11-03 13:30 -------- d-----w- c:\program files\Stylish Profile
2010-07-20 14:38 . 2005-12-23 17:49 -------- d-----w- c:\program files\TweakNow RegCleaner Std
2010-07-20 13:32 . 2010-05-26 19:13 -------- d-----w- c:\program files\Java
2010-07-19 21:58 . 2008-11-13 13:56 -------- d-----w- c:\program files\Google
2010-07-16 19:07 . 2008-11-16 13:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-06 18:04 . 2009-08-07 19:42 -------- d-----w- c:\program files\Ask.com
2010-06-28 20:33 . 2005-10-27 15:35 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-19 12:56 . 2010-06-19 12:56 -------- d-----w- c:\program files\Stellarium
2010-06-18 11:20 . 2010-06-18 11:19 -------- d-----w- c:\program files\VirtualDJ
2010-06-05 12:43 . 2010-06-05 12:42 -------- d-----w- c:\program files\MOV to AVI MPEG WMV Converter
2010-06-04 11:22 . 2005-08-15 16:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-04 09:25 . 2002-03-25 20:02 11973 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-05-04 17:18 . 2002-09-20 18:05 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:18 . 2005-08-15 11:44 78336 ------w- c:\windows\system32\ieencode.dll
2010-05-04 17:18 . 2001-10-25 14:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-15 14:22 . 2009-12-15 14:14 302548481 ----a-w- c:\program files\Counter-Strike1.6(1).exe
2009-12-09 18:49 . 2009-12-09 16:23 733777632 ----a-w- c:\program files\Counter-Strike Source(1).exe
2009-12-09 14:59 . 2009-12-09 14:58 733777632 ---ha-w- c:\program files\Counter-Strike Source.exe
2009-12-09 14:34 . 2009-12-09 14:33 57008 ----a-w- c:\program files\cfgs.rar
2009-11-27 12:41 . 2009-11-27 12:41 997113166 ---ha-w- c:\program files\cs_source.rar
2008-10-16 15:58 . 2008-12-24 19:43 2848436 ----a-w- c:\program files\Landa-Touha.mp3
2008-10-01 10:05 . 2008-12-24 19:43 4001792 ----a-w- c:\program files\Enrique Iglesias - Hero.mp3
2008-08-10 23:08 . 2008-08-10 23:08 978396 ----a-w- c:\program files\BDAXP.cab
2008-08-03 15:36 . 2008-08-03 15:36 137003 ----a-w- c:\program files\bhop2.png
2008-06-13 14:46 . 2008-12-24 19:43 5904863 ----a-w- c:\program files\Chinaski - Vakuum.mp3
2008-05-21 11:28 . 2008-12-24 19:43 3343717 ----a-w- c:\program files\Enrique Iglesias - Escape.mp3
2008-05-21 11:00 . 2008-12-24 19:43 5825885 ----a-w- c:\program files\Falling Slowly.mp3
2008-05-20 07:36 . 2008-12-24 19:43 3190317 ----a-w- c:\program files\Glen Hansard-All the way down.mp3
2008-05-20 07:32 . 2008-12-24 19:43 6467440 ----a-w- c:\program files\Fergie - Big Girls Dont Cry.mp3
2008-04-28 18:24 . 2008-12-24 19:43 5552128 ----a-w- c:\program files\Enrique Iglesias - Ring my bells.mp3
2008-04-28 18:20 . 2008-12-24 19:43 3965306 ----a-w- c:\program files\Enrique Iglesias - 03 - Love to see you cry - 21century.mp3
2008-04-28 18:05 . 2008-12-24 19:43 5574053 ----a-w- c:\program files\Fergie - Wont Let You Fall.mp3
2008-04-28 18:00 . 2008-12-24 19:43 6561752 ----a-w- c:\program files\Fergie.mp3
2005-12-20 19:41 . 2005-12-20 19:41 8192 --sha-w- c:\windows\o2cLicStore.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2008-03-04 12:44 1470488 ----a-w- c:\program files\MyPlayCity\tbMyPl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2010-05-17 10:58 2515552 ----a-w- c:\program files\TorrentMan\tbTor0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-01-07 06:51 185344 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2008-03-04 1470488]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor0.dll" [2010-05-17 2515552]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2008-03-04 1470488]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor0.dll" [2010-05-17 2515552]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-13 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-09-17 1933381]
"Steam"="c:\program files\steam\steam.exe" [2010-07-02 1238352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"D_V_T"="c:\\dvt.exe" [2006-02-10 3584]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 45056]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CARPService"="carpserv.exe" [2002-11-19 4608]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
c:\documents and settings\Radim\Nabˇdka Start\Programy\Po spuçtŘnˇ\
setup_9.0.0.722_21.07.2010_13-25.lnk - c:\documents and settings\Radim\Plocha\Virus Removal Tool\setup_9.0.0.722_21.07.2010_13-25\startup.exe [2010-7-21 72208]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HostingClientShortcut.lnk - c:\hosting\client\HostingClient.exe [2010-5-26 81920]
hp instant support.lnk - c:\program files\Hewlett-Packard\HP Instant Support DI\bin\matcli.exe [2005-8-15 208896]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-5-29 323646]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-5-29 147456]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Shell"="c:\program files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
"TaskTray"="c:\program files\Creative\SBAudigy\TaskBar\CTLTray.exe"
"TaskBar"="c:\program files\Creative\SBAudigy\TaskBar\CTLTask.exe"
"Eyeball Chat"="c:\progra~1\Eyeball\EYEBAL~1\EyeballChat.exe" -min
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"Jet Detection"=c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
"CARPService"=carpserv.exe
"WINDVDPatch"=CTHELPER.EXE
"CTStartup"=c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run
"Share-to-Web Namespace Daemon"=c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Hry\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\hosting\\client\\HostingClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23048:TCP"= 23048:TCP:BitComet 23048 TCP
"23048:UDP"= 23048:UDP:BitComet 23048 UDP
R0 42574892;42574892 Boot Guard Driver;c:\windows\system32\drivers\42574892.sys [21.7.2010 12:00 37392]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 42574891;42574891;c:\windows\system32\drivers\42574891.sys [21.7.2010 12:00 128016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.7.2010 23:56 165456]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [31.3.2006 22:15 24786]
R1 setup_9.0.0.722_21.07.2010_13-25drv;setup_9.0.0.722_21.07.2010_13-25drv;c:\windows\system32\drivers\4257489.sys [21.7.2010 12:00 315408]
R2 Apache2.2;Apache2.2;c:\hosting\apache\bin\httpd.exe [28.9.2009 23:41 24645]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.7.2010 23:56 17744]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [26.9.2005 16:47 8576]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [15.8.2005 17:58 227200]
S3 Devx;Devx;c:\windows\system32\drivers\Devx.sys [29.11.2008 19:03 4448]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [31.3.2006 22:15 45534]
S3 VtPr;VtPr;c:\windows\system32\drivers\VtPr.sys [29.11.2008 19:03 3328]
S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [24.3.2007 14:26 258560]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.2.2009 15:34 717296]
.
Obsah adresáře 'Naplánované úlohy'
2010-07-21 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-07-19 09:14]
2010-07-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-13 19:34]
2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:06]
2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:06]
2010-07-20 c:\windows\Tasks\Norton Security Scan for Radim.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-11 22:51]
2010-07-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search13.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://search13.net/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Přelož do češtiny - c:\program files\Seznam Bezpecny Internet\SBI.dll/5034
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Hledej v &Seznamu - c:\program files\Seznam Bezpecny Internet\SBI.dll/5033
IE: Hledej v Seznam &Fulltextu - c:\program files\Seznam Bezpecny Internet\SBI.dll/5035
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
LSP: imon.dll
TCP: {05696265-2E64-4DC0-8F18-BF9B1D6C91D1} = 10.0.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\ih157vk4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.startup.homepage - hxxp://search13.net?clid=486
FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Notify-WgaLogon - (no file)
AddRemove-Heroes of Might and Magic® III - c:\program files\3DO\Heroes3\Uninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-21 13:32
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(980)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(3200)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\LogMeIn Hamachi\hamachi-2.exe
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\carpserv.exe
c:\program files\Eset\nod32krn.exe
c:\program files\Photodex\ProShowGold\ScsiAccess.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\hosting\tomcat\bin\tomcat6.exe
.
**************************************************************************
.
Celkový čas: 2010-07-21 13:52:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-21 11:51
Před spuštěním: 6 284 451 840
Po spuštění: 6 761 582 592
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 704B556CD1A6EEC234CCAFB01ED404BB
Teď idu na ten AVptool...
ComboFix 10-07-20.01 - Administrator 21.07.2010 12:55:17.1.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.373 [GMT 2:00]
Spuštěný z: c:\documents and settings\Radim\Dokumenty\Downloads\cokoliv.com
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\paytime.exe
c:\windows\ws386.ini
Nakažená kopie c:\windows\system32\kernel32.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
Nakažená kopie c:\windows\system32\drivers\ndis.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\ndis.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-21 do 2010-07-21 )))))))))))))))))))))))))))))))
.
2010-07-21 10:00 . 2010-07-21 10:02 -------- d-----w- c:\windows\LastGood.Tmp
2010-07-21 10:00 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\42574892.sys
2010-07-21 10:00 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\4257489.sys
2010-07-21 10:00 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\42574891.sys
2010-07-21 08:05 . 2010-07-21 08:05 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-21 08:05 . 2010-07-21 08:05 -------- d-----w- C:\_OTL
2010-07-21 08:03 . 2010-07-21 08:04 -------- d-----w- c:\program files\Eset
2010-07-21 07:27 . 2010-07-21 08:03 -------- d-----w- C:\ComboFix(2)
2010-07-20 13:58 . 2004-08-17 13:49 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-07-20 13:53 . 2010-07-20 13:53 -------- d-----w- c:\program files\MSXML 4.0
2010-07-20 13:44 . 2010-07-20 13:44 -------- d-----w- c:\program files\Trend Micro
2010-07-20 13:35 . 2010-07-20 13:35 -------- d-----w- c:\program files\Common Files\Java
2010-07-20 13:32 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-19 21:56 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-19 21:56 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-19 21:56 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-19 21:56 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-07-19 21:56 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-07-19 21:56 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-19 21:54 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-19 21:54 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-19 21:50 . 2010-07-19 21:53 -------- d-----w- c:\program files\Alwil Software
2010-07-19 19:39 . 2010-07-19 19:39 -------- d-----w- c:\program files\Glary Utilities
2010-07-19 07:34 . 2010-07-19 10:02 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-07-19 05:54 . 2008-04-21 21:28 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-07-14 10:51 . 2010-07-14 10:51 -------- d-----w- c:\program files\EA GAMES
2010-06-29 17:00 . 2010-07-21 11:26 -------- d-----w- c:\program files\Steam
2010-06-25 17:51 . 2010-06-30 10:52 -------- d-----w- c:\program files\Metin2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 11:32 . 2001-10-25 14:00 47206 ----a-w- c:\windows\system32\perfc005.dat
2010-07-21 11:32 . 2001-10-25 14:00 312970 ----a-w- c:\windows\system32\perfh005.dat
2010-07-21 10:24 . 2005-08-15 17:04 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000004-00511102}.dat
2010-07-21 10:24 . 2005-08-15 17:04 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-0000000A-00001102-00000004-00511102}.dat
2010-07-21 08:48 . 2009-12-15 14:25 -------- d-----w- c:\program files\Valve
2010-07-21 08:25 . 2009-07-15 19:48 -------- d-----w- c:\program files\ICQ6.5
2010-07-20 15:13 . 2009-11-03 13:30 -------- d-----w- c:\program files\Stylish Profile
2010-07-20 14:38 . 2005-12-23 17:49 -------- d-----w- c:\program files\TweakNow RegCleaner Std
2010-07-20 13:32 . 2010-05-26 19:13 -------- d-----w- c:\program files\Java
2010-07-19 21:58 . 2008-11-13 13:56 -------- d-----w- c:\program files\Google
2010-07-16 19:07 . 2008-11-16 13:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-06 18:04 . 2009-08-07 19:42 -------- d-----w- c:\program files\Ask.com
2010-06-28 20:33 . 2005-10-27 15:35 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-19 12:56 . 2010-06-19 12:56 -------- d-----w- c:\program files\Stellarium
2010-06-18 11:20 . 2010-06-18 11:19 -------- d-----w- c:\program files\VirtualDJ
2010-06-05 12:43 . 2010-06-05 12:42 -------- d-----w- c:\program files\MOV to AVI MPEG WMV Converter
2010-06-04 11:22 . 2005-08-15 16:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-04 09:25 . 2002-03-25 20:02 11973 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-05-04 17:18 . 2002-09-20 18:05 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:18 . 2005-08-15 11:44 78336 ------w- c:\windows\system32\ieencode.dll
2010-05-04 17:18 . 2001-10-25 14:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-15 14:22 . 2009-12-15 14:14 302548481 ----a-w- c:\program files\Counter-Strike1.6(1).exe
2009-12-09 18:49 . 2009-12-09 16:23 733777632 ----a-w- c:\program files\Counter-Strike Source(1).exe
2009-12-09 14:59 . 2009-12-09 14:58 733777632 ---ha-w- c:\program files\Counter-Strike Source.exe
2009-12-09 14:34 . 2009-12-09 14:33 57008 ----a-w- c:\program files\cfgs.rar
2009-11-27 12:41 . 2009-11-27 12:41 997113166 ---ha-w- c:\program files\cs_source.rar
2008-10-16 15:58 . 2008-12-24 19:43 2848436 ----a-w- c:\program files\Landa-Touha.mp3
2008-10-01 10:05 . 2008-12-24 19:43 4001792 ----a-w- c:\program files\Enrique Iglesias - Hero.mp3
2008-08-10 23:08 . 2008-08-10 23:08 978396 ----a-w- c:\program files\BDAXP.cab
2008-08-03 15:36 . 2008-08-03 15:36 137003 ----a-w- c:\program files\bhop2.png
2008-06-13 14:46 . 2008-12-24 19:43 5904863 ----a-w- c:\program files\Chinaski - Vakuum.mp3
2008-05-21 11:28 . 2008-12-24 19:43 3343717 ----a-w- c:\program files\Enrique Iglesias - Escape.mp3
2008-05-21 11:00 . 2008-12-24 19:43 5825885 ----a-w- c:\program files\Falling Slowly.mp3
2008-05-20 07:36 . 2008-12-24 19:43 3190317 ----a-w- c:\program files\Glen Hansard-All the way down.mp3
2008-05-20 07:32 . 2008-12-24 19:43 6467440 ----a-w- c:\program files\Fergie - Big Girls Dont Cry.mp3
2008-04-28 18:24 . 2008-12-24 19:43 5552128 ----a-w- c:\program files\Enrique Iglesias - Ring my bells.mp3
2008-04-28 18:20 . 2008-12-24 19:43 3965306 ----a-w- c:\program files\Enrique Iglesias - 03 - Love to see you cry - 21century.mp3
2008-04-28 18:05 . 2008-12-24 19:43 5574053 ----a-w- c:\program files\Fergie - Wont Let You Fall.mp3
2008-04-28 18:00 . 2008-12-24 19:43 6561752 ----a-w- c:\program files\Fergie.mp3
2005-12-20 19:41 . 2005-12-20 19:41 8192 --sha-w- c:\windows\o2cLicStore.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2008-03-04 12:44 1470488 ----a-w- c:\program files\MyPlayCity\tbMyPl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2010-05-17 10:58 2515552 ----a-w- c:\program files\TorrentMan\tbTor0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-01-07 06:51 185344 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2008-03-04 1470488]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor0.dll" [2010-05-17 2515552]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2008-03-04 1470488]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor0.dll" [2010-05-17 2515552]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-13 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-09-17 1933381]
"Steam"="c:\program files\steam\steam.exe" [2010-07-02 1238352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"D_V_T"="c:\\dvt.exe" [2006-02-10 3584]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 45056]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CARPService"="carpserv.exe" [2002-11-19 4608]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
c:\documents and settings\Radim\Nabˇdka Start\Programy\Po spuçtŘnˇ\
setup_9.0.0.722_21.07.2010_13-25.lnk - c:\documents and settings\Radim\Plocha\Virus Removal Tool\setup_9.0.0.722_21.07.2010_13-25\startup.exe [2010-7-21 72208]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HostingClientShortcut.lnk - c:\hosting\client\HostingClient.exe [2010-5-26 81920]
hp instant support.lnk - c:\program files\Hewlett-Packard\HP Instant Support DI\bin\matcli.exe [2005-8-15 208896]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-5-29 323646]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-5-29 147456]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Shell"="c:\program files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
"TaskTray"="c:\program files\Creative\SBAudigy\TaskBar\CTLTray.exe"
"TaskBar"="c:\program files\Creative\SBAudigy\TaskBar\CTLTask.exe"
"Eyeball Chat"="c:\progra~1\Eyeball\EYEBAL~1\EyeballChat.exe" -min
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"Jet Detection"=c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
"CARPService"=carpserv.exe
"WINDVDPatch"=CTHELPER.EXE
"CTStartup"=c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run
"Share-to-Web Namespace Daemon"=c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Hry\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\hosting\\client\\HostingClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23048:TCP"= 23048:TCP:BitComet 23048 TCP
"23048:UDP"= 23048:UDP:BitComet 23048 UDP
R0 42574892;42574892 Boot Guard Driver;c:\windows\system32\drivers\42574892.sys [21.7.2010 12:00 37392]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 42574891;42574891;c:\windows\system32\drivers\42574891.sys [21.7.2010 12:00 128016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.7.2010 23:56 165456]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [31.3.2006 22:15 24786]
R1 setup_9.0.0.722_21.07.2010_13-25drv;setup_9.0.0.722_21.07.2010_13-25drv;c:\windows\system32\drivers\4257489.sys [21.7.2010 12:00 315408]
R2 Apache2.2;Apache2.2;c:\hosting\apache\bin\httpd.exe [28.9.2009 23:41 24645]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.7.2010 23:56 17744]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [26.9.2005 16:47 8576]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [15.8.2005 17:58 227200]
S3 Devx;Devx;c:\windows\system32\drivers\Devx.sys [29.11.2008 19:03 4448]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [31.3.2006 22:15 45534]
S3 VtPr;VtPr;c:\windows\system32\drivers\VtPr.sys [29.11.2008 19:03 3328]
S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [24.3.2007 14:26 258560]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.2.2009 15:34 717296]
.
Obsah adresáře 'Naplánované úlohy'
2010-07-21 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-07-19 09:14]
2010-07-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-13 19:34]
2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:06]
2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:06]
2010-07-20 c:\windows\Tasks\Norton Security Scan for Radim.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-11 22:51]
2010-07-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search13.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://search13.net/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Přelož do češtiny - c:\program files\Seznam Bezpecny Internet\SBI.dll/5034
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Hledej v &Seznamu - c:\program files\Seznam Bezpecny Internet\SBI.dll/5033
IE: Hledej v Seznam &Fulltextu - c:\program files\Seznam Bezpecny Internet\SBI.dll/5035
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
LSP: imon.dll
TCP: {05696265-2E64-4DC0-8F18-BF9B1D6C91D1} = 10.0.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\ih157vk4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.startup.homepage - hxxp://search13.net?clid=486
FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Notify-WgaLogon - (no file)
AddRemove-Heroes of Might and Magic® III - c:\program files\3DO\Heroes3\Uninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-21 13:32
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(980)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(3200)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\LogMeIn Hamachi\hamachi-2.exe
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\carpserv.exe
c:\program files\Eset\nod32krn.exe
c:\program files\Photodex\ProShowGold\ScsiAccess.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\hosting\tomcat\bin\tomcat6.exe
.
**************************************************************************
.
Celkový čas: 2010-07-21 13:52:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-21 11:51
Před spuštěním: 6 284 451 840
Po spuštění: 6 761 582 592
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 704B556CD1A6EEC234CCAFB01ED404BB
Teď idu na ten AVptool...
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 45 hostů