Prosím o kontrolu logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Zamčeno
Uživatelský avatar
autoprd
Level 4.5
Level 4.5
Příspěvky: 1715
Registrován: únor 09
Bydliště: ▼▲☺U Pc ☺▼▲
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele autoprd

Re: Prosím o kontrolu logu

Příspěvekod autoprd » 04 srp 2010 09:36

ComboFix 10-08-03.01 - PoKaRko 04.08.2010 0:12.9.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.1513 [GMT 2:00]
Spuštěný z: d:\documents and settings\PoKaRko\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-03 do 2010-08-03 )))))))))))))))))))))))))))))))
.

2010-07-28 22:50 . 2010-07-28 22:50 -------- d-----w- c:\program files\Winamp Detect
2010-07-24 06:17 . 2010-07-28 22:50 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 1
2010-07-20 21:42 . 2010-07-20 21:58 -------- d-----w- c:\program files\Foto2Avi
2010-07-20 21:35 . 2010-07-20 21:35 -------- d-----w- c:\program files\Video DVD Maker
2010-07-20 20:58 . 2010-07-20 20:58 -------- d-----w- c:\program files\DebugMode
2010-07-18 19:38 . 2010-03-01 08:05 124784 ----a-w- d:\windows\system32\drivers\avipbb.sys
2010-07-18 19:38 . 2010-02-16 12:24 60936 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2010-07-18 19:38 . 2009-05-11 10:49 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys
2010-07-18 19:38 . 2009-05-11 10:49 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys
2010-07-18 19:38 . 2010-07-18 19:38 -------- d-----w- c:\program files\Avira
2010-07-15 12:40 . 2010-07-15 12:40 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-07-13 17:00 . 2010-07-14 21:09 7168 ----a-w- d:\windows\system32\drivers\ute2ndu5.sys
2010-07-13 14:07 . 2010-07-14 21:41 -------- d-----w- c:\program files\Counter-Strike Source
2010-07-12 14:08 . 2010-07-12 14:08 -------- d-----w- c:\program files\TopCD
2010-07-12 13:53 . 2010-07-12 21:35 -------- d-----w- c:\program files\Landwirtschafts-Simulator 2009
2010-07-12 06:47 . 2010-07-12 06:47 2 --shatr- d:\windows\winstart.bat
2010-07-12 06:43 . 2010-07-12 19:06 24416 ----a-w- d:\windows\system32\drivers\regguard.sys
2010-07-12 06:42 . 2010-07-12 06:42 -------- d-----r- D:\comment.htt
2010-07-12 06:41 . 2010-07-12 06:41 -------- d-----w- c:\program files\Greatis
2010-07-12 06:26 . 2008-09-07 15:22 8704 ----a-w- d:\windows\system32\ssbtsr.exe
2010-07-12 06:26 . 2010-07-12 06:26 -------- d-----w- c:\program files\ScanSpyware
2010-07-11 19:51 . 2010-07-11 19:51 -------- d-----w- c:\program files\NCH Swift Sound

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 20:17 . 2010-06-16 16:10 -------- d-----w- c:\program files\ICQ7.2
2010-08-01 16:44 . 2010-01-22 20:40 444952 ----a-w- d:\windows\system32\wrap_oal.dll
2010-08-01 16:44 . 2010-01-22 20:40 109080 ----a-w- d:\windows\system32\OpenAL32.dll
2010-08-01 16:43 . 2010-04-01 10:23 -------- d-----w- c:\program files\Prodigium Game Studios
2010-07-28 22:54 . 2010-05-17 11:45 -------- d-----w- c:\program files\Winamp
2010-07-25 15:45 . 2010-02-11 10:54 66872 ----a-w- d:\windows\system32\PnkBstrA.exe
2010-07-22 05:59 . 2001-11-24 18:02 491064 ----a-w- d:\windows\system32\perfh005.dat
2010-07-22 05:59 . 2001-11-24 18:02 98588 ----a-w- d:\windows\system32\perfc005.dat
2010-07-20 21:42 . 2009-11-29 12:47 -------- d-----w- c:\program files\AviSynth 2.5
2010-07-20 21:19 . 2009-10-23 19:57 -------- d-----w- c:\program files\Avidemux 2.5
2010-07-19 08:20 . 2009-11-28 22:20 -------- d-----w- c:\program files\Metin2_CZ
2010-07-13 13:57 . 2010-06-05 07:19 -------- d-----w- c:\program files\Valve
2010-07-12 21:54 . 2009-11-30 19:49 -------- d-----w- c:\program files\Audacity
2010-07-11 19:51 . 2010-07-11 19:51 -------- d-----w- c:\program files\NCH Swift Sound
2010-07-01 09:40 . 2010-07-01 09:40 -------- d-----w- c:\program files\No-IP
2010-07-01 04:53 . 2009-10-18 12:10 -------- d-----w- c:\program files\CCleaner
2010-06-29 18:45 . 2009-11-29 19:49 -------- d-----w- c:\program files\Cheat Engine
2010-06-29 14:52 . 2010-01-02 23:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-29 14:40 . 2009-12-11 21:25 -------- d-----w- c:\program files\FreeFixer
2010-06-28 14:33 . 2010-06-28 14:33 -------- d-----w- c:\program files\High-Logic FontCreator6
2010-06-28 11:37 . 2009-11-29 13:12 -------- d-----w- c:\program files\Cucusoft
2010-06-26 22:47 . 2010-01-24 00:44 -------- d-----w- d:\program files\Common Files\Adobe
2010-06-26 18:15 . 2010-06-26 18:15 -------- d-----w- c:\program files\Adobe Media Player
2010-06-26 18:13 . 2010-06-26 18:13 -------- d-----w- d:\program files\Common Files\Adobe AIR
2010-06-26 18:05 . 2010-06-26 18:05 -------- d-----w- c:\program files\CENZURA HD
2010-06-25 18:38 . 2010-05-07 18:24 -------- d-----w- c:\program files\VstPlugins
2010-06-25 18:36 . 2010-06-25 18:36 -------- d-----w- c:\program files\rgcaudio software
2010-06-25 18:33 . 2009-12-18 22:28 -------- d-----w- c:\program files\Image-Line
2010-06-20 09:14 . 2010-06-20 09:14 -------- d-----w- c:\program files\Creative Labs
2010-06-20 09:14 . 2010-06-20 09:13 -------- d-----w- c:\program files\EidosNet
2010-06-20 09:13 . 2010-06-20 09:13 -------- d-----w- c:\program files\Eidos Interactive
2010-06-16 19:21 . 2010-06-16 19:21 -------- d-----w- c:\program files\Digiarty
2010-06-16 16:13 . 2010-06-16 16:13 -------- d-----w- c:\program files\Ubisoft
2010-06-14 14:55 . 2010-06-11 20:10 -------- d-----w- c:\program files\LG PC Suite II
2010-06-13 14:44 . 2010-06-13 14:44 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-06-13 14:25 . 2010-06-13 14:25 -------- d-----w- d:\program files\Common Files\EZB Systems
2010-06-13 14:25 . 2010-06-13 14:25 -------- d-----w- c:\program files\UltraISO
2010-06-13 06:39 . 2010-06-13 06:39 94080 ----a-w- d:\windows\system32\drivers\ezplay.sys
2010-06-13 06:39 . 2009-12-02 17:22 -------- d-----w- c:\program files\VSO
2010-06-12 22:34 . 2010-06-12 22:32 -------- d-----w- c:\program files\IDM Computer Solutions
2010-06-11 21:20 . 2010-06-11 21:20 -------- d-----w- c:\program files\WinImage
2010-06-11 21:02 . 2010-06-11 21:02 -------- d-----w- c:\program files\DIFX
2010-06-11 20:12 . 2010-06-11 20:12 -------- d-----w- c:\program files\LG Electronics
2010-06-09 19:48 . 2010-06-09 19:48 45056 ----a-w- d:\windows\TRNOEH.DLL
2010-06-09 19:48 . 2010-06-09 19:48 294912 ----a-w- d:\windows\TrnWord.dll
2010-06-09 19:48 . 2010-06-09 19:48 26624 ----a-w- d:\windows\OETRN.EXE
2010-06-09 19:48 . 2010-06-09 19:48 200704 ----a-w- d:\windows\TRNOET.DLL
2010-06-09 19:47 . 2010-06-09 19:47 516096 ----a-w- d:\windows\UN32.EXE
2010-06-02 02:55 . 2010-06-29 13:20 74072 ----a-w- d:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-06-29 13:20 527192 ----a-w- d:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-06-29 13:20 239960 ----a-w- d:\windows\system32\xactengine3_7.dll
2010-05-26 09:41 . 2010-06-29 13:20 2106216 ----a-w- d:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-06-29 13:20 248672 ----a-w- d:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-06-29 13:20 1868128 ----a-w- d:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-06-29 13:20 470880 ----a-w- d:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-06-29 13:20 1998168 ----a-w- d:\windows\system32\D3DX9_43.dll
2010-05-08 21:53 . 2010-05-08 21:53 281760 ----a-w- d:\windows\system32\drivers\atksgt.sys
2010-05-08 21:53 . 2010-05-08 21:53 25888 ----a-w- d:\windows\system32\drivers\lirsgt.sys
2010-05-08 11:50 . 2010-01-22 16:57 87643 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-08 11:50 . 2010-01-22 16:57 3052 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Meebo Notifier"="d:\documents and settings\PoKaRko\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe" [2010-07-14 818888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="d:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2.bin"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\hry\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"c:\\Program Files\\PremiumSoft\\Navicat Lite 8.2\\navicat.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2client.bin.exe"=
"c:\\hry\\NBA 2K10 RePack by Chikatila\\nba2k10.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2client.bin"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\hry\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\hry\\Metin2_CZ\\metin2.bin"=
"c:\\hry\\Metin2_CZ\\metin2client.bin"=
"c:\\Program Files\\Metin2_CZ\\metin2 unpatched.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"d:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"d:\\WINDOWS\\system32\\mmc.exe"=
"d:\\Documents and Settings\\PoKaRko\\Plocha\\SweetImSetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 d347bus;d347bus;d:\windows\system32\drivers\d347bus.sys [23.1.2010 18:57 155136]
R0 d347prt;d347prt;d:\windows\system32\drivers\d347prt.sys [23.1.2010 18:57 5248]
R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [28.2.2010 0:32 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [28.2.2010 0:32 41616]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.7.2010 21:38 135336]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 16:05 1021256]
R3 Egatebus;Egatebus;d:\windows\system32\drivers\egatebus.sys [19.5.2006 10:22 15328]
R3 Egaterdr;Egaterdr;d:\windows\system32\drivers\egaterdr.sys [19.5.2006 10:22 13440]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 8:24 10064]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [17.12.2009 16:02 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [17.12.2009 15:02 110096]
S0 vax347s;vax347s;d:\windows\system32\drivers\vax347s.sys [5.5.2010 13:25 5248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 FlashUSB;FlashUSB;d:\windows\system32\drivers\FlashUSB.sys [11.6.2010 23:02 16896]
S3 ggflt;SEMC USB Flash Driver Filter;d:\windows\system32\drivers\ggflt.sys [25.2.2009 9:16 13352]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [21.6.2007 22:55 42512]
S3 Partizan;Partizan;d:\windows\system32\drivers\Partizan.sys --> d:\windows\system32\drivers\Partizan.sys [?]
S3 RegGuard;RegGuard;d:\windows\system32\drivers\regguard.sys [12.7.2010 8:43 24416]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);d:\windows\system32\drivers\s1018bus.sys [19.6.2010 20:05 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;d:\windows\system32\drivers\s1018mdfl.sys [19.6.2010 20:05 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;d:\windows\system32\drivers\s1018mdm.sys [19.6.2010 20:05 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\s1018mgmt.sys [19.6.2010 20:05 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);d:\windows\system32\drivers\s1018nd5.sys [19.6.2010 20:05 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;d:\windows\system32\drivers\s1018obex.sys [19.6.2010 20:05 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);d:\windows\system32\drivers\s1018unic.sys [19.6.2010 20:05 109864]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;d:\windows\system32\drivers\ScreamingBAudio.sys --> d:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 ute2ndu5;AVZ Kernel Driver;d:\windows\system32\drivers\ute2ndu5.sys [13.7.2010 19:00 7168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 vax347b;vax347b;d:\windows\system32\drivers\vax347b.sys [5.5.2010 13:25 159616]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-07-30 d:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-03 d:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-10-24 12:11]
.
.
------- Doplňkový sken -------
.
FF - ProfilePath - d:\documents and settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Mozilla Firefox 4.0 Beta 1\plugins\npwachk.dll
FF - plugin: d:\program files\Windows Media Player\npdrmv2.dll
FF - plugin: d:\program files\Windows Media Player\npdsplay.dll
FF - plugin: d:\program files\Windows Media Player\npwmsdrm.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-04 00:18
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A3CC3F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecfc3
\Driver\ACPI -> ACPI.sys @ 0xb9f31cb8
\Driver\atapi -> 0x8a3cc3f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9d88bc3
PacketIndicateHandler -> NDIS.sys @ 0xb9d94b21
SendHandler -> NDIS.sys @ 0xb9d88d33
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="FB6646591F5D92751C729385B3C602CB2997419178C218A60F1616AF49EB09598C79F28C9E4C50A6255F28DD6B58B1D6D8B59381380B795F321F8F2B207F189922D735218E280D062DB0ED8E57929A27E81C52DC9C33D266FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D5D575E7D6A3B9808FEBC9E127BECC74C8ECE25319F9729766C89337ACDAEA72F3D7856039496B730859CD608777C2A872537D295A84F1AACD3519E5E718EFBE3EC5477AE61B2EEB690B70668571A6C7A88BC288F5011B9E4083516EF945EB737BDDF5445A169F4F025D06FF8796C18943C6F11F72E389C037E015D074A00555EACBDA33D87474604ED02E1F54DC7518EBB8411E70C00AAEE9A22C9425C3B20922EB7B0D6773AB61C8C0E3B5E75E58F247154BBC36B0C9E96B8A9C50248B8BA1229B5DA148A176BE614D6F0F548609B1640DBBAAC7F5F8A6925CC4FEA3C88189D784717BB8F94DD170EE48B42CE3994A57C3D4B0C2E654F5D22E7F8E51E1C82FB6B9FE856874F5C6474642690CA546E9BEEBBBF8D946BA6696677E9A1864A957645166FB228448708B8A4F2EE2BFBEE455540FBA181A19B0C9A9D5A0F424D425ABCA558E2DA58D6C13D1A343019D9326FDF5979FB791E0FC45E219AE1D0434E787B6BE53E3DD392535CDB436BED802570B3364595335AB298C3698B15E6AED029232CF05DA0E0D804E0A68C7CB7620C9DEA2C02A91AB39090CF86A4E36DF5B842C5CE641F8A8E1B9D0BDA0F82BAD97BD39135E3394DEA82B8FC29EED081E345A568DDBF25355121EF0EFA61DFEB21E172A8ED3588A126B92238298AA172268B31880794D68DFE82CC132FA9BC765B7ADD2615D09E1EEE38E0E5FDA75D46CF734D959E0C5CB455AD8B36C42503380B5AFCF192AA487DB2D88ED9C78D52B3583C626F9BE1A50172E407062B2463C499E63B69EDC695B0C14446DEC59691A99774DD709863E4FBD93D9C87F3894FE1525C88DDD3BE5BD9537BAAB3E0AFF0C5CD81B161D2740FE1F2A130345A507F0B66475994154030517ED25F8921DD095E9C9CD403AF8DDD25884EA7F43882EEED698DA445A70CF1A2C2F18C86B335B6FA0BD1BE8735B852EB4B55ED2C0D41DBECD4E2659D23F6408D0054DE44EC601C5A02036E958F962B0F4D9D722DFEC04A9E84D39BBF45EAFE04FCC809D1411E1DE95263E5C78AD8F09C8760A64054C9004EB8BECBBF6EE455306275BCB0CA40E250ACFCA82F9B47EC54D3AB802179B70AF917D57D2724F6326BBD4F35D7C72E5B66282CC24DD7BCAC2EF1DFFC7FFDFAB55326A13BF08FC442C57F23ADAF19603836BDA1C098FB2A83D206B3997F161818C2537A95117C0AFC83FE12669645E56D034EE2B4FD6611079E96B258"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1616)
d:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-08-04 00:20:47
ComboFix-quarantined-files.txt 2010-08-03 22:20

Před spuštěním: Volných bajtů: 21 848 952 832
Po spuštění: Volných bajtů: 21 806 010 368

- - End Of File - - 67AA61D5F8511D32EB88459DED898DF1
Nahoru
Reklama
Top
Uživatelský avatar
bledulka
Level 5
Level 5
Příspěvky: 2242
Registrován: srpen 09
Pohlaví: Žena
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod bledulka » 04 srp 2010 20:50

Odinstaluj všechny virtuální jednotky (Daemon nebo alcohol)

Stáhni SPTD http://www.duplexsecure.com/en/downloads
-vyber verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-ulož na plochu a spusť
- zvol možnost Uninstall
- restart PC



**********************************************

Stahni Gmer http://www.gmer.net/gmer.zip
-rozbal ho a spusť
-po prvním rychlém skenu klikni na tlačítko Save, uloží se log, který mi sem zkopíruješ.
-v pravém sloupci označ všechny položky fajfkou ve čtverečku a klikni na tlačítko scan
-až se sken dokončí, opět tlačítkem Save ulož log, který sem vložíš.


**********************************************

Stáhni MBR
http://www2.gmer.net/mbr/mbr.exe
-ulož ho na plochu
- start-spustit
do okénka zkopíruj
"%userprofile%\plocha\mbr" -t
ok
-na ploše se vytvoří log s názvem mbr.log, vlož ho sem
Nahoru
Uživatelský avatar
autoprd
Level 4.5
Level 4.5
Příspěvky: 1715
Registrován: únor 09
Bydliště: ▼▲☺U Pc ☺▼▲
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele autoprd

Re: Prosím o kontrolu logu

Příspěvekod autoprd » 05 srp 2010 10:06

sptd Mi NENEchÁ DÁT UNINSTAL JEN INSTALL
a Gmer spadne :AppName: gmer.exe AppVer: 1.0.15.15281 ModName: gmer.exe
ModVer: 1.0.15.15281 Offset: 0005c887

mbr: Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A510898]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8a510898
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
Nahoru
Uživatelský avatar
bledulka
Level 5
Level 5
Příspěvky: 2242
Registrován: srpen 09
Pohlaví: Žena
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod bledulka » 05 srp 2010 10:09

Zkus ještě gmer v nouzovém režimu.
Mbr.exe spusť normálně dvojklikem, na ploše by se Ti měl objevit texták, vlož ho zde.
Nahoru
Uživatelský avatar
autoprd
Level 4.5
Level 4.5
Příspěvky: 1715
Registrován: únor 09
Bydliště: ▼▲☺U Pc ☺▼▲
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele autoprd

Re: Prosím o kontrolu logu

Příspěvekod autoprd » 05 srp 2010 10:32

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Ten gmer Hned udělÁM ;-)
Nahoru
Uživatelský avatar
bledulka
Level 5
Level 5
Příspěvky: 2242
Registrován: srpen 09
Pohlaví: Žena
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod bledulka » 05 srp 2010 17:59

Dobře. Počkám na něj.
Nahoru
Uživatelský avatar
autoprd
Level 4.5
Level 4.5
Příspěvky: 1715
Registrován: únor 09
Bydliště: ▼▲☺U Pc ☺▼▲
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele autoprd

Re: Prosím o kontrolu logu

Příspěvekod autoprd » 05 srp 2010 20:08

Nejde ani v noUzáqu :))

JeDIně SKUSIT expand z windows cd USER32 A WINLOGONA ale já nemám doma windows cd xD
Nahoru
Uživatelský avatar
bledulka
Level 5
Level 5
Příspěvky: 2242
Registrován: srpen 09
Pohlaví: Žena
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod bledulka » 05 srp 2010 20:28

Nemusíš.

Ještě jeden testík, kde ověřím co máš za soubory a vyměníme to.

Stáhni OTL
http://oldtimer.geekstogo.com/OTL.exe
-do spodního okénka vlož tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c

-dej fajfku do čtverečku u řádku Pro všechny uživatele
-nech ostatní položky jak je nastaveno na screenu
- potvrď tlačítko Prohledat.
-provede se sken, log OTL.Txt sem vlož

Obrázek
Nahoru
Uživatelský avatar
autoprd
Level 4.5
Level 4.5
Příspěvky: 1715
Registrován: únor 09
Bydliště: ▼▲☺U Pc ☺▼▲
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele autoprd

Re: Prosím o kontrolu logu

Příspěvekod autoprd » 05 srp 2010 21:31

OTL logfile created on: 5.8.2010 20:51:54 - Run 5
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Documents and Settings\PoKaRko\Dokumenty\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195,32 Gb Total Space | 15,20 Gb Free Space | 7,78% Space Free | Partition Type: NTFS
Drive D: | 37,56 Gb Total Space | 21,74 Gb Free Space | 57,88% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: lUCA
Current User Name: PoKaRko
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Mozilla Firefox 4.0 Beta 1\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox 4.0 Beta 1\firefox.exe (Mozilla Corporation)
PRC - D:\Documents and Settings\PoKaRko\Dokumenty\Downloads\OTL(1).exe (OldTimer Tools)
PRC - D:\Documents and Settings\PoKaRko\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe (Meebo, Inc.)
PRC - C:\Program Files\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - D:\Documents and Settings\PoKaRko\Dokumenty\Downloads\OTL(1).exe (OldTimer Tools)
MOD - D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - D:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (wuauserv) -- C:\WINDOWS\system32\wuauserv.dll File not found
SRV - (HidServ) -- D:\WINDOWS\System32\hidserv.dll File not found
SRV - (FLEXnet Licensing Service) -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (aspnet_state) -- D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- D:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (Microsoft Office Groove Audit Service) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (StarWindService) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)


========== Driver Services (SafeList) ==========

DRV - (SCREAMINGBDRIVER) -- D:\WINDOWS\System32\drivers\ScreamingBAudio.sys File not found
DRV - (rootrepeal) -- D:\WINDOWS\System32\drivers\rootrepeal.sys File not found
DRV - (Partizan) -- D:\WINDOWS\System32\drivers\Partizan.sys File not found
DRV - (catchme) -- D:\DOCUME~1\PoKaRko\LOCALS~1\Temp\catchme.sys File not found
DRV - (ute2ndu5) -- D:\WINDOWS\system32\drivers\ute2ndu5.sys ()
DRV - (RegGuard) -- D:\WINDOWS\system32\drivers\regguard.sys (Greatis Software)
DRV - (ezplay) -- D:\WINDOWS\system32\drivers\ezplay.sys (VSO Software)
DRV - (atksgt) -- D:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- D:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (avipbb) -- D:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (hamachi) -- D:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (avgntflt) -- D:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (BootScreen) -- D:\WINDOWS\System32\drivers\vidstub.sys ()
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (VBoxDrv) -- D:\WINDOWS\system32\drivers\VBoxDrv.sys (Sun Microsystems, Inc.)
DRV - (VBoxNetFlt) -- D:\WINDOWS\system32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.)
DRV - (VBoxNetAdp) -- D:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (VBoxUSBMon) -- D:\WINDOWS\system32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (ati2mtag) -- D:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (TPkd) -- D:\WINDOWS\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (FlashUSB) -- D:\WINDOWS\system32\drivers\FlashUSB.sys (Danish Wireless Design A/S)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- D:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (s1018mdm) -- D:\WINDOWS\system32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- D:\WINDOWS\system32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- D:\WINDOWS\system32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- D:\WINDOWS\system32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- D:\WINDOWS\system32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- D:\WINDOWS\system32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- D:\WINDOWS\system32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (USBModem) -- D:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- D:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- D:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (adfs) -- D:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ggsemc) -- D:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- D:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (speedfan) -- D:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (Egatebus) -- D:\WINDOWS\system32\drivers\egatebus.sys (Axalto)
DRV - (Egaterdr) -- D:\WINDOWS\system32\drivers\egaterdr.sys (Axalto)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- D:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (vax347b) -- D:\WINDOWS\system32\drivers\vax347b.sys ( )
DRV - (HDAudBus) -- D:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (HdAudAddService) -- D:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (d347prt) -- D:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (d347bus) -- D:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- D:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (vax347s) -- D:\WINDOWS\System32\Drivers\vax347s.sys ( )
DRV - (giveio) -- D:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Startpage = http://uk.msn.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Startpage = http://uk.msn.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-329068152-152049171-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Startpage = http://uk.msn.com/
IE - HKU\S-1-5-21-329068152-152049171-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.cz/"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: gemgecko@gemius.com:1.02
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.22 15:11:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.22 15:11:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b2\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 1\components [2010.07.28 10:19:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 1\plugins [2010.07.29 00:50:42 | 000,000,000 | ---D | M]

[2010.02.16 14:44:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Extensions
[2010.07.29 11:41:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\extensions
[2010.07.24 08:22:15 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2010.04.02 22:12:34 | 000,000,000 | ---D | M] (Aero Fox) -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010.07.29 09:43:15 | 000,000,000 | ---D | M] () -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}
[2010.07.23 23:57:27 | 000,000,000 | ---D | M] (Download Statusbar) -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.07.24 08:24:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\extensions\zigboom.designs@gmail.com
[2010.05.22 13:38:46 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
[2010.05.22 13:38:46 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010.05.22 13:38:46 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
[2010.04.02 22:12:54 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2010.05.05 13:37:38 | 000,002,555 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\searchplugins\askcom.xml
[2010.07.30 20:19:42 | 000,000,945 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\searchplugins\icqplugin.xml
[2010.08.03 09:30:56 | 000,002,477 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\searchplugins\igoogle.xml
[2010.03.07 02:46:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.07.22 15:10:59 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.07.22 15:10:59 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.07.22 15:10:59 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.07.22 15:10:59 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.07.22 15:10:59 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.08.04 00:22:29 | 000,000,000 | RH-- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\S-1-5-21-329068152-152049171-725345543-1003..\Run: [Meebo Notifier] D:\Documents and Settings\PoKaRko\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe (Meebo, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-152049171-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-329068152-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-329068152-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-329068152-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKU\S-1-5-21-329068152-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (D:\Documents and Settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - D:\Documents and Settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: D:\Documents and Settings\PoKaRko\Plocha\blond emo\milacek.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\PoKaRko\Plocha\blond emo\milacek.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.17 16:23:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.07.12 08:42:54 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.07.12 08:42:54 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - D:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - D:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll File not found

Drivers32: msacm.divxa32 - D:\WINDOWS\System32\DivXa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\System32\l3codeca.acm (Kristal Studio)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - D:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - D:\WINDOWS\System32\DivXc32.dll (Kristal Studio)
Drivers32: vidc.DIVX - D:\WINDOWS\System32\DivX.dll ()
Drivers32: VIDC.FPS1 - D:\WINDOWS\System32\frapsvid.dll ()
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - D:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - D:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - D:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - D:\WINDOWS\system32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 7 Days ==========

[2010.08.05 19:28:04 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\PoKaRko\Recent
[2010.08.04 14:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2010.08.04 00:23:08 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2010.08.04 00:06:29 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe
[2010.08.04 00:06:29 | 000,161,792 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe
[2010.08.04 00:06:29 | 000,136,704 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe
[2010.08.04 00:06:29 | 000,031,232 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe
[2010.08.04 00:05:14 | 000,000,000 | ---D | C] -- D:\WINDOWS\ERDNT
[2010.08.04 00:03:34 | 000,000,000 | ---D | C] -- D:\Qoobox
[2010.08.02 17:01:03 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Dokumenty\NON COMMERCIAL USE
[2010.08.01 23:21:39 | 000,000,000 | -HSD | C] -- D:\WINDOWS\CSC
[2010.08.01 20:07:19 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Local Settings\Data aplikací\FBL Gameplay Demo
[2010.07.29 21:34:59 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Data aplikací\Meebo
[2010.07.29 21:34:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\PoKaRko\Local Settings\Data aplikací\Meebo
[2010.05.05 13:25:26 | 000,159,616 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\vax347b.sys
[2010.05.05 13:25:26 | 000,005,248 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\vax347s.sys
[2010.01.23 18:57:00 | 000,155,136 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\d347bus.sys
[2010.01.23 18:57:00 | 000,005,248 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\d347prt.sys
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.08.05 20:45:50 | 000,001,066 | ---- | M] () -- D:\WINDOWS\wcx_ftp.ini
[2010.08.05 20:45:21 | 000,003,764 | ---- | M] () -- D:\WINDOWS\WINCMD.INI
[2010.08.05 20:19:00 | 000,000,380 | ---- | M] () -- D:\WINDOWS\tasks\AWC AutoSweep.job
[2010.08.05 20:18:47 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010.08.05 20:18:45 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010.08.05 20:13:39 | 008,464,744 | -H-- | M] () -- D:\Documents and Settings\PoKaRko\Local Settings\Data aplikací\IconCache.db
[2010.08.05 20:04:40 | 014,680,064 | -H-- | M] () -- D:\Documents and Settings\PoKaRko\NTUSER.DAT
[2010.08.05 20:04:36 | 000,000,178 | -HS- | M] () -- D:\Documents and Settings\PoKaRko\ntuser.ini
[2010.08.05 09:58:51 | 000,077,312 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\mbr.exe
[2010.08.05 09:40:09 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010.08.04 14:42:16 | 000,000,286 | ---- | M] () -- D:\WINDOWS\tasks\wavepadShakeIcon.job
[2010.08.04 14:40:03 | 002,818,358 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\R-S Clan intro new.mp3
[2010.08.04 14:37:18 | 000,000,684 | ---- | M] () -- D:\Documents and Settings\All Users\Plocha\WavePad Sound Editor.lnk
[2010.08.04 00:22:29 | 000,000,000 | RH-- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
[2010.08.04 00:18:33 | 000,000,305 | ---- | M] () -- D:\WINDOWS\system.ini
[2010.08.04 00:05:56 | 003,749,567 | R--- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\ComboFix.exe
[2010.08.03 08:51:23 | 002,364,552 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.02 17:22:10 | 000,012,115 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\Untitled-1.png
[2010.08.02 17:02:13 | 000,088,656 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.08.02 15:21:58 | 000,000,930 | -HS- | M] () -- D:\WINDOWS\setup_9.0.0.722_13.07.2010_07-56drv.spi
[2010.08.02 09:01:24 | 001,039,508 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\buffy[1].mp3
[2010.08.02 00:39:03 | 000,020,323 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\wota.jpg
[2010.08.01 23:14:28 | 000,053,362 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\wts.JPG
[2010.08.01 23:01:13 | 000,051,164 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\AutoRuns.rar
[2010.08.01 23:00:27 | 002,896,810 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\AutoRuns.arn
[2010.08.01 18:44:51 | 000,444,952 | ---- | M] (Creative Labs) -- D:\WINDOWS\System32\wrap_oal.dll
[2010.08.01 18:44:51 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- D:\WINDOWS\System32\OpenAL32.dll
[2010.08.01 17:11:18 | 000,335,867 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\luci.jpg
[2010.07.30 21:58:01 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.07.30 15:13:28 | 000,097,218 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\DSC00188.jpg
[2010.07.30 10:48:52 | 000,148,938 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\P1010023.JPG
[2010.07.30 10:45:40 | 000,109,336 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\P1010022.JPG
[2010.07.29 21:34:58 | 000,001,208 | ---- | M] () -- D:\Documents and Settings\PoKaRko\Plocha\Meebo Notifier.lnk
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.08.05 17:15:46 | 000,001,689 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\icon_healthy.gif
[2010.08.05 09:58:51 | 000,077,312 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\mbr.exe
[2010.08.04 14:42:15 | 000,000,286 | ---- | C] () -- D:\WINDOWS\tasks\wavepadShakeIcon.job
[2010.08.04 14:37:18 | 000,000,684 | ---- | C] () -- D:\Documents and Settings\All Users\Plocha\WavePad Sound Editor.lnk
[2010.08.04 00:06:29 | 000,256,512 | ---- | C] () -- D:\WINDOWS\PEV.exe
[2010.08.04 00:06:29 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
[2010.08.04 00:06:29 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
[2010.08.04 00:06:29 | 000,077,312 | ---- | C] () -- D:\WINDOWS\MBR.exe
[2010.08.04 00:06:29 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
[2010.08.02 17:22:07 | 000,012,115 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\Untitled-1.png
[2010.08.02 16:05:17 | 000,114,102 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\38377_143531902333115_100000289177071_355505_6788444_n.jpg
[2010.08.02 14:01:45 | 000,000,930 | -HS- | C] () -- D:\WINDOWS\setup_9.0.0.722_13.07.2010_07-56drv.spi
[2010.08.02 01:02:19 | 001,039,508 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\buffy[1].mp3
[2010.08.02 00:38:04 | 000,020,323 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\wota.jpg
[2010.08.01 23:18:51 | 003,749,567 | R--- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\ComboFix.exe
[2010.08.01 23:14:28 | 000,053,362 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\wts.JPG
[2010.08.01 23:01:13 | 000,051,164 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\AutoRuns.rar
[2010.08.01 23:00:25 | 002,896,810 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\AutoRuns.arn
[2010.08.01 17:11:16 | 000,335,867 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\luci.jpg
[2010.08.01 16:30:26 | 000,052,081 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\34482417.jpg
[2010.07.30 15:13:26 | 000,097,218 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\DSC00188.jpg
[2010.07.30 10:40:29 | 002,124,958 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\P1010024.MOV
[2010.07.30 10:40:29 | 000,148,938 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\P1010023.JPG
[2010.07.30 10:40:29 | 000,109,336 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\P1010022.JPG
[2010.07.29 21:34:58 | 000,001,208 | ---- | C] () -- D:\Documents and Settings\PoKaRko\Plocha\Meebo Notifier.lnk
[2010.07.13 19:00:34 | 000,007,168 | ---- | C] () -- D:\WINDOWS\System32\drivers\ute2ndu5.sys
[2010.07.12 08:35:07 | 000,000,805 | ---- | C] () -- D:\WINDOWS\ScanSpyware.INI
[2010.06.30 15:49:55 | 000,015,497 | ---- | C] () -- D:\WINDOWS\snp2uvc.ini
[2010.06.30 15:49:31 | 000,000,036 | ---- | C] () -- D:\WINDOWS\PidList.ini
[2010.06.30 15:49:28 | 000,000,049 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2010.06.30 15:49:22 | 000,626,688 | ---- | C] () -- D:\WINDOWS\Image.dll
[2010.06.30 15:49:13 | 000,000,038 | ---- | C] () -- D:\WINDOWS\avisplitter.ini
[2010.06.30 15:49:10 | 000,050,176 | ---- | C] () -- D:\WINDOWS\armcex.dll
[2010.06.28 13:37:17 | 000,057,344 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll
[2010.06.28 13:37:17 | 000,000,547 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.06.17 18:48:11 | 000,000,071 | ---- | C] () -- D:\WINDOWS\System32\UFS2XXUN.ini
[2010.06.17 16:47:24 | 000,034,308 | ---- | C] () -- D:\WINDOWS\System32\bassmod.dll
[2010.06.09 21:48:16 | 000,200,704 | ---- | C] () -- D:\WINDOWS\TRNOET.DLL
[2010.06.09 21:48:16 | 000,045,056 | ---- | C] () -- D:\WINDOWS\TRNOEH.DLL
[2010.06.09 21:47:59 | 000,000,041 | ---- | C] () -- D:\WINDOWS\WTRDCTM.INI
[2010.06.09 21:47:15 | 000,002,753 | ---- | C] () -- D:\WINDOWS\UN32P.INI
[2010.06.09 21:32:51 | 000,001,678 | ---- | C] () -- D:\WINDOWS\MAILTRAN.INI
[2010.06.09 21:32:50 | 000,002,476 | ---- | C] () -- D:\WINDOWS\TRNCOM.INI
[2010.06.09 21:32:40 | 000,002,192 | ---- | C] () -- D:\WINDOWS\WDICT32.INI
[2010.06.09 21:32:39 | 000,004,817 | ---- | C] () -- D:\WINDOWS\WTRAN32.INI
[2010.05.17 14:29:30 | 000,000,461 | ---- | C] () -- D:\WINDOWS\EAGRAPH.INI
[2010.05.08 23:53:19 | 000,281,760 | ---- | C] () -- D:\WINDOWS\System32\drivers\atksgt.sys
[2010.05.08 23:53:19 | 000,025,888 | ---- | C] () -- D:\WINDOWS\System32\drivers\lirsgt.sys
[2010.04.08 18:17:48 | 000,151,552 | ---- | C] () -- D:\WINDOWS\System32\nvRegDev.dll
[2010.04.04 17:10:47 | 000,000,286 | ---- | C] () -- D:\WINDOWS\game.ini
[2010.04.01 11:58:29 | 001,589,248 | ---- | C] () -- D:\WINDOWS\System32\libmysql_d.dll
[2010.03.27 20:34:25 | 001,970,176 | ---- | C] () -- D:\WINDOWS\System32\d3dx9.dll
[2010.02.16 13:48:50 | 000,120,200 | ---- | C] () -- D:\WINDOWS\System32\DLLDEV32i.dll
[2010.02.11 13:03:55 | 000,000,155 | ---- | C] () -- D:\WINDOWS\level.ini
[2010.02.11 12:54:59 | 000,138,184 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.01.30 02:46:59 | 000,163,456 | ---- | C] () -- D:\WINDOWS\System32\drivers\vidstub.sys
[2010.01.30 02:42:00 | 000,049,152 | ---- | C] () -- D:\WINDOWS\System32\DirSize.dll
[2010.01.30 00:23:33 | 000,000,325 | ---- | C] () -- D:\WINDOWS\SIERRA.INI
[2010.01.23 14:30:08 | 000,001,066 | ---- | C] () -- D:\WINDOWS\wcx_ftp.ini
[2010.01.22 19:07:33 | 000,003,764 | ---- | C] () -- D:\WINDOWS\WINCMD.INI
[2009.02.25 09:38:22 | 000,249,856 | ---- | C] () -- D:\WINDOWS\System32\DivX.dll
[2008.10.28 17:40:48 | 000,173,552 | ---- | C] () -- D:\WINDOWS\System32\xlive.dll.cat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- D:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelFrench.dll
[2006.05.19 10:22:58 | 000,053,248 | ---- | C] () -- D:\WINDOWS\System32\slbmgpg.dll
[2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- D:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- D:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- D:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- D:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- D:\WINDOWS\System32\ogg.dll
[2005.03.02 18:44:59 | 000,036,864 | ---- | C] () -- D:\WINDOWS\System32\frapsvid.dll
[2004.08.17 15:49:10 | 000,081,920 | ---- | C] () -- D:\WINDOWS\System32\ieencode.dll
[2001.01.12 11:49:38 | 000,021,504 | ---- | C] () -- D:\WINDOWS\System32\zlib.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- D:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = D:\WINDOWS\system32\ctfmon.exe -- [2004.08.17 15:49:24 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Meebo Notifier" = "D:\Documents and Settings\PoKaRko\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe" /startup -- [2010.07.14 20:23:52 | 000,818,888 | ---- | M] (Meebo, Inc.)

< c:\windows\*.* /U >


< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- D:\WINDOWS\system32\dllcache\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\ERDNT\cache\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\dllcache\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- D:\WINDOWS\ERDNT\cache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- D:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- D:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- D:\Documents and Settings\PoKaRko\Dokumenty\RegRun2\Files\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- D:\WINDOWS\ERDNT\cache\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- D:\WINDOWS\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- D:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.03 22:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- D:\WINDOWS\system32\hal.dll

< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- D:\WINDOWS\ERDNT\cache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- D:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- D:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- D:\WINDOWS\ERDNT\cache\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- D:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- D:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- D:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- D:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- D:\WINDOWS\ERDNT\cache\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- D:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- D:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- D:\WINDOWS\ERDNT\cache\scecli.dll
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- D:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- D:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- D:\WINDOWS\system32\dllcache\smss.exe
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- D:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- D:\WINDOWS\ERDNT\cache\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- D:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- D:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- D:\WINDOWS\ERDNT\cache\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- D:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- D:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- D:\WINDOWS\ERDNT\cache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- D:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- D:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- D:\Documents and Settings\PoKaRko\Dokumenty\RegRun2\Files\WS2_32.dll
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- D:\WINDOWS\ERDNT\cache\ws2_32.dll
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- D:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- D:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2004.08.17 15:49:10 | 000,249,344 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\iepeers.dll
[2007.12.18 16:43:06 | 000,417,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\vbscript.dll

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< End of report >
Nahoru
Uživatelský avatar
bledulka
Level 5
Level 5
Příspěvky: 2242
Registrován: srpen 09
Pohlaví: Žena
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod bledulka » 05 srp 2010 23:13

Můžeš zkusit nainstalovat sp3?
Nahoru
Uživatelský avatar
autoprd
Level 4.5
Level 4.5
Příspěvky: 1715
Registrován: únor 09
Bydliště: ▼▲☺U Pc ☺▼▲
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele autoprd

Re: Prosím o kontrolu logu

Příspěvekod autoprd » 06 srp 2010 08:56

UŽ se STahuje :)))
Nahoru
Uživatelský avatar
bledulka
Level 5
Level 5
Příspěvky: 2242
Registrován: srpen 09
Pohlaví: Žena
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod bledulka » 06 srp 2010 09:15

Fajn, tak ho nainstaluj a uvidíme.
Pak napiš jak to vypadá s počítačem, jestli ty hlášky přestaly vyskakovat.
Nahoru
Zamčeno

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: DotNetDotCom.org [Bot] a 44 hostů