keyloogger-nejde odinstalovat,avast hlasi jako vir

bledulka · Příspěvekod **bledulka** » 03 zář 2011 22:36

Pokud to zamrzne, tak s tím nejde nic dělat ani po půl hodině.

Stáhni OTL
http://oldtimer.geekstogo.com/OTL.exe
-do spodního okénka vlož tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c

-dej fajfku do čtverečku u řádku Pro všechny uživatele
-nech ostatní položky jak je nastaveno na screenu
- potvrď tlačítko Prohledat.
-provede se sken, log OTL.Txt sem vlož

Reklama

Pauline · Příspěvekod **Pauline** » 04 zář 2011 11:04

OTL logfile created on: 4.9.2011 10:44:07 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\NTB\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

895,20 Mb Total Physical Memory | 469,85 Mb Available Physical Memory | 52,49% Memory free
1,46 Gb Paging File | 1,02 Gb Available in Paging File | 70,08% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44,72 Gb Total Space | 26,16 Gb Free Space | 58,49% Space Free | Partition Type: NTFS
Drive D: | 29,81 Gb Total Space | 29,69 Gb Free Space | 99,59% Space Free | Partition Type: NTFS

Computer Name: NTB-B92FA736C20 | User Name: NTB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011.09.04 10:41:24 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NTB\Plocha\OTL.exe
PRC - [2011.07.04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.05.10 12:34:22 | 004,456,448 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010.05.10 12:33:42 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010.05.10 12:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010.05.10 12:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.10.23 19:35:58 | 000,376,921 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2007.10.23 19:35:40 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007.08.23 11:18:24 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007.08.15 11:38:30 | 000,147,456 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007.08.08 11:03:42 | 002,441,216 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007.07.05 16:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.08.07 13:11:00 | 000,573,440 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

========== Modules (No Company Name) ==========

MOD - [2011.09.03 19:54:51 | 001,384,960 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11090301\algo.dll
MOD - [2011.09.03 10:46:00 | 000,208,544 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11090301\aswRep.dll
MOD - [2011.08.11 11:03:20 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll
MOD - [2011.08.11 11:03:19 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
MOD - [2011.08.11 11:03:09 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
MOD - [2011.08.11 11:03:05 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
MOD - [2011.08.11 11:01:52 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011.08.11 10:59:43 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011.08.11 10:59:03 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll
MOD - [2011.08.11 10:57:56 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011.08.11 10:56:57 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011.08.11 10:56:50 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011.08.11 10:56:48 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011.08.02 14:10:44 | 003,542,616 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll
MOD - [2011.06.16 21:16:17 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010.05.10 12:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2010.05.10 12:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008.04.14 05:21:47 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.08.15 11:38:30 | 000,147,456 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
MOD - [2007.08.08 11:03:42 | 002,441,216 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
MOD - [2007.07.05 16:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
MOD - [2006.08.23 23:32:26 | 000,163,840 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASUSNet.dll
MOD - [2004.05.27 18:13:10 | 000,057,344 | ---- | M] () -- C:\Program Files\ATK Hotkey\CMSSC.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.08.02 14:10:44 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.06.26 08:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2010.05.10 12:33:42 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010.05.10 12:32:36 | 001,858,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010.05.10 12:32:06 | 000,482,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2007.10.23 19:35:40 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)

========== Driver Services (SafeList) ==========

DRV - [2011.07.04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.07.04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.07.04 13:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.07.04 13:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.10.22 07:43:52 | 002,304,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.02.13 13:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007.10.26 02:20:36 | 000,549,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007.08.24 11:46:48 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007.07.03 19:46:24 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006.12.14 16:44:06 | 000,085,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.11.03 09:32:30 | 004,394,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.08.07 13:13:50 | 000,980,608 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004.08.04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004.05.27 18:13:04 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\ATK Hotkey\ASNDIS5.SYS -- (ASNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1482476501-1417001333-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1482476501-1417001333-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2001.10.25 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-1482476501-1417001333-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [ATKHOTKEY] C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-1417001333-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1482476501-1417001333-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B01376F-BACA-4874-925F-72A7F2DD07B7}: DhcpNameServer = 192.168.1.20
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.22 06:54:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c65d437f-2e11-11e0-b79a-0015af57a220}\Shell - "" = AutoRun
O33 - MountPoints2\{c65d437f-2e11-11e0-b79a-0015af57a220}\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 7 Days ==========

[2011.09.04 10:41:12 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NTB\Plocha\OTL.exe
[2011.09.03 21:47:26 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011.09.03 21:41:43 | 004,194,725 | R--- | C] (Swearware) -- C:\Documents and Settings\NTB\Plocha\ComboFix.exe
[2011.09.02 17:26:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.09.02 17:24:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.09.02 17:24:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.09.02 17:24:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.09.02 17:24:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.09.02 17:24:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.09.02 17:23:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.09.02 17:23:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NTB\Dokumenty\Filmy
[2011.09.02 17:22:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NTB\Recent
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2011.09.04 10:41:24 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NTB\Plocha\OTL.exe
[2011.09.04 00:07:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.03 22:23:39 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\NTB\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.03 22:12:55 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011.09.03 22:12:50 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.03 22:12:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011.09.03 22:11:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.09.03 21:43:31 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\NTB\NTUSER.DAT
[2011.09.03 21:43:31 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\NTB\ntuser.ini
[2011.09.03 21:41:43 | 004,194,725 | R--- | M] (Swearware) -- C:\Documents and Settings\NTB\Plocha\ComboFix.exe
[2011.09.03 12:47:29 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011.09.02 17:26:08 | 000,000,514 | RHS- | M] () -- C:\boot.ini
[2011.09.01 22:10:02 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\Microsoft Office Word 2003.lnk
[2011.09.01 16:31:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.08.31 20:02:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.08.30 19:15:14 | 000,021,674 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\cc_20110830_191500.reg
[2011.08.29 18:50:01 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.09.02 17:26:08 | 000,000,397 | ---- | C] () -- C:\Boot.bak
[2011.09.02 17:26:07 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.09.02 17:24:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.09.02 17:24:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.09.02 17:24:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.09.02 17:24:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.09.02 17:24:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.08.30 19:15:08 | 000,021,674 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\cc_20110830_191500.reg
[2011.06.21 20:28:07 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2011.06.21 20:28:07 | 000,002,411 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011.02.01 16:44:43 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\Microsoft.SqlServer.Compact.351.32.bc
[2011.01.28 13:26:27 | 000,950,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2011.01.24 19:11:17 | 000,002,390 | ---- | C] () -- C:\WINDOWS\WINTRAN.INI
[2011.01.24 19:09:30 | 000,001,776 | ---- | C] () -- C:\WINDOWS\wdict32.INI
[2011.01.08 17:40:57 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.11.19 19:12:49 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\NTB\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.05 18:50:25 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.10.22 08:37:26 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2010.10.22 08:34:42 | 000,989,060 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.10.22 08:34:41 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.10.22 08:33:21 | 000,215,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.10.22 08:16:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010.10.22 06:59:39 | 005,355,620 | -H-- | C] () -- C:\Documents and Settings\NTB\Local Settings\Data aplikací\IconCache.db
[2010.10.22 06:59:19 | 000,046,832 | ---- | C] () -- C:\Documents and Settings\NTB\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.10.22 06:56:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.10.22 06:54:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2010.10.22 06:52:59 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010.10.22 06:52:54 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010.10.22 06:50:38 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.10.22 06:50:25 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2010.10.22 06:50:25 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2010.10.22 06:49:45 | 000,026,364 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2010.10.22 06:49:44 | 000,003,680 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2010.10.09 03:20:48 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\msb-c9ofd.dll
[2010.08.16 22:54:05 | 000,009,845 | ---- | C] () -- C:\WINDOWS\System32\msw-n9ofe.dll
[2007.07.04 22:28:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007.07.04 22:28:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007.07.04 22:28:08 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007.06.05 13:40:44 | 000,149,278 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004.08.17 16:58:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.17 16:49:18 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2004.08.17 16:49:12 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2004.08.17 16:49:08 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2004.08.17 16:49:04 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2004.08.17 16:49:04 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2004.08.17 16:48:38 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2004.08.03 23:51:26 | 000,053,888 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe
[2004.08.03 23:48:46 | 000,003,330 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2004.08.03 23:46:56 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2004.08.03 23:45:20 | 000,033,904 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004.08.03 23:45:16 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2004.08.03 23:45:16 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2004.08.03 23:45:14 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2004.08.03 23:45:12 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2004.08.02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.07.17 12:46:14 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2004.07.17 12:34:48 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2003.04.09 16:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.10.25 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.25 14:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2001.10.25 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.10.25 14:00:00 | 000,436,016 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.10.25 14:00:00 | 000,432,938 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2001.10.25 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.10.25 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2001.10.25 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.10.25 14:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2001.10.25 14:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2001.10.25 14:00:00 | 000,079,862 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2001.10.25 14:00:00 | 000,070,222 | ---- | C] () -- C:\WINDOWS\System32\edit.com
[2001.10.25 14:00:00 | 000,068,912 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.10.25 14:00:00 | 000,051,166 | ---- | C] () -- C:\WINDOWS\System32\command.com
[2001.10.25 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.10.25 14:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2001.10.25 14:00:00 | 000,039,370 | ---- | C] () -- C:\WINDOWS\System32\mem.exe
[2001.10.25 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2001.10.25 14:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2001.10.25 14:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2001.10.25 14:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2001.10.25 14:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2001.10.25 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.10.25 14:00:00 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2001.10.25 14:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2001.10.25 14:00:00 | 000,020,922 | ---- | C] () -- C:\WINDOWS\System32\debug.exe
[2001.10.25 14:00:00 | 000,019,742 | ---- | C] () -- C:\WINDOWS\System32\graphics.com
[2001.10.25 14:00:00 | 000,019,741 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2001.10.25 14:00:00 | 000,015,983 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2001.10.25 14:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2001.10.25 14:00:00 | 000,014,767 | ---- | C] () -- C:\WINDOWS\System32\kb16.com
[2001.10.25 14:00:00 | 000,013,546 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2001.10.25 14:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2001.10.25 14:00:00 | 000,012,786 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe
[2001.10.25 14:00:00 | 000,012,514 | ---- | C] () -- C:\WINDOWS\System32\append.exe
[2001.10.25 14:00:00 | 000,011,803 | ---- | C] () -- C:\WINDOWS\System32\setver.exe
[2001.10.25 14:00:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2001.10.25 14:00:00 | 000,009,035 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2001.10.25 14:00:00 | 000,008,504 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe
[2001.10.25 14:00:00 | 000,007,084 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe
[2001.10.25 14:00:00 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2001.10.25 14:00:00 | 000,004,880 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2001.10.25 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.10.25 14:00:00 | 000,003,244 | ---- | C] () -- C:\WINDOWS\System32\nw16.exe
[2001.10.25 14:00:00 | 000,003,010 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2001.10.25 14:00:00 | 000,002,932 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2001.10.25 14:00:00 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2001.10.25 14:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2001.10.25 14:00:00 | 000,001,256 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2001.10.25 14:00:00 | 000,001,133 | ---- | C] () -- C:\WINDOWS\System32\vwipxspx.exe
[2001.10.25 14:00:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com
[2001.10.25 14:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe
[2001.10.25 14:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe
[2001.10.25 14:00:00 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe
[2001.10.25 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001.10.25 14:00:00 | 000,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2001.10.25 14:00:00 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2001.10.25 14:00:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2001.10.24 14:25:12 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe
[2001.10.24 14:25:00 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >
[5 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< MD5 for: AGP440.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.03.10 17:40:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011.03.10 17:40:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.03.10 17:40:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011.03.10 17:40:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 16:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 16:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2011.03.10 17:40:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2011.03.10 17:40:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.03 23:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: LSASS.EXE >
[2004.08.17 16:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.17 16:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 16:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 16:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 16:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 16:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 16:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 16:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 185 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8927A071

< End of report >

Příspěvekod **jaro3** » 04 zář 2011 18:16

To jo , Combofix normálně pracuje 30-40min , nebo i déle.

bledulka · Příspěvekod **bledulka** » 04 zář 2011 20:24

Tahle složka patří k tomu keyllogeru?
C:\WINDOWS\assembly\GAC_32

Pauline · Příspěvekod **Pauline** » 04 zář 2011 22:03

Nerekla bych...popravde ani nevim, co to je :eh:

pokud to neni nejak treba, jsem pro to smazat samozrejme.... Co vim, tak ten keylogger byl C:\Program Files\Kuairbgrjljwp\eyiowfp.exe ey, tohle mi vzdy hlasil avast..

bledulka · Příspěvekod **bledulka** » 04 zář 2011 22:08

Takže tu složku vůbec neznáš? Můžu ji tedy smazat?

Pauline · Příspěvekod **Pauline** » 04 zář 2011 22:13

jj, pokud to neni dulezite k fungovani pc,coz asi neni :smile:

jinak ono asi tech slozek,co neznam,bude vic... Doufam,ze pujde se toho nejak zbavit,asi by bylo lepsi vzpomenout si na heslo,ale at zkousim,co zkousim,nemuzu na nej prijit :-(

bledulka · Příspěvekod **bledulka** » 04 zář 2011 22:21

Už píšu skript na výmaz, prosím, Tě, kdy jsi ten keylloger instalovala? je možné že 11.8.?

bledulka · Příspěvekod **bledulka** » 04 zář 2011 22:25

Ty složky jsou asi v pořádku, vypadá to že je to po aktualizaci.

Spusť OTL
-do bílého okna dole zkopíruj:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
@Alternate Data Stream - 185 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8927A071
O3 - HKU\S-1-5-21-1482476501-1417001333-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
SRV - [2011.06.26 08:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
MOD - [2011.08.02 14:10:44 | 003,542,616 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll
SRV - [2011.08.02 14:10:44 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)

:files
c:\Program Files\Common Files\Akamai
C:\Program Files\Kuairbgrjljwp

:COMMANDS
[emptytemp]
[EMPTYFLASH]
[reboot]

-klikni na tlačítko opravit.
-log vlož zde

Pauline · Příspěvekod **Pauline** » 04 zář 2011 22:31

myslím, ze spis 22.6.... jdu tedy udelat zbytek. A ktere ze slozky jsou v poradku? jinak nevim,jestli je to podstatny,ale tata slozka,kde je ten keylogger, je jako skryta,coz je asi vlastne jasny :smile:

Pauline · Příspěvekod **Pauline** » 04 zář 2011 22:39

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:8927A071 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1482476501-1417001333-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Service PEVSystemStart stopped successfully!
Service PEVSystemStart deleted successfully!
C:\ComboFix\pev.3XE moved successfully.
Service Akamai stopped successfully!
Service Akamai deleted successfully!
c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll moved successfully.
========== FILES ==========
c:\Program Files\Common Files\Akamai\Logs\dump folder moved successfully.
c:\Program Files\Common Files\Akamai\Logs folder moved successfully.
c:\Program Files\Common Files\Akamai\Languages folder moved successfully.
c:\Program Files\Common Files\Akamai\Cache folder moved successfully.
c:\Program Files\Common Files\Akamai folder moved successfully.
C:\Program Files\Kuairbgrjljwp\Log\Visual folder moved successfully.
C:\Program Files\Kuairbgrjljwp\Log\Text folder moved successfully.
C:\Program Files\Kuairbgrjljwp\Log\Audio folder moved successfully.
C:\Program Files\Kuairbgrjljwp\Log folder moved successfully.
C:\Program Files\Kuairbgrjljwp folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 174099 bytes

User: All Users

User: All Users.WINDOWS2

User: Data aplikací

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User.WINDOWS2

User: Documents and Settings

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 112981 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 488439 bytes

User: NTB
->Temp folder emptied: 1937912 bytes
->Temporary Internet Files folder emptied: 492777833 bytes
->Flash cache emptied: 60324 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134153 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 81920 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 143656348 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 612,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: All Users.WINDOWS2

User: Data aplikací

User: Default User
->Flash cache emptied: 0 bytes

User: Default User.WINDOWS2

User: Documents and Settings

User: LocalService

User: NetworkService

User: NTB
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.27.0 log created on 09042011_223217

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NTB\Local Settings\Temp\~DF25D7.tmp not found!
File\Folder C:\Documents and Settings\NTB\Local Settings\Temp\~DF25F7.tmp not found!
File\Folder C:\Documents and Settings\NTB\Local Settings\Temp\~DF26C2.tmp not found!
File\Folder C:\Documents and Settings\NTB\Local Settings\Temp\~DF26DD.tmp not found!
File\Folder C:\Documents and Settings\NTB\Local Settings\Temp\~DF2740.tmp not found!
File\Folder C:\Documents and Settings\NTB\Local Settings\Temp\~DF2755.tmp not found!
File\Folder C:\Documents and Settings\NTB\Local Settings\Temp\~DF27E5.tmp not found!
File\Folder C:\Documents and Settings\NTB\Local Settings\Temp\~DF27F9.tmp not found!
File\Folder C:\Documents and Settings\NTB\Local Settings\Temp\~DF286F.tmp not found!
File\Folder C:\Documents and Settings\NTB\Local Settings\Temp\~DF2884.tmp not found!
C:\Documents and Settings\NTB\Local Settings\Temporary Internet Files\Content.IE5\J1XFNT2S\adsCAIZ8LM0.htm moved successfully.
C:\Documents and Settings\NTB\Local Settings\Temporary Internet Files\Content.IE5\J1XFNT2S\viewtopic[1].htm moved successfully.
C:\Documents and Settings\NTB\Local Settings\Temporary Internet Files\Content.IE5\866BAFAT\adsCAEN2NW3.htm moved successfully.
C:\Documents and Settings\NTB\Local Settings\Temporary Internet Files\Content.IE5\5FUACV3J\fastbutton[1].htm moved successfully.
C:\Documents and Settings\NTB\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

bledulka · Příspěvekod **bledulka** » 04 zář 2011 23:15

Stahni CCleaner http://www.filehippo.com/download_cclea ... cbae6b492/
-nainstaluj (neinstaluj Yahoo toolbar)

-zvol záložku Čistič
-nechej v levém sloupečku zatrhnuté vše jak je a zmáčkni tlačítko analyzovat
-pak potvrď tlačítko Spustit Ccleaner
-tím se vyčistí počítač od dočasných soubborů, doporučuji pravidelně používat.

-vyber záložku registry
-klikni na tlačítko hledej problémy
-pak klikni na opravit vybrané problémy, potvrď, že chceš udělat zálohu a nech všechno opravit

Restartuj pc, a nahlas jak to vypadá.

keyloogger-nejde odinstalovat,avast hlasi jako vir Vyřešeno

Re: keyloogger-nejde odinstalovat,avast hlasi jako vir

Re: keyloogger-nejde odinstalovat,avast hlasi jako vir

Re: keyloogger-nejde odinstalovat,avast hlasi jako vir

Re: keyloogger-nejde odinstalovat,avast hlasi jako vir

Re: keyloogger-nejde odinstalovat,avast hlasi jako vir

Re: keyloogger-nejde odinstalovat,avast hlasi jako vir

Re: keyloogger-nejde odinstalovat,avast hlasi jako vir

Re: keyloogger-nejde odinstalovat,avast hlasi jako vir

Re: keyloogger-nejde odinstalovat,avast hlasi jako vir

Re: keyloogger-nejde odinstalovat,avast hlasi jako vir

Re: keyloogger-nejde odinstalovat,avast hlasi jako vir

Re: keyloogger-nejde odinstalovat,avast hlasi jako vir

Kdo je online