Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3

Patříte mezi Vzorné návštěvníky? Pak je tato sekce pro vás.

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Odpovědět
Zpráva
Autor
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3

#16 Příspěvek od Unlimited_Killer »

Super, už tam nic nevidím, ale zkontrolovat to musíme.

~~~

Odinstalujte všechny virtuální mechaniky (Daemon, Alcohol atp.)

~~~
motji píše: :arrow: Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
~~~

Stáhněte MBR.exe
Uložte tuto utilitu na Plochu.
Stiskněte Start -> Spustit [Win+R] -> zadejte / vkopírujte následující:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t
a stiskněte Enter.
Na ploše se vytvoří textový soubor s názvem mbr.log, jehož obsah mi sem vkopírujete.

~~~

Stáhněte GMER a dvojklikem spusťte.
Několik sekund bude skenovat. Poté klikněte na 'Save' v pravém dolním rohu a uložte první log - ten vložte sem do fóra.
Poté vytvořte druhý log, přičemž se budete řídit tímto návodem. Tento log sem také vložte.

~~~

Spusťte Poznámkový blok [Start > Spustit > notepad > Enter].
Do něho vkopírujte následující text:

Kód: Vybrat vše

Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
Uložte například na Plochu jako oprava.reg [viz obrázek] a dvojklikem spusťte.
Obrázek
Poté restartujte PC.

~~~

Poté nový RSIT log.
inactive
Nahoru
otomar
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 32
Registrován: 10 lis 2008 13:02

Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3

#17 Příspěvek od otomar »

OKi :) Ten GMER trva asi 3 hodiny - je to normalni?
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3

#18 Příspěvek od Unlimited_Killer »

Ano, někdy trvá 'déle' :D
inactive
Nahoru
otomar
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 32
Registrován: 10 lis 2008 13:02

Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3

#19 Příspěvek od otomar »

Tak tady jsou vysledky :) :

Log MBR:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x12a18ac1 size 0x18a !
PE file found in sector at 0x012A18AC1 !

Lg z GMER_prvni:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-13 21:44:27
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Otomar\LOCALS~1\Temp\fgtdapob.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x12a18ac1 size 0x18a

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

---- EOF - GMER 1.0.15 ----

Log z GMER_druhy:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-14 05:01:40
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Otomar\LOCALS~1\Temp\fgtdapob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF31370B0]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[376] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0xBA 0x55 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x47 0x8A 0x1A 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8D 0xFC 0x6B 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x93 0xEC 0x59 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x17 0x33 0x9C 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x86 0x8A 0xAC 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x8C 0xB1 0xCE 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCE 0x03 0xE0 0xD2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x17 0x33 0x9C 0x5C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD6 0xB1 0x7B 0x01 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0xBA 0x55 0xCC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x47 0x8A 0x1A 0x27 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8D 0xFC 0x6B 0xD0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x93 0xEC 0x59 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x17 0x33 0x9C 0x5C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x86 0x8A 0xAC 0xA7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x8C 0xB1 0xCE 0xD9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xC6 0xB5 0x0F 0x93 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x12a18ac1 size 0x18a

---- EOF - GMER 1.0.15 ----

a nakonec RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Otomar at 2010-01-14 09:54:22
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (20%) free of 40 GB
Total RAM: 1023 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:32, on 14.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Otomar\Plocha\RSIT.exe
C:\Program Files\trend micro\Otomar.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://85.193.52.237/VatDec.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - http://picasaweb.google.com/s/v/57.07/uploader2.cab
O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/Ovi ... 3.37.6.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - https://as.photoprintit.de/ips-opdata/l ... oader4.cab
O16 - DPF: {EAA105FE-7BBD-4196-8B96-D46743894195} (MjpegControl Class) - http://85.193.52.188/plugin/mjpegcontrol.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6383 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{9D59650E-0831-4813-8BB2-14ADE04CE5E7}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-08-20 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-15 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-08-20 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll [2009-04-17 211272]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-08-20 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2007-12-21 1443072]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-01-05 2002160]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
C:\WINDOWS\mHotkey.exe [2006-12-08 547840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\system32\CTHELPER.EXE [2003-08-28 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-01-15 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2009-10-26 753664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2007-03-15 2225208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Cleaner]
C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe [2006-07-14 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Otomar^Nabídka Start^Programy^Po spuštění^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2008-07-28 575488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2
"Dot3svcnapagent"=2
"Bonjour Service"=2
"iPod Service"=3
"idsvc"=3
"gusvc"=3
"gupdate1c98d1a1f97a8ce"=2
"Apple Mobile Device"=2
"WMPNetworkSvc"=3
"ServiceLayer"=3
"PnkBstrB"=2
"PnkBstrA"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-13 21:35:59 ----SHD---- C:\RECYCLER
2010-01-13 16:45:07 ----D---- C:\WINDOWS\temp
2010-01-13 16:45:05 ----A---- C:\ComboFix.txt
2010-01-13 15:51:31 ----A---- C:\avenger.txt
2010-01-13 07:11:17 ----D---- C:\Avenger
2010-01-13 07:04:41 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-01-12 11:03:18 ----D---- C:\Documents and Settings\Otomar\Data aplikací\AdobeUM
2010-01-11 21:19:56 ----A---- C:\Boot.bak
2010-01-11 21:19:50 ----RASHD---- C:\cmdcons
2010-01-11 21:18:20 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-11 21:18:20 ----A---- C:\WINDOWS\MBR.exe
2010-01-11 21:18:17 ----A---- C:\WINDOWS\zip.exe
2010-01-11 21:18:17 ----A---- C:\WINDOWS\SWREG.exe
2010-01-11 21:18:17 ----A---- C:\WINDOWS\sed.exe
2010-01-11 21:18:17 ----A---- C:\WINDOWS\PEV.exe
2010-01-11 21:18:17 ----A---- C:\WINDOWS\grep.exe
2010-01-11 21:18:16 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-11 21:18:16 ----A---- C:\WINDOWS\SWSC.exe
2010-01-11 21:18:08 ----D---- C:\WINDOWS\ERDNT
2010-01-11 21:15:11 ----D---- C:\Qoobox
2010-01-11 20:50:54 ----D---- C:\rsit
2010-01-11 20:50:54 ----D---- C:\Program Files\trend micro
2010-01-11 16:39:40 ----D---- C:\WINDOWS\Prefetch
2010-01-11 15:54:52 ----D---- C:\Program Files\WinXP Manager
2010-01-11 14:58:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-01-11 14:58:31 ----D---- C:\Program Files\SUPERAntiSpyware
2010-01-11 14:58:30 ----D---- C:\Documents and Settings\Otomar\Data aplikací\SUPERAntiSpyware.com
2010-01-11 13:32:17 ----D---- C:\Program Files\Codemasters
2010-01-11 13:28:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2010-01-09 15:22:05 ----D---- C:\Documents and Settings\Otomar\Data aplikací\Nokia Ovi Suite
2010-01-09 15:11:20 ----D---- C:\Program Files\PC Connectivity Solution
2010-01-09 15:08:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\OviInstallerCache
2010-01-07 15:52:11 ----D---- C:\Program Files\QuickTime
2010-01-05 13:01:18 ----D---- C:\Program Files\Common Files\PCSuite
2010-01-04 22:28:38 ----D---- C:\Config.Msi
2010-01-04 12:14:36 ----D---- C:\Program Files\Pracovní kalendář_203
2010-01-03 22:23:23 ----A---- C:\WINDOWS\ModemLog_Nokia N95 USB Modem #8.txt
2010-01-02 00:41:42 ----D---- C:\m64pci
2010-01-02 00:26:19 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-12-31 11:43:56 ----D---- C:\Program Files\ATI
2009-12-26 22:51:39 ----D---- C:\Program Files\Rozpisy pro Sportku - free verze 107
2009-12-26 22:50:45 ----A---- C:\WINDOWS\GPInstall.exe
2009-12-26 21:07:26 ----D---- C:\Program Files\VS Revo Group
2009-12-24 22:43:15 ----D---- C:\Documents and Settings\Otomar\Data aplikací\vlc
2009-12-24 22:42:18 ----D---- C:\Program Files\VideoLAN
2009-12-24 20:41:19 ----A---- C:\WINDOWS\system32\SP7302.INI
2009-12-24 20:41:19 ----A---- C:\WINDOWS\system32\CoInst_071029.dll
2009-12-24 20:41:17 ----D---- C:\WINDOWS\Pixart
2009-12-24 20:41:17 ----D---- C:\Program Files\KYE
2009-12-24 20:41:17 ----A---- C:\WINDOWS\AMCap.exe
2009-12-20 18:05:17 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-12-19 20:53:23 ----D---- C:\Program Files\Common Files\DivX Shared
2009-12-19 20:53:22 ----D---- C:\Program Files\DivX

======List of files/folders modified in the last 1 months======

2010-01-13 16:45:08 ----D---- C:\WINDOWS\system32\drivers
2010-01-13 16:45:07 ----D---- C:\WINDOWS
2010-01-13 16:43:37 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-13 16:40:43 ----A---- C:\WINDOWS\system.ini
2010-01-13 16:36:57 ----SD---- C:\WINDOWS\Tasks
2010-01-13 16:35:37 ----D---- C:\WINDOWS\system32
2010-01-13 16:35:37 ----D---- C:\WINDOWS\AppPatch
2010-01-13 16:35:36 ----D---- C:\Program Files\Common Files
2010-01-13 16:31:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-13 08:47:34 ----SHD---- C:\System Volume Information
2010-01-13 08:47:34 ----D---- C:\WINDOWS\system32\Restore
2010-01-13 07:04:55 ----SHD---- C:\WINDOWS\Installer
2010-01-13 07:04:41 ----RD---- C:\Program Files
2010-01-11 21:25:49 ----D---- C:\WINDOWS\system32\config
2010-01-11 21:19:56 ----RASH---- C:\Boot.ini
2010-01-11 15:33:39 ----D---- C:\WINDOWS\pss
2010-01-11 14:58:10 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-11 14:51:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-11 14:47:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-01-11 13:52:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-01-11 13:25:06 ----D---- C:\Documents and Settings\Otomar\Data aplikací\Identities
2010-01-10 21:07:12 ----D---- C:\Documents and Settings\Otomar\Data aplikací\Skype
2010-01-10 21:05:20 ----D---- C:\Documents and Settings\Otomar\Data aplikací\skypePM
2010-01-10 20:14:39 ----A---- C:\WINDOWS\win.ini
2010-01-09 15:50:37 ----D---- C:\Documents and Settings\Otomar\Data aplikací\Nokia
2010-01-09 15:50:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-09 15:19:43 ----HD---- C:\WINDOWS\inf
2010-01-09 15:12:33 ----D---- C:\Program Files\Common Files\Nokia
2010-01-09 15:12:09 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-09 15:11:55 ----D---- C:\Program Files\Nokia
2010-01-09 15:11:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-09 00:07:19 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-08 23:41:57 ----D---- C:\WINDOWS\WinSxS
2010-01-08 23:40:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2010-01-08 16:13:24 ----D---- C:\Program Files\ICQ6.5
2010-01-07 15:50:18 ----D---- C:\Program Files\Common Files\Apple
2010-01-06 15:11:52 ----D---- C:\WINDOWS\system32\NtmsData
2010-01-05 12:33:39 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-05 11:34:59 ----D---- C:\WINDOWS\system32\wbem
2010-01-05 11:34:57 ----D---- C:\WINDOWS\Registration
2010-01-05 11:32:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nokia
2010-01-04 23:47:14 ----D---- C:\WINDOWS\Minidump
2010-01-04 22:38:17 ----A---- C:\WINDOWS\ModemLog_Nokia N95 USB Modem.txt
2010-01-03 18:26:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2010-01-03 18:13:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-02 15:45:37 ----RD---- C:\WINDOWS\Offline Web Pages
2010-01-02 15:44:33 ----D---- C:\Program Files\WinRAR
2010-01-02 15:44:32 ----D---- C:\Program Files\RegHealer
2010-01-02 14:59:04 ----A---- C:\WINDOWS\wininit.ini
2010-01-02 00:46:32 ----RSD---- C:\WINDOWS\assembly
2009-12-26 21:29:54 ----SHD---- C:\WINDOWS\CSC
2009-12-26 21:29:54 ----D---- C:\Program Files\totalcmd
2009-12-26 21:29:53 ----D---- C:\Garmin
2009-12-26 21:10:41 ----D---- C:\Program Files\Google
2009-12-24 20:44:14 ----D---- C:\WINDOWS\twain_32
2009-12-24 16:59:17 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-12-22 18:41:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-15 16:15:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\RH_Backups
2009-12-15 15:56:50 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2007-12-21 53768]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 cnmpar21;C; \??\C:\Documents and Settings\All Users\Data aplikací\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmpar21.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2007-12-21 71176]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2003-10-15 186100]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-09-19 496800]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-08-28 6144]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-08-28 136448]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-08-28 145504]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2007-12-21 30728]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2003-08-28 823456]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-13 1897408]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-08-28 113840]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-03 47360]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 eusk2par;EUTRON SmartKey Parallel Driver; \??\C:\WINDOWS\system32\Drivers\eusk2par.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys []
S3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 EagleNT;EagleNT; C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 eusk3usb;SmartKey 3 USB; C:\WINDOWS\System32\Drivers\eusk3usb.sys [2004-11-18 45534]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2003-08-28 135696]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-07-09 52096]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 PAC7302;iSlim 310; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-10-29 458112]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PRODIGY;PRODIGY; C:\WINDOWS\System32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EHttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2007-12-21 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592]
S4 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
S4 gupdate1c98d1a1f97a8ce;Google Update Service (gupdate1c98d1a1f97a8ce); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-12 133104]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-20 182768]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-09 152984]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-22 75064]
S4 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-12-24 215104]
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

Ten registr jsem nacetl, snad to bude dobre :)
Nahoru
otomar
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 32
Registrován: 10 lis 2008 13:02

Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3

#20 Příspěvek od otomar »

Jeste dotazek :)
Mohl bych se nejak zbavit souboru ze systemu PnkBstrA a PnkBstrB :???: Jsou to pozustatky po nejakem hernim serveru ci co....
Diky
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3

#21 Příspěvek od Unlimited_Killer »

0K, je tam zbytkový kód v MBR, ten odstraníme, ale nejdříve ho chci vidět.

~~~

Stáhněte HxD Portable na Plochu.
Rozbalte tak, aby nebyl v žádné složce - ideálně na disk C:
Spusťte a potvrďte výzvu kliknutím na 0K.
Klikněte v liště na 'Extra' -> 'Otvor disk..' -> v nadpisu 'Fyzické disky' (DŮLEŽITÉ) a vyberte 'Pevný disk 1'.
Nahoře je nabídka, který sektor chcete otevřít - já potřebuji 61.
Stiskněte Enter - 'hodí' Vás to rovnou na daný sektor.
Celý sektor - 61 - označte myší a stiskněte Ctrl+C.
Všude by měly být nuly, ale nejsou - tyto čísla mi sem vložíte pomocí Ctrl+V [předtím jste si je uložil do schránky přes Ctrl+C].

Nějak takhle to bude vypadat:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00.....
inactive
Nahoru
otomar
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 32
Registrován: 10 lis 2008 13:02

Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3

#22 Příspěvek od otomar »

Zde sektor 61:

8B 14 24 68 78 56 34 12 8B 0C 24 68 78 56 34 12 0F 20 C0 50 25 FF FF FE FF 0F 22 C0 2B CA 58 0F 22 C0 FF 34 24 68 62 E0 07 37 E8 3B 00 00 00 59 59 68 AB 01 00 00 6A 00 FF D0 60 E8 00 00 00 00 5E 83 C6 15 8B F8 6A 6A 59 F3 A5 B1 80 8D BE 00 FE FF FF FF E0 33 C0 61 FF 74 24 0C FF 54 24 08 59 5A 60 87 CD E8 52 00 00 00 60 8B 6C 24 28 8B 45 3C 8B 54 05 78 03 D5 8B 4A 18 8B 5A 20 03 DD E3 32 49 8B 34 8B 03 F5 33 FF FC 33 C0 AC 3A C4 74 07 C1 CF 0D 03 F8 EB F2 3B 7C 24 24 75 E1 8B 5A 24 03 DD 66 8B 0C 4B 8B 5A 1C 03 DD 8B 04 8B 03 C5 EB 02 33 C0 89 44 24 1C 61 C3 5B 55 68 B8 74 29 85 FF D3 33 D2 52 52 8B F4 52 8B FC E8 26 00 00 00 5C 00 3F 00 3F 00 5C 00 50 00 68 00 79 00 73 00 69 00 63 00 61 00 6C 00 44 00 72 00 69 00 76 00 65 00 30 00 00 00 68 24 00 26 00 8B CC 52 52 6A 40 51 52 6A 18 8B CC 6A 20 6A 03 56 51 68 00 00 10 80 57 FF D0 55 68 62 E0 07 37 FF D3 97 55 68 16 D5 FC 84 FF D3 89 06 68 25 00 00 00 68 00 82 15 43 8B CC 6A 00 51 B9 00 14 03 00 51 51 6A 00 FF D7 50 56 8B CE 96 33 D2 52 52 52 FF 74 24 58 FF 11 55 68 5F 4C D4 DC FF D3 FF 74 24 40 FF D0 8B 46 3C 03 C6 50 8B 50 50 52 52 6A 00 FF D7 97 59 57 32 C0 F3 AA 5F 58 60 8B 48 54 F3 A4 61 2B C6 03 C7 0F B7 48 06 8D 90 F8 00 00 00 60 03 72 14 03 7A 0C 8B 4A 10 E3 02 F3 A4 61 83 C2 28 E2 EC 50 60 8B FE 91 B9 00 C5 00 00 F3 AB 61 55 68 1F 9D 48 9D FF D3 95 56 FF D5 8B 74 24 08 FF B4 24 84 00 00 00 57 8B 46 28 03 C7 FF D0 0B C0 7D 0E 8B 4E 50 E3 09 32 C0 57 F3 AA 5F 57 FF D5 83 C4 60 33 C0 8B FB 83 EF 15 B9 9C 01 00 00 F3 AA 61 C2 04 00 00 00 00 00 00 00 00 00 00
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3

#23 Příspěvek od Unlimited_Killer »

Dobře.

~~~

Otevřete znovu svůj pevný disk v HxD.
Při otevíraní nyní ale odškrtněte volbu 'Otvor len na čítanie'.
Najděte sektor, který potřebujeme přepsat - 61 - a celý jej označte.
Na označený text klikněte pravým tlačítkem myši a vyberte 'Vyplň výber'.
Otevře se Vám nové okno, kde bude standardně nastavené 'Hex-hodnoty - 00'.
Takhle to nechte a klikněte na 0K.
Při zavírání potvrďte změnu a restartujte PC.
Po restartu zkontrolujte, zda se Vám sektor skutečně přepsal.

~~~

Stáhněte MBR.exe
Uložte tuto utilitu na Plochu.
Stiskněte Start -> Spustit [Win+R] -> zadejte / vkopírujte následující:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t
a stiskněte Enter.
Na ploše se vytvoří textový soubor s názvem mbr.log, jehož obsah mi sem vkopírujete.
inactive
Nahoru
otomar
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 32
Registrován: 10 lis 2008 13:02

Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3

#24 Příspěvek od otomar »

Tak v sektoru 61 jsou same 00 :)

Tak tady log z MBR:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
PE file found in sector at 0x012A18AC1 !
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3

#25 Příspěvek od Unlimited_Killer »

0K, ještě jednou GMER :)
inactive
Nahoru
otomar
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 32
Registrován: 10 lis 2008 13:02

Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3

#26 Příspěvek od otomar »

Kompletni ? :o

Nebo staci ten maly?
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3

#27 Příspěvek od Unlimited_Killer »

Nepotěším Vás, ale komplet, ale pokud nechcete, bude mi zatím stačit ComboFix...
inactive
Nahoru
otomar
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 32
Registrován: 10 lis 2008 13:02

Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3

#28 Příspěvek od otomar »

Jste ke me milosrdny :D ale zase na druhou stranu je mi jasne, ze to delam pro sve dobro :!:
Hodim sem zatim CF a zitra dodelam ten GMER :)
Nahoru
otomar
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 32
Registrován: 10 lis 2008 13:02

Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3

#29 Příspěvek od otomar »

Zde cerstvy log z CF:

ComboFix 10-01-15.01 - Otomar 16.01.2010 0:40.18.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.524 [GMT 1:00]
Spuštěný z: c:\documents and settings\Otomar\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikacˇ\bybulet.vbs

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-15 do 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-14 22:46 . 2009-04-01 20:47 1683968 ----a-w- C:\HxD.exe
2010-01-13 06:06 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 06:04 . 2010-01-13 06:04 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-11 19:50 . 2010-01-14 08:54 -------- d-----w- c:\program files\trend micro
2010-01-11 19:50 . 2010-01-11 19:51 -------- d-----w- C:\rsit
2010-01-11 14:54 . 2010-01-11 15:01 -------- d-----w- c:\program files\WinXP Manager
2010-01-11 13:58 . 2010-01-11 13:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-09 14:11 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-01-09 14:11 . 2010-01-09 14:11 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-07 14:52 . 2010-01-07 14:52 -------- d-----w- c:\program files\QuickTime
2010-01-05 12:01 . 2010-01-05 12:01 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-05 10:34 . 2010-01-05 10:34 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-04 20:20 . 2003-09-08 13:43 89728 ----a-w- c:\windows\system32\drivers\usbvsp.sys
2010-01-04 11:14 . 2010-01-04 11:39 -------- d-----w- c:\program files\Pracovní kalendář_203
2010-01-03 16:59 . 2010-01-11 20:27 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000D-00001102-00000002-100A1102}.dat
2010-01-03 16:59 . 2010-01-11 20:27 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000D-00001102-00000002-100A1102}.dat
2010-01-01 23:41 . 2010-01-01 23:41 -------- d-----w- C:\m64pci
2010-01-01 23:26 . 2005-12-10 03:03 180224 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-12-31 10:43 . 2010-01-05 10:32 -------- d-----w- c:\program files\ATI
2009-12-26 21:51 . 2009-12-26 22:03 -------- d-----w- c:\program files\Rozpisy pro Sportku - free verze 107
2009-12-26 21:50 . 2009-12-26 21:50 796672 ----a-w- c:\windows\GPInstall.exe
2009-12-26 20:07 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2009-12-26 20:07 . 2009-12-26 20:07 -------- d-----w- c:\program files\VS Revo Group
2009-12-24 21:42 . 2009-12-24 21:42 -------- d-----w- c:\program files\VideoLAN
2009-12-24 20:07 . 2009-12-24 21:31 921632 ----a-w- C:\PA7302.DAT
2009-12-24 19:41 . 2007-11-02 10:07 6656 ----a-w- c:\windows\system32\CoInst_071029.dll
2009-12-24 19:41 . 2007-10-29 15:25 458112 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2009-12-24 19:41 . 2009-12-24 19:41 -------- d-----w- c:\windows\Pixart
2009-12-24 19:41 . 2009-12-24 19:41 -------- d-----w- c:\program files\KYE
2009-12-24 19:41 . 2006-11-20 08:01 163840 ----a-w- c:\windows\AMCap.exe
2009-12-24 19:37 . 2008-04-13 23:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-12-24 19:37 . 2008-04-13 23:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-12-20 17:05 . 2009-12-23 17:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-19 19:53 . 2009-12-19 19:53 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-19 19:53 . 2009-12-19 19:53 -------- d-----w- c:\program files\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 22:47 . 2009-07-18 15:58 3064 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-15 19:19 . 2001-10-25 12:00 86952 ----a-w- c:\windows\system32\perfc005.dat
2010-01-15 19:19 . 2001-10-25 12:00 449138 ----a-w- c:\windows\system32\perfh005.dat
2010-01-15 19:19 . 2008-12-04 09:54 -------- d-----w- c:\program files\Nokia
2010-01-15 19:18 . 2009-01-14 07:28 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-11 13:58 . 2008-12-09 14:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-08 15:13 . 2008-12-27 11:23 -------- d-----w- c:\program files\ICQ6.5
2010-01-07 14:50 . 2009-08-07 17:08 -------- d-----w- c:\program files\Common Files\Apple
2010-01-05 11:33 . 2008-12-02 20:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 17:13 . 2009-04-25 22:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-03 00:04 . 2009-08-19 20:49 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000002-100A1102}.dat
2010-01-03 00:04 . 2009-08-19 20:49 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000B-00001102-00000002-100A1102}.dat
2010-01-02 14:44 . 2009-03-02 09:56 -------- d-----w- c:\program files\RegHealer
2009-12-30 13:55 . 2009-10-25 17:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54 . 2009-10-25 17:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 20:29 . 2008-12-02 21:01 -------- d-----w- c:\program files\totalcmd
2009-12-26 20:10 . 2009-01-01 19:00 -------- d-----w- c:\program files\Google
2009-12-24 15:59 . 2009-09-12 11:05 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-24 15:09 . 2009-09-12 11:19 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-12 14:43 . 2009-12-12 14:43 18944 ----a-w- c:\windows\system32\vbCPUInf.dll
2009-12-12 14:15 . 2009-12-12 14:15 -------- d-----w- c:\program files\CM Data Software
2009-12-12 14:14 . 2009-12-12 14:15 737280 ----a-w- c:\windows\iun6002.exe
2009-12-04 05:39 . 2009-12-01 13:38 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-03 15:19 . 2009-04-01 16:12 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-03 15:18 . 2009-12-03 15:18 -------- d-----w- c:\program files\vso
2009-12-03 14:44 . 2009-12-03 14:44 -------- d-----w- c:\program files\Common Files\debugmode
2009-12-03 14:44 . 2009-12-03 14:44 -------- d-----w- c:\program files\Debugmode
2009-12-03 12:53 . 2009-12-03 12:53 -------- d-----w- c:\program files\novaPDF Professional Desktop 7
2009-11-27 16:08 . 2009-11-27 16:08 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-11-24 08:15 . 2009-12-03 12:53 22216 ----a-w- c:\windows\system32\novamnp7.dll
2009-11-24 08:15 . 2009-12-03 12:53 19656 ----a-w- c:\windows\system32\novamip7.dll
2009-11-22 23:49 . 2009-07-28 11:13 -------- d-----w- c:\program files\NSS
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-02 12:45 . 2008-12-02 22:46 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-10-29 07:43 . 2004-08-17 13:49 916480 ------w- c:\windows\system32\wininet.dll
2009-10-24 15:02 . 2009-10-24 15:02 548 ----a-w- c:\windows\eReg.dat
2009-10-22 19:43 . 2009-03-15 19:46 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-21 05:40 . 2004-08-17 13:49 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-17 13:49 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 21:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 13:46 . 2008-09-24 00:19 490 ----a-w- c:\program files\R3Engine.ini
2009-04-11 13:46 . 2009-04-11 13:46 26791 ----a-w- c:\program files\Uninstall.ini
2009-04-11 13:46 . 2008-10-12 13:10 230490 ----a-w- c:\program files\Uninstall.exe
2009-03-31 12:12 . 2009-03-31 12:09 44 ----a-w- c:\program files\error_message.txt
2008-10-04 13:05 . 2008-10-04 13:05 10141468 ----a-w- c:\program files\RF_Online.bin
2008-09-24 00:55 . 2008-09-24 00:55 2288791 ----a-w- c:\program files\CHLOG.TXT
2008-09-20 13:23 . 2008-09-20 13:23 16842 ----a-w- c:\program files\LauncherMessage.ini
2008-07-27 20:34 . 2008-07-27 20:34 48610 ----a-w- c:\program files\GameData.edf
2008-06-06 07:25 . 2008-06-06 07:25 437457 ----a-w- c:\program files\CharacterW.edf
2008-06-06 07:25 . 2008-06-06 07:25 437457 ----a-w- c:\program files\Character.edf
2008-04-25 11:11 . 2008-04-25 11:11 2127673 ----a-w- c:\program files\Language.pak
2007-01-16 13:19 . 2007-01-16 13:19 143360 ----a-w- c:\program files\Updater.lc
2005-12-16 07:51 . 2005-12-16 07:51 126 ----a-w- c:\program files\Ceba.env
2004-12-07 09:11 . 2004-12-07 09:11 258352 ----a-w- c:\program files\unicows.dll
2004-10-08 10:34 . 2004-10-08 10:34 163840 ----a-w- c:\program files\X2PU.dll
2004-08-29 18:31 . 2004-08-29 18:31 14816 ----a-w- c:\program files\x2prtm.sys
2004-08-18 14:20 . 2004-08-18 14:20 184320 ----a-w- c:\program files\TcX2G.dll
2004-08-18 14:20 . 2004-08-18 14:20 15264 ----a-w- c:\program files\x2prm2.sys
2004-08-18 14:20 . 2004-08-18 14:20 106496 ----a-w- c:\program files\X2PMgr.dll
2004-08-17 14:09 . 2004-08-17 14:09 15264 ----a-w- c:\program files\x2prm.sys
2004-08-17 14:09 . 2004-08-17 14:09 106496 ----a-w- c:\program files\X2ProcMon.dll
2004-05-10 18:50 . 2004-05-10 18:50 188416 ----a-w- c:\program files\X2ReportDll.dll
2003-06-14 17:18 . 2003-06-14 17:18 39 ----a-w- c:\program files\dlctemp.db
2003-01-29 13:10 . 2003-01-29 13:10 764928 ----a-w- c:\program files\dbghelp.dll
2003-01-20 10:15 . 2003-01-20 10:15 349696 ----a-w- c:\program files\MSS32.DLL
2003-01-20 10:15 . 2003-01-20 10:15 125952 ----a-w- c:\program files\mssmp3.asi
2002-09-13 12:17 . 2002-09-13 12:17 630 ----a-w- c:\program files\Sound.ini
.

((((((((((((((((((((((((((((( SnapShot@2010-01-11_20.28.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-10-25 12:00 . 2010-01-15 19:19 75294 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2009-10-15 16:32 81920 c:\windows\system32\fontsub.dll
- 2001-10-25 12:00 . 2009-06-16 14:40 81920 c:\windows\system32\fontsub.dll
- 2009-06-16 14:40 . 2009-06-16 14:40 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-06-16 14:40 . 2009-10-15 16:32 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 65536 c:\windows\Installer\{A528306A-C5EC-481C-A619-6106334E6800}\NewShortcut212_97D9937048B14BA7A06DF2BCC5B56955.exe
+ 2010-01-15 19:18 . 2010-01-15 19:18 65536 c:\windows\Installer\{A528306A-C5EC-481C-A619-6106334E6800}\NewShortcut211_2932842B63E24BA1B3A529C1B20A9CB0.exe
+ 2010-01-15 19:18 . 2010-01-15 19:18 65536 c:\windows\Installer\{A528306A-C5EC-481C-A619-6106334E6800}\NewShortcut2_CDF681E133824FFDB6C41A0530C561D5.exe
+ 2010-01-15 19:18 . 2010-01-15 19:18 25214 c:\windows\Installer\{A528306A-C5EC-481C-A619-6106334E6800}\ARPPRODUCTICON.exe
+ 2010-01-15 19:17 . 2010-01-15 19:17 10134 c:\windows\Installer\{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}\ARPPRODUCTICON.exe
+ 2009-06-17 19:44 . 2009-06-17 19:44 53248 c:\windows\assembly\temp\SR4NUGGFU1\Nokia.MPlatform.MDataStore.dll
+ 2009-06-17 19:44 . 2009-06-17 19:44 18944 c:\windows\assembly\temp\D53PRY5RY5\Nokia.MPlatform.MTransfer.dll
+ 2009-06-17 19:44 . 2009-06-17 19:44 12288 c:\windows\assembly\temp\1ZOGNU9V2O\Nokia.MPlatform.MItems.dll
+ 2009-06-17 19:44 . 2009-06-17 19:44 77824 c:\windows\assembly\temp\0D2OVNU1NU\Nokia.NNPCS.UpdateLib.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 46368 c:\windows\assembly\GAC_MSIL\Nokia.Multimedia.Euphoria.WebService\2.0.1106.0__3c85c18bfa5b8d38\Nokia.Multimedia.Euphoria.WebService.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 70944 c:\windows\assembly\GAC_MSIL\Nokia.Multimedia.Euphoria.DataTypes\2.0.1106.0__3c85c18bfa5b8d38\Nokia.Multimedia.Euphoria.DataTypes.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 77824 c:\windows\assembly\GAC_32\Nokia.NNPCS.UpdateLib\3.1.279.0__95f6d4858af0e2b1\Nokia.NNPCS.UpdateLib.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 46368 c:\windows\assembly\GAC_32\Nokia.Multimedia.Euphoria.Sync\2.0.1106.0__3c85c18bfa5b8d38\Nokia.Multimedia.Euphoria.Sync.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 50464 c:\windows\assembly\GAC_32\Nokia.Multimedia.Euphoria.PlayLists\2.0.1106.0__3c85c18bfa5b8d38\Nokia.Multimedia.Euphoria.PlayLists.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 50464 c:\windows\assembly\GAC_32\Nokia.Multimedia.Euphoria.MetaData\2.0.1106.0__3c85c18bfa5b8d38\Nokia.Multimedia.Euphoria.MetaData.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 95520 c:\windows\assembly\GAC_32\Nokia.Multimedia.Euphoria.MC\2.0.1106.0__3c85c18bfa5b8d38\Nokia.Multimedia.Euphoria.MC.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 50464 c:\windows\assembly\GAC_32\Nokia.Multimedia.Euphoria.CD\2.0.1106.0__3c85c18bfa5b8d38\Nokia.Multimedia.Euphoria.CD.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 19456 c:\windows\assembly\GAC_32\Nokia.MPlatform.MTransfer\2.5.197.0__d59a78cea23b0d7e\Nokia.MPlatform.MTransfer.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 12288 c:\windows\assembly\GAC_32\Nokia.MPlatform.MTranscodeServer\2.5.197.0__d59a78cea23b0d7e\Nokia.MPlatform.MTranscodeServer.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 24576 c:\windows\assembly\GAC_32\Nokia.MPlatform.MTranscoder\2.5.197.0__d59a78cea23b0d7e\Nokia.MPlatform.MTranscoder.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 12800 c:\windows\assembly\GAC_32\Nokia.MPlatform.MThumbnailService\2.5.197.0__d59a78cea23b0d7e\Nokia.MPlatform.MThumbnailService.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 28672 c:\windows\assembly\GAC_32\Nokia.MPlatform.MSynchronizationService\2.5.197.0__d59a78cea23b0d7e\Nokia.MPlatform.MSynchronizationService.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 12288 c:\windows\assembly\GAC_32\Nokia.MPlatform.MSyncMLTransfer\2.5.197.0__d59a78cea23b0d7e\Nokia.MPlatform.MSyncMLTransfer.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 13312 c:\windows\assembly\GAC_32\Nokia.MPlatform.MRemoteDataStore\2.5.197.0__d59a78cea23b0d7e\Nokia.MPlatform.MRemoteDataStore.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 28672 c:\windows\assembly\GAC_32\Nokia.MPlatform.MOviShareTransfer\2.5.197.0__d59a78cea23b0d7e\Nokia.MPlatform.MOviShareTransfer.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 12288 c:\windows\assembly\GAC_32\Nokia.MPlatform.MMTPTransfer\2.5.197.0__d59a78cea23b0d7e\Nokia.MPlatform.MMTPTransfer.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 12288 c:\windows\assembly\GAC_32\Nokia.MPlatform.MItems\2.5.197.0__d59a78cea23b0d7e\Nokia.MPlatform.MItems.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 57344 c:\windows\assembly\GAC_32\Nokia.MPlatform.MDataStore\2.5.197.0__d59a78cea23b0d7e\Nokia.MPlatform.MDataStore.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 16384 c:\windows\assembly\GAC_32\Nokia.MPlatform.MAtom\2.5.197.0__d59a78cea23b0d7e\Nokia.MPlatform.MAtom.dll
+ 2009-06-17 19:44 . 2009-06-17 19:44 6144 c:\windows\assembly\temp\UBOIWQIHW3\Nokia.MPlatform.MEvent.dll
+ 2009-06-17 19:44 . 2009-06-17 19:44 9216 c:\windows\assembly\temp\LFMTDB9C5I\Nokia.MPlatform.MItemPlugins.dll
+ 2009-06-17 19:44 . 2009-06-17 19:44 4096 c:\windows\assembly\temp\3MBHIPHOV2\Nokia.NNPCS.NSUpdate.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 4096 c:\windows\assembly\GAC_32\Nokia.NNPCS.NSUpdate\3.1.279.0__95f6d4858af0e2b1\Nokia.NNPCS.NSUpdate.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 5120 c:\windows\assembly\GAC_32\Nokia.MPlatform.MSyncMLServer\2.5.197.0__d59a78cea23b0d7e\Nokia.MPlatform.MSyncMLServer.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 6144 c:\windows\assembly\GAC_32\Nokia.MPlatform.MServer\2.5.197.0__d59a78cea23b0d7e\Nokia.MPlatform.MServer.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 9216 c:\windows\assembly\GAC_32\Nokia.MPlatform.MItemPlugins\2.5.197.0__d59a78cea23b0d7e\Nokia.MPlatform.MItemPlugins.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 9216 c:\windows\assembly\GAC_32\Nokia.MPlatform.MFileSystemTransfer\2.5.197.0__d59a78cea23b0d7e\Nokia.MPlatform.MFileSystemTransfer.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 6144 c:\windows\assembly\GAC_32\Nokia.MPlatform.MEvent\2.5.197.0__d59a78cea23b0d7e\Nokia.MPlatform.MEvent.dll
+ 2004-08-17 13:49 . 2009-10-15 16:32 119808 c:\windows\system32\t2embed.dll
- 2004-08-17 13:49 . 2009-06-16 14:40 119808 c:\windows\system32\t2embed.dll
+ 2001-10-25 12:00 . 2010-01-15 19:19 452354 c:\windows\system32\perfh009.dat
+ 2008-12-02 21:17 . 2010-01-15 22:47 136464 c:\windows\system32\FNTCACHE.DAT
- 2009-06-16 14:40 . 2009-06-16 14:40 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-06-16 14:40 . 2009-10-15 16:32 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-04-18 20:09 . 2009-04-18 20:09 182656 c:\windows\system32\dllcache\ndis.sys
+ 2008-11-05 11:02 . 2008-11-05 11:02 119296 c:\windows\Installer\93c009.msp
+ 2010-01-13 06:04 . 2010-01-13 06:04 470528 c:\windows\Installer\20afc.msi
+ 2008-11-05 11:02 . 2008-11-05 11:02 119296 c:\windows\Installer\20af3.msp
+ 2010-01-15 19:18 . 2010-01-15 19:18 766976 c:\windows\Installer\205fa.msi
+ 2008-11-05 11:02 . 2008-11-05 11:02 119296 c:\windows\Installer\205e2.msp
+ 2009-06-17 19:44 . 2009-06-17 19:44 352256 c:\windows\assembly\temp\MNUF8XX4QX\Nokia.NLibNET.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 368640 c:\windows\assembly\GAC_32\Nokia.NLibNET\3.1.279.0__95f6d4858af0e2b1\Nokia.NLibNET.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 222496 c:\windows\assembly\GAC_32\Nokia.Multimedia.UI\2.0.1106.0__3c85c18bfa5b8d38\Nokia.Multimedia.UI.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 640288 c:\windows\assembly\GAC_32\Nokia.Multimedia.Euphoria.ViewModels\2.0.1106.0__3c85c18bfa5b8d38\Nokia.Multimedia.Euphoria.ViewModels.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 353568 c:\windows\assembly\GAC_32\Nokia.Multimedia.Euphoria.Data\2.0.1106.0__3c85c18bfa5b8d38\Nokia.Multimedia.Euphoria.Data.dll
+ 2010-01-15 19:18 . 2010-01-15 19:18 189728 c:\windows\assembly\GAC_32\Nokia.Multimedia.Euphoria.Common\2.0.1106.0__3c85c18bfa5b8d38\Nokia.Multimedia.Euphoria.Common.dll
+ 2005-10-26 13:59 . 2005-10-26 13:59 2883072 c:\windows\Installer\93c011.msp
+ 2009-12-11 09:29 . 2009-12-11 09:29 5521408 c:\windows\Installer\93c00d.msp
+ 2005-10-26 13:59 . 2005-10-26 13:59 2883072 c:\windows\Installer\20b01.msp
+ 2009-11-20 14:00 . 2009-11-20 14:00 5521408 c:\windows\Installer\20afd.msp
+ 2010-01-15 19:17 . 2010-01-15 19:17 5761024 c:\windows\Installer\205f3.msi
+ 2005-10-26 13:59 . 2005-10-26 13:59 2883072 c:\windows\Installer\205ea.msp
+ 2009-12-11 09:29 . 2009-12-11 09:29 5521408 c:\windows\Installer\205e6.msp
+ 2010-01-15 19:18 . 2010-01-15 19:18 1418528 c:\windows\assembly\GAC_32\NokiaMusicLib\2.0.1106.2__3c85c18bfa5b8d38\NokiaMusicLib.dll
+ 2009-05-13 09:38 . 2010-01-05 00:17 29634504 c:\windows\system32\MRT.exe
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Otomar^Nabídka Start^Programy^Po spuštění^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2006-12-08 16:01 547840 ----a-w- c:\windows\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 07:52 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-08-28 08:45 24576 ----a-w- c:\windows\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-01-15 01:22 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 00:00 28672 ----a-w- c:\program files\Creative\SBLive\Program\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2009-10-26 16:26 753664 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
2007-03-15 09:06 2225208 ----a-w- c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-07 13:31 21633320 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Cleaner]
2006-07-14 21:12 118784 ----a-w- c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-01-05 06:56 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"Dot3svcnapagent"=2 (0x2)
"Bonjour Service"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1c98d1a1f97a8ce"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5.1.2010 7:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5.1.2010 7:56 74480]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 7:21 468224]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [12.4.2009 11:40 24786]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [12.4.2009 11:40 45534]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [28.7.2009 12:13 32377]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [26.12.2009 21:07 27064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5.1.2010 7:56 7408]
S4 gupdate1c98d1a1f97a8ce;Google Update Service (gupdate1c98d1a1f97a8ce);c:\program files\Google\Update\GoogleUpdate.exe [12.2.2009 14:59 133104]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2010-01-15 c:\windows\Tasks\User_Feed_Synchronization-{9D59650E-0831-4813-8BB2-14ADE04CE5E7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
mStart Page = hxxp://www.google.com
mWindow Title = Microsoft Internet Explorer
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://85.193.52.237/VatDec.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/57.07/uploader2.cab
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_2.3.37.6.cab
DPF: {EAA105FE-7BBD-4196-8B96-D46743894195} - hxxp://85.193.52.188/plugin/mjpegcontrol.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe



**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1614895754-1284227242-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(940)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Celkový čas: 2010-01-16 00:49:38
ComboFix-quarantined-files.txt 2010-01-15 23:49
ComboFix2.txt 2010-01-13 15:45
ComboFix3.txt 2010-01-11 20:32

Před spuštěním: 8 117 219 328
Po spuštění: 8 305 418 240

- - End Of File - - 291DB6E95A2571CED43CC8135D0AF2F2
Nahoru
otomar
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 32
Registrován: 10 lis 2008 13:02

Re: Prosím o kontrolu logu - nemohu se zbavit siszyd32 a rncsys3

#30 Příspěvek od otomar »

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-16 17:36:11
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Otomar\LOCALS~1\Temp\fgtdapob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[376] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\internet explorer\iexplore.exe[1040] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 414E541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1040] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BD6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1040] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1040] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B4351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1040] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 416B43BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1040] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B4222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1040] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B4284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1040] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B4482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1040] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B42E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2076] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 414E541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2076] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 415B9865 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2076] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 415ACEE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2076] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BD6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2076] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 41524602 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2076] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2076] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B4351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2076] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 416B43BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2076] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B4222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2076] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B4284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2076] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B4482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2076] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B42E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2076] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 415BD748 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2076] ole32.dll!OleLoadFromStream 77519C85 5 Bytes JMP 416B47A0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\internet explorer\iexplore.exe[2076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0xBA 0x55 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x47 0x8A 0x1A 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8D 0xFC 0x6B 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x93 0xEC 0x59 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x17 0x33 0x9C 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x86 0x8A 0xAC 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x8C 0xB1 0xCE 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCE 0x03 0xE0 0xD2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x17 0x33 0x9C 0x5C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD6 0xB1 0x7B 0x01 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0xBA 0x55 0xCC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x47 0x8A 0x1A 0x27 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8D 0xFC 0x6B 0xD0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x93 0xEC 0x59 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x17 0x33 0x9C 0x5C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x86 0x8A 0xAC 0xA7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x8C 0xB1 0xCE 0xD9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xC6 0xB5 0x0F 0x93 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xC6 0xB5 0x0F 0x93 ...

---- EOF - GMER 1.0.15 ----
Nahoru
Odpovědět

Zpět na „Sekce pouze pro Vzorné návštěvníky“