Vir z Facebooku

[Sunny03]

Dobrý den,
podle toho, co tu čtu jsem byl další z řady napálených a proto se obracím s žádostí o pomoc... Jsem absolutní zelenáč, ale stalo se mi přesně to, co tu popisují všichni ostatní. Zprávy v angličtině, video, flash player a pak bum a bylo to zavirovaný...

Pokud jsem pochopil, tady je můj log z RSIT... Pomůžete mi prosím?



Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-07-20 16:46:32
Systém Microsoft Windows XP Professional
System drive C: has 17 GB (90%) free of 19 GB
Total RAM: 511 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:46:40, on 20.7.2011
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\smsc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\host.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Windows Update] host.exe
O4 - HKLM\..\RunServices: [Windows Update] host.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Local Service - Unknown owner - C:\WINDOWS\wuaucpl.exe
O23 - Service: Print Spooler Monitor (PrtSmanm) - Unknown owner - C:\WINDOWS\system32\smsc.exe
O23 - Service: Windows Hosts Controller - Unknown owner - C:\WINDOWS\Fonts\unwise_.exe

--
End of file - 2479 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINDOWS\System32\msdxm.ocx [2001-10-25 846364]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Update"=C:\WINDOWS\system32\host.exe [2011-07-20 259072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe [2001-10-25 20480]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2001-08-02 1085469]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
"unwise_.exe"="unwise_.exe:*:Enabled:SYSTEM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=ctwdm32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\System32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm

======List of files/folders created in the last 1 month======

2011-07-20 17:53:20 ----A---- C:\WINDOWS\System32\h323log.txt
2011-07-20 17:49:35 ----A---- C:\WINDOWS\System32\drivers\splitter.sys
2011-07-20 17:49:34 ----A---- C:\WINDOWS\System32\drivers\drmkaud.sys
2011-07-20 17:49:32 ----A---- C:\WINDOWS\System32\drivers\MSPQM.sys
2011-07-20 17:49:31 ----A---- C:\WINDOWS\System32\drivers\aec.sys
2011-07-20 17:49:29 ----A---- C:\WINDOWS\System32\drivers\swmidi.sys
2011-07-20 17:49:28 ----A---- C:\WINDOWS\System32\drivers\wdmaud.sys
2011-07-20 17:49:26 ----A---- C:\WINDOWS\System32\drivers\DMusic.sys
2011-07-20 17:49:25 ----A---- C:\WINDOWS\System32\drivers\MSKSSRV.sys
2011-07-20 17:49:24 ----A---- C:\WINDOWS\System32\drivers\kmixer.sys
2011-07-20 17:49:22 ----A---- C:\WINDOWS\System32\drivers\MSPCLOCK.sys
2011-07-20 17:49:21 ----A---- C:\WINDOWS\System32\drivers\sysaudio.sys
2011-07-20 17:49:16 ----A---- C:\WINDOWS\System32\drivers\audstub.sys
2011-07-20 17:48:54 ----A---- C:\WINDOWS\System32\drivers\redbook.sys
2011-07-20 17:48:22 ----A---- C:\WINDOWS\System32\drivers\el90xnd5.sys
2011-07-20 17:48:18 ----A---- C:\WINDOWS\System32\sfman32.dll
2011-07-20 17:48:18 ----A---- C:\WINDOWS\System32\sblfx.dll
2011-07-20 17:48:18 ----A---- C:\WINDOWS\System32\ksuser.dll
2011-07-20 17:48:18 ----A---- C:\WINDOWS\System32\drivers\sfmanm.sys
2011-07-20 17:48:18 ----A---- C:\WINDOWS\System32\drivers\portcls.sys
2011-07-20 17:48:18 ----A---- C:\WINDOWS\System32\drivers\emu10k1m.sys
2011-07-20 17:48:18 ----A---- C:\WINDOWS\System32\drivers\drmk.sys
2011-07-20 17:48:18 ----A---- C:\WINDOWS\System32\drivers\ctlfacem.sys
2011-07-20 17:48:18 ----A---- C:\WINDOWS\System32\devldr32.exe
2011-07-20 17:48:18 ----A---- C:\WINDOWS\System32\devcon32.dll
2011-07-20 17:48:18 ----A---- C:\WINDOWS\System32\ctwdm32.dll
2011-07-20 17:48:16 ----A---- C:\WINDOWS\System32\drivers\gameenum.sys
2011-07-20 17:48:15 ----A---- C:\WINDOWS\System32\drivers\ctljystk.sys
2011-07-20 17:48:05 ----A---- C:\WINDOWS\System32\usbui.dll
2011-07-20 17:46:54 ----D---- C:\Program Files\Common Files\ODBC
2011-07-20 17:46:54 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI
2011-07-20 17:46:54 ----A---- C:\WINDOWS\ODBCINST.INI
2011-07-20 17:46:51 ----D---- C:\Program Files\Common Files\SpeechEngines
2011-07-20 17:46:50 ----RD---- C:\Program Files
2011-07-20 17:46:50 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-07-20 17:46:50 ----D---- C:\Program Files\Common Files
2011-07-20 17:46:47 ----RA---- C:\WINDOWS\System32\kbdtuq.dll
2011-07-20 17:46:47 ----RA---- C:\WINDOWS\System32\kbdtuf.dll
2011-07-20 17:46:47 ----RA---- C:\WINDOWS\System32\kbdazel.dll
2011-07-20 17:46:45 ----RA---- C:\WINDOWS\System32\kbdycc.dll
2011-07-20 17:46:45 ----RA---- C:\WINDOWS\System32\kbduzb.dll
2011-07-20 17:46:45 ----RA---- C:\WINDOWS\System32\kbdur.dll
2011-07-20 17:46:45 ----RA---- C:\WINDOWS\System32\kbdtat.dll
2011-07-20 17:46:45 ----RA---- C:\WINDOWS\System32\kbdru1.dll
2011-07-20 17:46:45 ----RA---- C:\WINDOWS\System32\kbdru.dll
2011-07-20 17:46:45 ----RA---- C:\WINDOWS\System32\kbdmon.dll
2011-07-20 17:46:45 ----RA---- C:\WINDOWS\System32\kbdkyr.dll
2011-07-20 17:46:45 ----RA---- C:\WINDOWS\System32\kbdkaz.dll
2011-07-20 17:46:45 ----RA---- C:\WINDOWS\System32\kbdaze.dll
2011-07-20 17:46:44 ----RA---- C:\WINDOWS\System32\kbdbu.dll
2011-07-20 17:46:44 ----RA---- C:\WINDOWS\System32\kbdblr.dll
2011-07-20 17:46:42 ----RA---- C:\WINDOWS\System32\kbdhept.dll
2011-07-20 17:46:42 ----RA---- C:\WINDOWS\System32\kbdhela3.dll
2011-07-20 17:46:42 ----RA---- C:\WINDOWS\System32\kbdhela2.dll
2011-07-20 17:46:42 ----RA---- C:\WINDOWS\System32\kbdhe319.dll
2011-07-20 17:46:42 ----RA---- C:\WINDOWS\System32\kbdhe220.dll
2011-07-20 17:46:42 ----RA---- C:\WINDOWS\System32\kbdhe.dll
2011-07-20 17:46:42 ----RA---- C:\WINDOWS\System32\kbdgkl.dll
2011-07-20 17:46:40 ----RA---- C:\WINDOWS\System32\kbdlv1.dll
2011-07-20 17:46:40 ----RA---- C:\WINDOWS\System32\kbdlv.dll
2011-07-20 17:46:40 ----RA---- C:\WINDOWS\System32\kbdlt1.dll
2011-07-20 17:46:40 ----RA---- C:\WINDOWS\System32\kbdlt.dll
2011-07-20 17:46:40 ----RA---- C:\WINDOWS\System32\kbdest.dll
2011-07-20 17:46:37 ----A---- C:\WINDOWS\System32\kbdsl1.dll
2011-07-20 17:46:36 ----A---- C:\WINDOWS\System32\kbdycl.dll
2011-07-20 17:46:36 ----A---- C:\WINDOWS\System32\kbdsl.dll
2011-07-20 17:46:36 ----A---- C:\WINDOWS\System32\kbdro.dll
2011-07-20 17:46:36 ----A---- C:\WINDOWS\System32\kbdpl1.dll
2011-07-20 17:46:36 ----A---- C:\WINDOWS\System32\kbdpl.dll
2011-07-20 17:46:36 ----A---- C:\WINDOWS\System32\kbdhu1.dll
2011-07-20 17:46:36 ----A---- C:\WINDOWS\System32\kbdhu.dll
2011-07-20 17:46:36 ----A---- C:\WINDOWS\System32\kbdcr.dll
2011-07-20 17:46:36 ----A---- C:\WINDOWS\System32\KBDAL.DLL
2011-07-20 17:46:35 ----A---- C:\WINDOWS\System32\spxcoins.dll
2011-07-20 17:46:35 ----A---- C:\WINDOWS\System32\irclass.dll
2011-07-20 17:46:35 ----A---- C:\WINDOWS\System32\drivers\irenum.sys
2011-07-20 17:46:35 ----A---- C:\WINDOWS\System32\dgsetup.dll
2011-07-20 17:46:35 ----A---- C:\WINDOWS\System32\dgrpsetu.dll
2011-07-20 17:46:34 ----A---- C:\WINDOWS\System32\EqnClass.Dll
2011-07-20 17:46:34 ----A---- C:\WINDOWS\System32\batt.dll
2011-07-20 17:46:32 ----A---- C:\WINDOWS\TASKMAN.EXE
2011-07-20 17:46:32 ----A---- C:\WINDOWS\NOTEPAD.EXE
2011-07-20 17:46:31 ----N---- C:\WINDOWS\System32\CONFIG.TMP
2011-07-20 17:46:31 ----A---- C:\WINDOWS\System32\storprop.dll
2011-07-20 17:46:23 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2011-07-20 17:46:19 ----RA---- C:\WINDOWS\SET7.tmp
2011-07-20 17:46:17 ----RA---- C:\WINDOWS\SET3.tmp
2011-07-20 17:46:11 ----D---- C:\WINDOWS\System32\CatRoot2
2011-07-20 17:46:11 ----D---- C:\WINDOWS\System32\CatRoot
2011-07-20 17:46:05 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-07-20 17:45:55 ----A---- C:\WINDOWS\setuplog.txt
2011-07-20 17:45:50 ----D---- C:\Documents and Settings
2011-07-20 17:45:49 ----A---- C:\WINDOWS\System32\FNTCACHE.DAT
2011-07-20 17:45:05 ----SH---- C:\boot.ini
2011-07-20 17:41:45 ----RSHDC---- C:\WINDOWS\System32\dllcache
2011-07-20 17:41:45 ----RSD---- C:\WINDOWS\Fonts
2011-07-20 17:41:45 ----RD---- C:\WINDOWS\Web
2011-07-20 17:41:45 ----HD---- C:\WINDOWS\inf
2011-07-20 17:41:45 ----D---- C:\WINDOWS\WinSxS
2011-07-20 17:41:45 ----D---- C:\WINDOWS\twain_32
2011-07-20 17:41:45 ----D---- C:\WINDOWS\Temp
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\wins
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\wbem
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\usmt
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\spool
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\ShellExt
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\Setup
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\ras
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\oobe
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\npp
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\mui
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\inetsrv
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\IME
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\icsxml
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\ias
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\export
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\drivers\etc
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\drivers\disdn
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\drivers
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\dhcp
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\config
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\3com_dmi
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\3076
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\2052
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\1054
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\1042
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\1041
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\1037
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\1033
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\1031
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\1029
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\1028
2011-07-20 17:41:45 ----D---- C:\WINDOWS\System32\1025
2011-07-20 17:41:45 ----D---- C:\WINDOWS\system32
2011-07-20 17:41:45 ----D---- C:\WINDOWS\system
2011-07-20 17:41:45 ----D---- C:\WINDOWS\security
2011-07-20 17:41:45 ----D---- C:\WINDOWS\Resources
2011-07-20 17:41:45 ----D---- C:\WINDOWS\repair
2011-07-20 17:41:45 ----D---- C:\WINDOWS\mui
2011-07-20 17:41:45 ----D---- C:\WINDOWS\msapps
2011-07-20 17:41:45 ----D---- C:\WINDOWS\msagent
2011-07-20 17:41:45 ----D---- C:\WINDOWS\Media
2011-07-20 17:41:45 ----D---- C:\WINDOWS\java
2011-07-20 17:41:45 ----D---- C:\WINDOWS\ime
2011-07-20 17:41:45 ----D---- C:\WINDOWS\Help
2011-07-20 17:41:45 ----D---- C:\WINDOWS\Driver Cache
2011-07-20 17:41:45 ----D---- C:\WINDOWS\Debug
2011-07-20 17:41:45 ----D---- C:\WINDOWS\Cursors
2011-07-20 17:41:45 ----D---- C:\WINDOWS\Connection Wizard
2011-07-20 17:41:45 ----D---- C:\WINDOWS\Config
2011-07-20 17:41:45 ----D---- C:\WINDOWS\AppPatch
2011-07-20 17:41:45 ----D---- C:\WINDOWS\addins
2011-07-20 17:41:45 ----D---- C:\WINDOWS
2011-07-20 17:41:45 ----ASH---- C:\pagefile.sys
2011-07-20 16:46:32 ----D---- C:\rsit
2011-07-20 16:46:32 ----D---- C:\Program Files\trend micro
2011-07-20 16:24:16 ----SHD---- C:\WINDOWS\Installer
2011-07-20 16:24:13 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Identities
2011-07-20 16:24:06 ----HD---- C:\Program Files\Uninstall Information
2011-07-20 16:23:59 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2011-07-20 16:23:59 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2011-07-20 16:21:45 ----RSH---- C:\WINDOWS\wuaucpl.exe
2011-07-20 16:12:28 ----RSH---- C:\WINDOWS\fonts\unwise_.exe
2011-07-20 16:11:07 ----A---- C:\WINDOWS\System32\lpdd.exe
2011-07-20 16:10:39 ----R---- C:\WINDOWS\System32\smsc.exe
2011-07-20 16:10:34 ----RSH---- C:\WINDOWS\System32\host.exe
2011-07-20 16:06:56 ----SHD---- C:\System Volume Information
2011-07-20 16:06:48 ----D---- C:\WINDOWS\Prefetch
2011-07-20 16:06:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-20 16:03:08 ----AS---- C:\WINDOWS\bootstat.dat
2011-07-20 16:00:22 ----D---- C:\WINDOWS\System32\xircom
2011-07-20 16:00:22 ----D---- C:\Program Files\xerox
2011-07-20 16:00:22 ----D---- C:\Program Files\microsoft frontpage
2011-07-20 15:59:53 ----RASH---- C:\MSDOS.SYS
2011-07-20 15:59:53 ----RASH---- C:\IO.SYS
2011-07-20 15:59:53 ----A---- C:\WINDOWS\control.ini
2011-07-20 15:59:53 ----A---- C:\CONFIG.SYS
2011-07-20 15:59:53 ----A---- C:\AUTOEXEC.BAT
2011-07-20 15:59:44 ----A---- C:\WINDOWS\OEWABLog.txt
2011-07-20 15:59:40 ----A---- C:\WINDOWS\System32\mapi32.dll
2011-07-20 15:58:32 ----RD---- C:\WINDOWS\Offline Web Pages
2011-07-20 15:58:31 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-07-20 15:58:03 ----D---- C:\WINDOWS\srchasst
2011-07-20 15:57:53 ----D---- C:\WINDOWS\System32\Macromed
2011-07-20 15:57:53 ----D---- C:\WINDOWS\System32\DirectX
2011-07-20 15:57:41 ----A---- C:\WINDOWS\System32\qmgrprxy.dll
2011-07-20 15:57:41 ----A---- C:\WINDOWS\System32\qmgr.dll
2011-07-20 15:57:40 ----D---- C:\Program Files\Movie Maker
2011-07-20 15:57:21 ----A---- C:\WINDOWS\System32\safrslv.dll
2011-07-20 15:57:21 ----A---- C:\WINDOWS\System32\safrdm.dll
2011-07-20 15:57:21 ----A---- C:\WINDOWS\System32\safrcdlg.dll
2011-07-20 15:57:20 ----A---- C:\WINDOWS\System32\racpldlg.dll
2011-07-20 15:57:20 ----A---- C:\WINDOWS\System32\atrace.dll
2011-07-20 15:57:16 ----A---- C:\WINDOWS\System32\desktop.ini
2011-07-20 15:57:16 ----A---- C:\WINDOWS\desktop.ini
2011-07-20 15:57:09 ----D---- C:\WINDOWS\System32\Restore
2011-07-20 15:57:09 ----A---- C:\WINDOWS\System32\srsvc.dll
2011-07-20 15:57:09 ----A---- C:\WINDOWS\System32\srrstr.dll
2011-07-20 15:57:09 ----A---- C:\WINDOWS\System32\srclient.dll
2011-07-20 15:57:09 ----A---- C:\WINDOWS\System32\drivers\sr.sys
2011-07-20 15:57:08 ----D---- C:\Program Files\Windows Media Player
2011-07-20 15:57:08 ----A---- C:\WINDOWS\System32\ils.dll
2011-07-20 15:57:07 ----A---- C:\WINDOWS\System32\nmmkcert.dll
2011-07-20 15:57:07 ----A---- C:\WINDOWS\System32\nmevtmsg.dll
2011-07-20 15:57:07 ----A---- C:\WINDOWS\System32\msconf.dll
2011-07-20 15:57:07 ----A---- C:\WINDOWS\System32\mnmsrvc.exe
2011-07-20 15:57:07 ----A---- C:\WINDOWS\System32\mnmdd.dll
2011-07-20 15:57:07 ----A---- C:\WINDOWS\System32\isrdbg32.dll
2011-07-20 15:57:03 ----D---- C:\WINDOWS\PCHEALTH
2011-07-20 15:57:03 ----D---- C:\Program Files\NetMeeting
2011-07-20 15:57:03 ----A---- C:\WINDOWS\System32\msoert2.dll
2011-07-20 15:57:03 ----A---- C:\WINDOWS\System32\msoeacct.dll
2011-07-20 15:57:03 ----A---- C:\WINDOWS\System32\acctres.dll
2011-07-20 15:57:02 ----D---- C:\Program Files\Common Files\Services
2011-07-20 15:57:01 ----A---- C:\WINDOWS\System32\inetres.dll
2011-07-20 15:57:01 ----A---- C:\WINDOWS\System32\inetcomm.dll
2011-07-20 15:56:56 ----SD---- C:\WINDOWS\Tasks
2011-07-20 15:56:56 ----D---- C:\Program Files\Outlook Express
2011-07-20 15:56:56 ----A---- C:\WINDOWS\System32\schedsvc.dll
2011-07-20 15:56:56 ----A---- C:\WINDOWS\System32\mstinit.exe
2011-07-20 15:56:56 ----A---- C:\WINDOWS\System32\mstask.dll
2011-07-20 15:56:55 ----A---- C:\WINDOWS\System32\isign32.dll
2011-07-20 15:56:55 ----A---- C:\WINDOWS\System32\inetcfg.dll
2011-07-20 15:56:55 ----A---- C:\WINDOWS\System32\icwphbk.dll
2011-07-20 15:56:55 ----A---- C:\WINDOWS\System32\icwdial.dll
2011-07-20 15:56:55 ----A---- C:\WINDOWS\System32\icfgnt5.dll
2011-07-20 15:56:53 ----D---- C:\Program Files\Common Files\MSSoap
2011-07-20 15:56:48 ----D---- C:\Program Files\Common Files\System
2011-07-20 15:56:45 ----D---- C:\Program Files\Internet Explorer
2011-07-20 15:56:08 ----A---- C:\WINDOWS\System32\emptyregdb.dat
2011-07-20 15:56:07 ----A---- C:\WINDOWS\System32\asr_pxyhdp.exe
2011-07-20 15:55:56 ----D---- C:\Program Files\ComPlus Applications
2011-07-20 15:55:55 ----A---- C:\WINDOWS\vbaddin.ini
2011-07-20 15:55:55 ----A---- C:\WINDOWS\vb.ini
2011-07-20 15:55:50 ----D---- C:\WINDOWS\Registration
2011-07-20 15:55:42 ----HD---- C:\Program Files\WindowsUpdate
2011-07-20 15:55:42 ----D---- C:\Program Files\Online Services
2011-07-20 15:55:35 ----D---- C:\Program Files\Messenger
2011-07-20 15:55:29 ----D---- C:\Program Files\MSN
2011-07-20 15:55:26 ----D---- C:\Program Files\MSN Gaming Zone
2011-07-20 15:55:26 ----A---- C:\WINDOWS\System32\write.exe
2011-07-20 15:55:15 ----A---- C:\WINDOWS\System32\accwiz.exe
2011-07-20 15:55:14 ----A---- C:\WINDOWS\System32\sndvol32.exe
2011-07-20 15:55:14 ----A---- C:\WINDOWS\System32\sndrec32.exe
2011-07-20 15:55:14 ----A---- C:\WINDOWS\System32\mplay32.exe
2011-07-20 15:55:14 ----A---- C:\WINDOWS\System32\hypertrm.dll
2011-07-20 15:55:14 ----A---- C:\WINDOWS\System32\hticons.dll
2011-07-20 15:55:14 ----A---- C:\WINDOWS\System32\avwav.dll
2011-07-20 15:55:14 ----A---- C:\WINDOWS\System32\avmeter.dll
2011-07-20 15:55:13 ----D---- C:\Program Files\Windows NT
2011-07-20 15:55:13 ----A---- C:\WINDOWS\System32\winchat.exe
2011-07-20 15:55:13 ----A---- C:\WINDOWS\System32\avtapi.dll
2011-07-20 15:55:11 ----A---- C:\WINDOWS\System32\mspaint.exe
2011-07-20 15:55:06 ----A---- C:\WINDOWS\System32\clipbrd.exe
2011-07-20 15:55:05 ----A---- C:\WINDOWS\System32\getuname.dll
2011-07-20 15:55:04 ----A---- C:\WINDOWS\System32\spider.exe
2011-07-20 15:55:04 ----A---- C:\WINDOWS\System32\sol.exe
2011-07-20 15:55:04 ----A---- C:\WINDOWS\System32\charmap.exe
2011-07-20 15:55:04 ----A---- C:\WINDOWS\System32\calc.exe
2011-07-20 15:55:03 ----A---- C:\WINDOWS\System32\wuaueng.dll
2011-07-20 15:55:03 ----A---- C:\WINDOWS\System32\wuauclt.exe
2011-07-20 15:55:03 ----A---- C:\WINDOWS\System32\winmine.exe
2011-07-20 15:55:03 ----A---- C:\WINDOWS\System32\mshearts.exe
2011-07-20 15:55:03 ----A---- C:\WINDOWS\System32\freecell.exe
2011-07-20 15:55:02 ----A---- C:\WINDOWS\System32\wuauserv.dll
2011-07-20 15:55:02 ----A---- C:\WINDOWS\System32\tscfgwmi.dll
2011-07-20 15:55:02 ----A---- C:\WINDOWS\System32\mstscax.dll
2011-07-20 15:55:02 ----A---- C:\WINDOWS\System32\mstsc.exe
2011-07-20 15:55:02 ----A---- C:\WINDOWS\System32\drivers\tdtcp.sys
2011-07-20 15:55:02 ----A---- C:\WINDOWS\System32\drivers\tdpipe.sys
2011-07-20 15:55:02 ----A---- C:\WINDOWS\System32\drivers\rdpwd.sys
2011-07-20 15:55:01 ----A---- C:\WINDOWS\System32\usrlogon.cmd
2011-07-20 15:55:01 ----A---- C:\WINDOWS\System32\tsshutdn.exe
2011-07-20 15:55:01 ----A---- C:\WINDOWS\System32\tslabels.ini
2011-07-20 15:55:01 ----A---- C:\WINDOWS\System32\tskill.exe
2011-07-20 15:55:01 ----A---- C:\WINDOWS\System32\tscupgrd.exe
2011-07-20 15:55:01 ----A---- C:\WINDOWS\System32\sessmgr.exe
2011-07-20 15:55:01 ----A---- C:\WINDOWS\System32\reset.exe
2011-07-20 15:55:01 ----A---- C:\WINDOWS\System32\remotepg.dll
2011-07-20 15:55:01 ----A---- C:\WINDOWS\System32\rdshost.exe
2011-07-20 15:55:01 ----A---- C:\WINDOWS\System32\rdsaddin.exe
2011-07-20 15:55:01 ----A---- C:\WINDOWS\System32\rdchost.dll
2011-07-20 15:55:00 ----A---- C:\WINDOWS\System32\tsdiscon.exe
2011-07-20 15:55:00 ----A---- C:\WINDOWS\System32\tscon.exe
2011-07-20 15:55:00 ----A---- C:\WINDOWS\System32\termsrv.dll
2011-07-20 15:55:00 ----A---- C:\WINDOWS\System32\shadow.exe
2011-07-20 15:55:00 ----A---- C:\WINDOWS\System32\rwinsta.exe
2011-07-20 15:55:00 ----A---- C:\WINDOWS\System32\regini.exe
2011-07-20 15:55:00 ----A---- C:\WINDOWS\System32\rdpwsx.dll
2011-07-20 15:55:00 ----A---- C:\WINDOWS\System32\rdpsnd.dll
2011-07-20 15:55:00 ----A---- C:\WINDOWS\System32\rdpclip.exe
2011-07-20 15:55:00 ----A---- C:\WINDOWS\System32\rdpcfgex.dll
2011-07-20 15:55:00 ----A---- C:\WINDOWS\System32\qwinsta.exe
2011-07-20 15:55:00 ----A---- C:\WINDOWS\System32\qprocess.exe
2011-07-20 15:54:59 ----D---- C:\WINDOWS\System32\MsDtc
2011-07-20 15:54:59 ----A---- C:\WINDOWS\System32\qappsrv.exe
2011-07-20 15:54:59 ----A---- C:\WINDOWS\System32\mtxoci.dll
2011-07-20 15:54:59 ----A---- C:\WINDOWS\System32\msg.exe
2011-07-20 15:54:59 ----A---- C:\WINDOWS\System32\msdtcuiu.dll
2011-07-20 15:54:59 ----A---- C:\WINDOWS\System32\logoff.exe
2011-07-20 15:54:59 ----A---- C:\WINDOWS\System32\icaapi.dll
2011-07-20 15:54:59 ----A---- C:\WINDOWS\System32\cfgbkend.dll
2011-07-20 15:54:59 ----A---- C:\WINDOWS\System32\cdmodem.dll
2011-07-20 15:54:58 ----A---- C:\WINDOWS\System32\xolehlp.dll
2011-07-20 15:54:58 ----A---- C:\WINDOWS\System32\msdtctm.dll
2011-07-20 15:54:58 ----A---- C:\WINDOWS\System32\msdtcprx.dll
2011-07-20 15:54:58 ----A---- C:\WINDOWS\System32\msdtcprf.ini
2011-07-20 15:54:58 ----A---- C:\WINDOWS\System32\msdtclog.dll
2011-07-20 15:54:58 ----A---- C:\WINDOWS\System32\msdtc.exe
2011-07-20 15:54:57 ----A---- C:\WINDOWS\System32\dcomcnfg.exe
2011-07-20 15:54:56 ----D---- C:\WINDOWS\System32\Com
2011-07-20 15:54:56 ----A---- C:\WINDOWS\System32\stclient.dll
2011-07-20 15:54:56 ----A---- C:\WINDOWS\System32\mtxlegih.dll
2011-07-20 15:54:56 ----A---- C:\WINDOWS\System32\mtxex.dll
2011-07-20 15:54:56 ----A---- C:\WINDOWS\System32\mtxdm.dll
2011-07-20 15:54:56 ----A---- C:\WINDOWS\System32\comrepl.dll
2011-07-20 15:54:56 ----A---- C:\WINDOWS\System32\comaddin.dll
2011-07-20 15:54:56 ----A---- C:\WINDOWS\System32\colbact.dll
2011-07-20 15:54:56 ----A---- C:\WINDOWS\System32\clbcatex.dll
2011-07-20 15:54:56 ----A---- C:\WINDOWS\System32\catsrvps.dll
2011-07-20 15:54:55 ----A---- C:\WINDOWS\System32\comuid.dll
2011-07-20 15:54:55 ----A---- C:\WINDOWS\System32\comsvcs.dll
2011-07-20 15:54:55 ----A---- C:\WINDOWS\System32\comsnap.dll
2011-07-20 15:54:55 ----A---- C:\WINDOWS\System32\catsrvut.dll
2011-07-20 15:54:55 ----A---- C:\WINDOWS\System32\catsrv.dll
2011-07-20 15:54:54 ----A---- C:\WINDOWS\System32\clbcatq.dll
2011-07-20 15:54:43 ----A---- C:\WINDOWS\System32\wmimgmt.msc
2011-07-20 15:54:43 ----A---- C:\WINDOWS\System32\servdeps.dll
2011-07-20 15:54:43 ----A---- C:\WINDOWS\System32\mmfutil.dll
2011-07-20 15:54:43 ----A---- C:\WINDOWS\System32\licwmi.dll
2011-07-20 15:54:43 ----A---- C:\WINDOWS\System32\cmprops.dll
2011-07-20 15:54:41 ----A---- C:\WINDOWS\System32\drivers\termdd.sys
2011-07-20 15:54:41 ----A---- C:\WINDOWS\System32\drivers\rdpdr.sys

======List of files/folders modified in the last 1 month======

2011-07-20 17:46:49 ----A---- C:\WINDOWS\system.ini
2011-07-20 15:59:53 ----A---- C:\WINDOWS\win.ini
2011-07-20 15:59:23 ----ASH---- C:\WINDOWS\fonts\desktop.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 EL90X;3Com EtherLink XL 90X Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xnd5.sys [2001-10-24 153631]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2001-10-25 18944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Local Service;Local Service; C:\WINDOWS\wuaucpl.exe [2011-07-20 869376]
R2 PrtSmanm;Print Spooler Monitor; C:\WINDOWS\system32\smsc.exe [2011-07-20 57871]
R2 Windows Hosts Controller;Windows Hosts Controller; C:\WINDOWS\Fonts\unwise_.exe [2011-07-20 172415]

-----------------EOF-----------------

[vyosek]

Zdravim, pekny podvecer preji a vitam vas u nas na foru

Tam toho je

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill SCR:
  http://download.bleepingcomputer.com/grinler/rkill.scr
  
  Rkill PIF:
  http://download.bleepingcomputer.com/grinler/rkill.pif

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Ted nerestartujte PC - prisli byste o ucinek RKillu

Aplikujte exeHelper by Raktor

• Linky ke stazeni
  • COM soubor http://vyosek.ic.cz/BE/exeHelper.com
  • SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
• Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Aplikujte RogueKiller

pouzijes RogueKiller>.spustis>>stlac 2> [enter] log vloz sem
http://www.viry.cz/forum/viewtopic.php? ... 05#p981205

Jeste znovu RogueKiller ale nyni s moznosti 3 a pote jeste jednou s moznosti 4

RKill, eXeHelper i RogueKiller by mely udelat logy, vlozte mi je sem - pokud ne, nevadi

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Sunny03]

Dobrý den a děkuji za Váš čas...
rkill mi vypsal toto...

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 20.07.2011 at 17:19:51.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\WINDOWS\System32\grpconv.exe


Rkill completed on 20.07.2011 at 17:20:05.

Exehelper toto:

exeHelper by Raktor
Build 20100414
Run at 17:13:32 on 07/20/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 17:20:59 on 07/20/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Ale Roguekill se mi nechce spustit s tím, že mi to píše : Vstupní bod procedury encodepointer se nepodařilo v dynamicky propojované knihovně KERNEL32.pll nalézt.

Je to velký problém?

[Sunny03]

Aha, tak teď už jsem se překousal i přes Rogue killer, volba 2, 3 i 4, ale nejde mi stáhnout ten combofix. Resp. on jde, ale po spuštění mi hlásí, že mám v PC problém a že můžu mít nějákého parazitujícího vira a v zápětí se mi ta ikona ztratí... Už jsem opravdu v koncích

[motji]

Zkuste ho spustit v nouzovém režimu a předtím ho přejmenujte na breberka.com

[Sunny03]

Trochu jsem zazmatkoval a musel jsem přeinstalovat Windows, takže pro jistotu zde přikládám znovu LOGY všech testů...

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-07-21 22:27:38
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 16 GB (84%) free of 19 GB
Total RAM: 511 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:27:42, on 21.7.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Windows Update] host.exe
O4 - HKLM\..\RunServices: [Windows Update] host.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

--
End of file - 1694 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Update"=C:\WINDOWS\system32\host.exe [2011-07-21 250880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\CTFMON.EXE [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=ctwdm32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\System32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm

======List of files/folders created in the last 1 month======

2011-07-21 23:35:28 ----A---- C:\WINDOWS\system32\h323log.txt
2011-07-21 23:34:38 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2011-07-21 23:34:36 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2011-07-21 23:34:35 ----A---- C:\WINDOWS\system32\drivers\mspqm.sys
2011-07-21 23:34:34 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2011-07-21 23:34:32 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2011-07-21 23:34:31 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2011-07-21 23:34:29 ----A---- C:\WINDOWS\system32\drivers\dmusic.sys
2011-07-21 23:34:28 ----A---- C:\WINDOWS\system32\drivers\mskssrv.sys
2011-07-21 23:34:26 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2011-07-21 23:34:25 ----A---- C:\WINDOWS\system32\drivers\mspclock.sys
2011-07-21 23:34:24 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2011-07-21 23:34:18 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2011-07-21 23:33:57 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2011-07-21 23:33:25 ----A---- C:\WINDOWS\system32\drivers\el90xnd5.sys
2011-07-21 23:33:21 ----A---- C:\WINDOWS\system32\sfman32.dll
2011-07-21 23:33:21 ----A---- C:\WINDOWS\system32\sblfx.dll
2011-07-21 23:33:21 ----A---- C:\WINDOWS\system32\ksuser.dll
2011-07-21 23:33:21 ----A---- C:\WINDOWS\system32\drivers\sfmanm.sys
2011-07-21 23:33:21 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2011-07-21 23:33:21 ----A---- C:\WINDOWS\system32\drivers\emu10k1m.sys
2011-07-21 23:33:20 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2011-07-21 23:33:20 ----A---- C:\WINDOWS\system32\drivers\ctlfacem.sys
2011-07-21 23:33:20 ----A---- C:\WINDOWS\system32\devldr32.exe
2011-07-21 23:33:20 ----A---- C:\WINDOWS\system32\devcon32.dll
2011-07-21 23:33:20 ----A---- C:\WINDOWS\system32\ctwdm32.dll
2011-07-21 23:33:18 ----A---- C:\WINDOWS\system32\drivers\gameenum.sys
2011-07-21 23:33:18 ----A---- C:\WINDOWS\system32\drivers\ctljystk.sys
2011-07-21 23:33:08 ----A---- C:\WINDOWS\system32\usbui.dll
2011-07-21 23:32:02 ----A---- C:\WINDOWS\imsins.BAK
2011-07-21 23:31:56 ----D---- C:\Program Files\Common Files\ODBC
2011-07-21 23:31:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-21 23:31:56 ----A---- C:\WINDOWS\ODBCINST.INI
2011-07-21 23:31:53 ----D---- C:\Program Files\Common Files\SpeechEngines
2011-07-21 23:31:52 ----RD---- C:\Program Files
2011-07-21 23:31:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-07-21 23:31:52 ----D---- C:\Program Files\Common Files
2011-07-21 23:31:49 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2011-07-21 23:31:49 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2011-07-21 23:31:49 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2011-07-21 23:31:47 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2011-07-21 23:31:47 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2011-07-21 23:31:47 ----RA---- C:\WINDOWS\system32\kbdur.dll
2011-07-21 23:31:47 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2011-07-21 23:31:47 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2011-07-21 23:31:47 ----RA---- C:\WINDOWS\system32\kbdru.dll
2011-07-21 23:31:47 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2011-07-21 23:31:47 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2011-07-21 23:31:47 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2011-07-21 23:31:47 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2011-07-21 23:31:47 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2011-07-21 23:31:47 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2011-07-21 23:31:44 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2011-07-21 23:31:44 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2011-07-21 23:31:44 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2011-07-21 23:31:44 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2011-07-21 23:31:44 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2011-07-21 23:31:44 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2011-07-21 23:31:44 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2011-07-21 23:31:42 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2011-07-21 23:31:42 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2011-07-21 23:31:42 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2011-07-21 23:31:42 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2011-07-21 23:31:42 ----RA---- C:\WINDOWS\system32\kbdest.dll
2011-07-21 23:31:38 ----A---- C:\WINDOWS\system32\kbdycl.dll
2011-07-21 23:31:38 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2011-07-21 23:31:38 ----A---- C:\WINDOWS\system32\kbdsl.dll
2011-07-21 23:31:38 ----A---- C:\WINDOWS\system32\kbdro.dll
2011-07-21 23:31:38 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2011-07-21 23:31:38 ----A---- C:\WINDOWS\system32\kbdpl.dll
2011-07-21 23:31:38 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2011-07-21 23:31:38 ----A---- C:\WINDOWS\system32\kbdhu.dll
2011-07-21 23:31:38 ----A---- C:\WINDOWS\system32\kbdcr.dll
2011-07-21 23:31:38 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2011-07-21 23:31:37 ----A---- C:\WINDOWS\system32\irclass.dll
2011-07-21 23:31:37 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2011-07-21 23:31:37 ----A---- C:\WINDOWS\system32\dgsetup.dll
2011-07-21 23:31:37 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2011-07-21 23:31:36 ----A---- C:\WINDOWS\system32\spxcoins.dll
2011-07-21 23:31:36 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2011-07-21 23:31:36 ----A---- C:\WINDOWS\system32\batt.dll
2011-07-21 23:31:34 ----A---- C:\WINDOWS\TASKMAN.EXE
2011-07-21 23:31:34 ----A---- C:\WINDOWS\notepad.exe
2011-07-21 23:31:33 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2011-07-21 23:31:33 ----A---- C:\WINDOWS\system32\storprop.dll
2011-07-21 23:31:25 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2011-07-21 23:31:21 ----RA---- C:\WINDOWS\SET7.tmp
2011-07-21 23:31:19 ----RA---- C:\WINDOWS\SET3.tmp
2011-07-21 23:31:13 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-21 23:31:13 ----D---- C:\WINDOWS\system32\CatRoot
2011-07-21 23:31:07 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-07-21 23:30:57 ----A---- C:\WINDOWS\setuplog.txt
2011-07-21 23:30:52 ----D---- C:\Documents and Settings
2011-07-21 23:30:51 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2011-07-21 23:30:07 ----RASH---- C:\boot.ini
2011-07-21 23:26:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-21 23:26:46 ----RSD---- C:\WINDOWS\Fonts
2011-07-21 23:26:46 ----RD---- C:\WINDOWS\Web
2011-07-21 23:26:46 ----HD---- C:\WINDOWS\inf
2011-07-21 23:26:46 ----D---- C:\WINDOWS\WinSxS
2011-07-21 23:26:46 ----D---- C:\WINDOWS\twain_32
2011-07-21 23:26:46 ----D---- C:\WINDOWS\Temp
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\wins
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\wbem
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\usmt
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\spool
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\ShellExt
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\Setup
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\ras
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\oobe
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\npp
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\mui
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\inetsrv
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\IME
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\icsxml
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\ias
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\export
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\drivers\disdn
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\drivers
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\dhcp
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\config
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\3com_dmi
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\3076
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\2052
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\1054
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\1042
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\1041
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\1037
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\1033
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\1031
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\1029
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\1028
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32\1025
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system32
2011-07-21 23:26:46 ----D---- C:\WINDOWS\system
2011-07-21 23:26:46 ----D---- C:\WINDOWS\security
2011-07-21 23:26:46 ----D---- C:\WINDOWS\Resources
2011-07-21 23:26:46 ----D---- C:\WINDOWS\repair
2011-07-21 23:26:46 ----D---- C:\WINDOWS\mui
2011-07-21 23:26:46 ----D---- C:\WINDOWS\msapps
2011-07-21 23:26:46 ----D---- C:\WINDOWS\msagent
2011-07-21 23:26:46 ----D---- C:\WINDOWS\Media
2011-07-21 23:26:46 ----D---- C:\WINDOWS\java
2011-07-21 23:26:46 ----D---- C:\WINDOWS\ime
2011-07-21 23:26:46 ----D---- C:\WINDOWS\Help
2011-07-21 23:26:46 ----D---- C:\WINDOWS\Driver Cache
2011-07-21 23:26:46 ----D---- C:\WINDOWS\Debug
2011-07-21 23:26:46 ----D---- C:\WINDOWS\Cursors
2011-07-21 23:26:46 ----D---- C:\WINDOWS\Connection Wizard
2011-07-21 23:26:46 ----D---- C:\WINDOWS\Config
2011-07-21 23:26:46 ----D---- C:\WINDOWS\AppPatch
2011-07-21 23:26:46 ----D---- C:\WINDOWS\addins
2011-07-21 23:26:46 ----D---- C:\WINDOWS
2011-07-21 23:26:46 ----ASH---- C:\pagefile.sys
2011-07-21 22:20:12 ----N---- C:\WINDOWS\system32\spiisupd.exe
2011-07-21 22:20:12 ----N---- C:\WINDOWS\system32\smtpapi.dll
2011-07-21 22:20:12 ----N---- C:\WINDOWS\system32\rwnh.dll
2011-07-21 22:20:12 ----N---- C:\WINDOWS\system32\drivers\irbus.sys
2011-07-21 22:20:12 ----N---- C:\WINDOWS\system32\comsdupd.exe
2011-07-21 22:20:12 ----N---- C:\WINDOWS\system32\asr_pfu.exe
2011-07-21 22:20:07 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2011-07-21 22:20:07 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2011-07-21 22:20:07 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2011-07-21 22:20:07 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2011-07-21 22:20:07 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2011-07-21 22:20:07 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2011-07-21 22:20:07 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2011-07-21 22:20:07 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2011-07-21 22:20:07 ----N---- C:\WINDOWS\system32\drivers\amdk7.sys
2011-07-21 22:20:07 ----N---- C:\WINDOWS\system32\drivers\amdagp.sys
2011-07-21 22:20:07 ----N---- C:\WINDOWS\system32\drivers\alim1541.sys
2011-07-21 22:20:07 ----N---- C:\WINDOWS\system32\drivers\agpcpq.sys
2011-07-21 22:20:07 ----N---- C:\WINDOWS\system32\drivers\agp440.sys
2011-07-21 22:20:07 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2011-07-21 22:20:07 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2011-07-21 22:20:07 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2011-07-21 22:20:07 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2011-07-21 22:20:07 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2011-07-21 22:20:07 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2011-07-21 22:20:07 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2011-07-21 22:20:06 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2011-07-21 22:20:05 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2011-07-21 22:20:05 ----N---- C:\WINDOWS\system32\drivers\mssmbios.sys
2011-07-21 22:20:05 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2011-07-21 22:20:05 ----N---- C:\WINDOWS\system32\drivers\ip6fw.sys
2011-07-21 22:20:05 ----N---- C:\WINDOWS\system32\drivers\intelppm.sys
2011-07-21 22:20:05 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2011-07-21 22:20:05 ----N---- C:\WINDOWS\system32\drivers\http.sys
2011-07-21 22:20:05 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2011-07-21 22:20:05 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2011-07-21 22:20:05 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2011-07-21 22:20:05 ----N---- C:\WINDOWS\system32\drivers\hidir.sys
2011-07-21 22:20:05 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys
2011-07-21 22:20:05 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys
2011-07-21 22:20:05 ----N---- C:\WINDOWS\system32\drivers\fltmgr.sys
2011-07-21 22:20:05 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys
2011-07-21 22:20:05 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys
2011-07-21 22:20:05 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2011-07-21 22:20:04 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2011-07-21 22:20:04 ----N---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2011-07-21 22:20:04 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2011-07-21 22:20:04 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys
2011-07-21 22:20:04 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2011-07-21 22:20:04 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2011-07-21 22:20:03 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2011-07-21 22:20:03 ----N---- C:\WINDOWS\system32\drivers\sisagp.sys
2011-07-21 22:20:03 ----N---- C:\WINDOWS\system32\drivers\siint5.dll
2011-07-21 22:20:03 ----N---- C:\WINDOWS\system32\drivers\sffp_sd.sys
2011-07-21 22:20:03 ----N---- C:\WINDOWS\system32\drivers\sffdisk.sys
2011-07-21 22:20:03 ----N---- C:\WINDOWS\system32\drivers\sdbus.sys
2011-07-21 22:20:03 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2011-07-21 22:20:03 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys
2011-07-21 22:20:03 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys
2011-07-21 22:20:02 ----N---- C:\WINDOWS\system32\drivers\usbehci.sys
2011-07-21 22:20:02 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys
2011-07-21 22:20:02 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys
2011-07-21 22:20:02 ----N---- C:\WINDOWS\system32\drivers\tunmp.sys
2011-07-21 22:20:02 ----N---- C:\WINDOWS\system32\drivers\smbali.sys
2011-07-21 22:20:02 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2011-07-21 22:20:02 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2011-07-21 22:20:02 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2011-07-21 22:20:01 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2011-07-21 22:20:01 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2011-07-21 22:20:01 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2011-07-21 22:20:01 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2011-07-21 22:20:01 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2011-07-21 22:20:01 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2011-07-21 22:20:01 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys
2011-07-21 22:20:01 ----N---- C:\WINDOWS\system32\drivers\viaagp.sys
2011-07-21 22:20:01 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll
2011-07-21 22:20:01 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys
2011-07-21 22:20:01 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2011-07-21 22:20:01 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2011-07-21 22:20:01 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2011-07-21 22:20:01 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2011-07-21 22:20:00 ----N---- C:\WINDOWS\system32\dsprpres.dll
2011-07-21 22:20:00 ----N---- C:\WINDOWS\system32\d3d9.dll
2011-07-21 22:20:00 ----N---- C:\WINDOWS\system32\cmsetacl.dll
2011-07-21 22:20:00 ----N---- C:\WINDOWS\system32\btpanui.dll
2011-07-21 22:20:00 ----N---- C:\WINDOWS\system32\bthserv.dll
2011-07-21 22:20:00 ----N---- C:\WINDOWS\system32\bthci.dll
2011-07-21 22:20:00 ----N---- C:\WINDOWS\system32\blastcln.exe
2011-07-21 22:20:00 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2011-07-21 22:20:00 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2011-07-21 22:20:00 ----N---- C:\WINDOWS\system32\auditusr.exe
2011-07-21 22:20:00 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2011-07-21 22:20:00 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2011-07-21 22:20:00 ----N---- C:\WINDOWS\system32\ati3duag.dll
2011-07-21 22:19:59 ----N---- C:\WINDOWS\system32\ieencode.dll
2011-07-21 22:19:59 ----N---- C:\WINDOWS\system32\httpapi.dll
2011-07-21 22:19:59 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2011-07-21 22:19:59 ----N---- C:\WINDOWS\system32\hccoin.dll
2011-07-21 22:19:59 ----N---- C:\WINDOWS\system32\fwcfg.dll
2011-07-21 22:19:59 ----N---- C:\WINDOWS\system32\fsquirt.exe
2011-07-21 22:19:59 ----N---- C:\WINDOWS\system32\fltmc.exe
2011-07-21 22:19:59 ----N---- C:\WINDOWS\system32\fltlib.dll
2011-07-21 22:19:59 ----N---- C:\WINDOWS\system32\extmgr.dll
2011-07-21 22:19:59 ----N---- C:\WINDOWS\system32\encdec.dll
2011-07-21 22:19:59 ----N---- C:\WINDOWS\system32\encapi.dll
2011-07-21 22:19:59 ----N---- C:\WINDOWS\system32\dxdiagn.dll
2011-07-21 22:19:57 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2011-07-21 22:19:57 ----N---- C:\WINDOWS\system32\mssap.dll
2011-07-21 22:19:57 ----N---- C:\WINDOWS\system32\mspmsnsv.dll
2011-07-21 22:19:57 ----N---- C:\WINDOWS\system32\msftedit.dll
2011-07-21 22:19:57 ----N---- C:\WINDOWS\system32\msdadiag.dll
2011-07-21 22:19:57 ----N---- C:\WINDOWS\system32\mp4sdmod.dll
2011-07-21 22:19:57 ----N---- C:\WINDOWS\system32\mp43dmod.dll
2011-07-21 22:19:57 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2011-07-21 22:19:57 ----N---- C:\WINDOWS\system32\kbdukx.dll
2011-07-21 22:19:57 ----N---- C:\WINDOWS\system32\kbdsmsno.dll
2011-07-21 22:19:57 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll
2011-07-21 22:19:57 ----N---- C:\WINDOWS\system32\kbdno1.dll
2011-07-21 22:19:57 ----N---- C:\WINDOWS\system32\kbdmlt48.dll
2011-07-21 22:19:57 ----N---- C:\WINDOWS\system32\kbdmlt47.dll
2011-07-21 22:19:57 ----N---- C:\WINDOWS\system32\kbdmaori.dll
2011-07-21 22:19:57 ----N---- C:\WINDOWS\system32\kbdinmal.dll
2011-07-21 22:19:57 ----N---- C:\WINDOWS\system32\kbdinben.dll
2011-07-21 22:19:57 ----N---- C:\WINDOWS\system32\kbdinbe1.dll
2011-07-21 22:19:57 ----N---- C:\WINDOWS\system32\kbdfi1.dll
2011-07-21 22:19:56 ----N---- C:\WINDOWS\system32\xpob2res.dll
2011-07-21 22:19:56 ----N---- C:\WINDOWS\system32\powercfg.exe
2011-07-21 22:19:56 ----N---- C:\WINDOWS\system32\pnrpnsp.dll
2011-07-21 22:19:56 ----N---- C:\WINDOWS\system32\p2psvc.dll
2011-07-21 22:19:56 ----N---- C:\WINDOWS\system32\p2pnetsh.dll
2011-07-21 22:19:56 ----N---- C:\WINDOWS\system32\p2pgraph.dll
2011-07-21 22:19:56 ----N---- C:\WINDOWS\system32\p2pgasvc.dll
2011-07-21 22:19:56 ----N---- C:\WINDOWS\system32\p2p.dll
2011-07-21 22:19:56 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2011-07-21 22:19:55 ----N---- C:\WINDOWS\system32\xpsp2res.dll
2011-07-21 22:19:55 ----N---- C:\WINDOWS\system32\xpsp1res.dll
2011-07-21 22:19:55 ----N---- C:\WINDOWS\system32\twext.dll
2011-07-21 22:19:55 ----N---- C:\WINDOWS\system32\strmfilt.dll
2011-07-21 22:19:55 ----N---- C:\WINDOWS\system32\smbinst.exe
2011-07-21 22:19:55 ----N---- C:\WINDOWS\system32\slserv.exe
2011-07-21 22:19:55 ----N---- C:\WINDOWS\system32\slrundll.exe
2011-07-21 22:19:55 ----N---- C:\WINDOWS\system32\slgen.dll
2011-07-21 22:19:55 ----N---- C:\WINDOWS\system32\slextspk.dll
2011-07-21 22:19:55 ----N---- C:\WINDOWS\system32\slcoinst.dll
2011-07-21 22:19:55 ----N---- C:\WINDOWS\system32\sdhcinst.dll
2011-07-21 22:19:55 ----N---- C:\WINDOWS\system32\sbeio.dll
2011-07-21 22:19:55 ----N---- C:\WINDOWS\system32\sbe.dll
2011-07-21 22:19:55 ----N---- C:\WINDOWS\system32\s3gnb.dll
2011-07-21 22:19:54 ----N---- C:\WINDOWS\system32\wmpdxm.dll
2011-07-21 22:19:54 ----N---- C:\WINDOWS\system32\wmpasf.dll
2011-07-21 22:19:54 ----N---- C:\WINDOWS\system32\wmp.dll
2011-07-21 22:19:54 ----N---- C:\WINDOWS\system32\wmidx.dll
2011-07-21 22:19:54 ----N---- C:\WINDOWS\system32\wmerror.dll
2011-07-21 22:19:54 ----N---- C:\WINDOWS\system32\winshfhc.dll
2011-07-21 22:19:54 ----N---- C:\WINDOWS\system32\winhttp.dll
2011-07-21 22:19:54 ----N---- C:\WINDOWS\system32\winbrand.dll
2011-07-21 22:19:54 ----N---- C:\WINDOWS\system32\w3ssl.dll
2011-07-21 22:19:53 ----N---- C:\WINDOWS\system32\wuapi.dll
2011-07-21 22:19:53 ----N---- C:\WINDOWS\system32\wshbth.dll
2011-07-21 22:19:53 ----N---- C:\WINDOWS\system32\wscsvc.dll
2011-07-21 22:19:53 ----N---- C:\WINDOWS\system32\wscntfy.exe
2011-07-21 22:19:53 ----N---- C:\WINDOWS\system32\wmvdmoe2.dll
2011-07-21 22:19:53 ----N---- C:\WINDOWS\system32\wmspdmoe.dll
2011-07-21 22:19:53 ----N---- C:\WINDOWS\system32\wmspdmod.dll
2011-07-21 22:19:53 ----N---- C:\WINDOWS\system32\wmsdmoe2.dll
2011-07-21 22:19:52 ----N---- C:\WINDOWS\system32\xmlprovi.dll
2011-07-21 22:19:52 ----N---- C:\WINDOWS\system32\xmlprov.dll
2011-07-21 22:19:52 ----N---- C:\WINDOWS\system32\wuweb.dll
2011-07-21 22:19:52 ----N---- C:\WINDOWS\system32\wups.dll
2011-07-21 22:19:52 ----N---- C:\WINDOWS\system32\wucltui.dll
2011-07-21 22:19:52 ----N---- C:\WINDOWS\system32\wuaueng1.dll
2011-07-21 22:19:52 ----N---- C:\WINDOWS\system32\wuauclt1.exe
2011-07-21 22:19:52 ----N---- C:\WINDOWS\slrundll.exe
2011-07-21 22:19:49 ----D---- C:\WINDOWS\peernet
2011-07-21 22:19:48 ----D---- C:\WINDOWS\provisioning
2011-07-21 22:17:33 ----D---- C:\WINDOWS\ServicePackFiles
2011-07-21 22:14:12 ----N---- C:\WINDOWS\system32\spmsg.dll
2011-07-21 22:14:11 ----A---- C:\WINDOWS\002252_.tmp
2011-07-21 22:14:09 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-07-21 22:13:50 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2011-07-21 22:11:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2011-07-21 22:11:36 ----D---- C:\WINDOWS\EHome
2011-07-21 22:08:31 ----A---- C:\WINDOWS\zip.exe
2011-07-21 22:08:31 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-07-21 22:08:31 ----A---- C:\WINDOWS\SWSC.exe
2011-07-21 22:08:31 ----A---- C:\WINDOWS\SWREG.exe
2011-07-21 22:08:31 ----A---- C:\WINDOWS\sed.exe
2011-07-21 22:08:31 ----A---- C:\WINDOWS\PEV.exe
2011-07-21 22:08:31 ----A---- C:\WINDOWS\NIRCMD.exe
2011-07-21 22:08:31 ----A---- C:\WINDOWS\MBR.exe
2011-07-21 22:08:31 ----A---- C:\WINDOWS\grep.exe
2011-07-21 22:08:27 ----D---- C:\WINDOWS\ERDNT
2011-07-21 22:08:26 ----SD---- C:\breberka.com
2011-07-21 22:08:23 ----D---- C:\Qoobox
2011-07-21 22:06:20 ----D---- C:\Program Files\trend micro
2011-07-21 22:06:19 ----D---- C:\rsit
2011-07-21 22:03:03 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2011-07-21 22:03:02 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2011-07-21 22:02:58 ----SHD---- C:\WINDOWS\CSC
2011-07-21 22:02:52 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-21 21:52:43 ----SHD---- C:\WINDOWS\Installer
2011-07-21 21:52:34 ----HD---- C:\Program Files\Uninstall Information
2011-07-21 21:51:48 ----SHD---- C:\System Volume Information
2011-07-21 21:51:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-21 21:50:34 ----AS---- C:\WINDOWS\bootstat.dat
2011-07-21 21:47:36 ----D---- C:\WINDOWS\system32\xircom
2011-07-21 21:47:36 ----D---- C:\Program Files\xerox
2011-07-21 21:47:36 ----D---- C:\Program Files\microsoft frontpage
2011-07-21 21:47:04 ----RASH---- C:\MSDOS.SYS
2011-07-21 21:47:04 ----RASH---- C:\IO.SYS
2011-07-21 21:47:04 ----A---- C:\WINDOWS\control.ini
2011-07-21 21:47:04 ----A---- C:\CONFIG.SYS
2011-07-21 21:47:04 ----A---- C:\AUTOEXEC.BAT
2011-07-21 21:46:55 ----A---- C:\WINDOWS\OEWABLog.txt
2011-07-21 21:46:50 ----A---- C:\WINDOWS\system32\mapi32.dll
2011-07-21 21:45:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-07-21 21:45:41 ----RD---- C:\WINDOWS\Offline Web Pages
2011-07-21 21:45:11 ----D---- C:\WINDOWS\srchasst
2011-07-21 21:45:00 ----D---- C:\WINDOWS\system32\Macromed
2011-07-21 21:45:00 ----D---- C:\WINDOWS\system32\DirectX
2011-07-21 21:44:48 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2011-07-21 21:44:48 ----A---- C:\WINDOWS\system32\qmgr.dll
2011-07-21 21:44:47 ----D---- C:\Program Files\Movie Maker
2011-07-21 21:44:26 ----A---- C:\WINDOWS\system32\safrslv.dll
2011-07-21 21:44:26 ----A---- C:\WINDOWS\system32\safrdm.dll
2011-07-21 21:44:26 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2011-07-21 21:44:26 ----A---- C:\WINDOWS\system32\racpldlg.dll
2011-07-21 21:44:26 ----A---- C:\WINDOWS\system32\atrace.dll
2011-07-21 21:44:22 ----A---- C:\WINDOWS\system32\desktop.ini
2011-07-21 21:44:22 ----A---- C:\WINDOWS\desktop.ini
2011-07-21 21:44:14 ----D---- C:\WINDOWS\system32\Restore
2011-07-21 21:44:14 ----A---- C:\WINDOWS\system32\srsvc.dll
2011-07-21 21:44:14 ----A---- C:\WINDOWS\system32\srrstr.dll
2011-07-21 21:44:14 ----A---- C:\WINDOWS\system32\srclient.dll
2011-07-21 21:44:14 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2011-07-21 21:44:13 ----D---- C:\Program Files\Windows Media Player
2011-07-21 21:44:13 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2011-07-21 21:44:13 ----A---- C:\WINDOWS\system32\mnmdd.dll
2011-07-21 21:44:13 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2011-07-21 21:44:13 ----A---- C:\WINDOWS\system32\ils.dll
2011-07-21 21:44:12 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2011-07-21 21:44:12 ----A---- C:\WINDOWS\system32\msconf.dll
2011-07-21 21:44:12 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2011-07-21 21:44:09 ----D---- C:\Program Files\NetMeeting
2011-07-21 21:44:08 ----D---- C:\WINDOWS\PCHEALTH
2011-07-21 21:44:08 ----A---- C:\WINDOWS\system32\msoert2.dll
2011-07-21 21:44:08 ----A---- C:\WINDOWS\system32\msoeacct.dll
2011-07-21 21:44:08 ----A---- C:\WINDOWS\system32\acctres.dll
2011-07-21 21:44:07 ----D---- C:\Program Files\Common Files\Services
2011-07-21 21:44:06 ----A---- C:\WINDOWS\system32\inetres.dll
2011-07-21 21:44:06 ----A---- C:\WINDOWS\system32\inetcomm.dll
2011-07-21 21:44:02 ----D---- C:\Program Files\Outlook Express
2011-07-21 21:44:01 ----SD---- C:\WINDOWS\Tasks
2011-07-21 21:44:01 ----A---- C:\WINDOWS\system32\schedsvc.dll
2011-07-21 21:44:01 ----A---- C:\WINDOWS\system32\mstinit.exe
2011-07-21 21:44:01 ----A---- C:\WINDOWS\system32\mstask.dll
2011-07-21 21:44:01 ----A---- C:\WINDOWS\system32\icwphbk.dll
2011-07-21 21:44:01 ----A---- C:\WINDOWS\system32\icwdial.dll
2011-07-21 21:44:00 ----A---- C:\WINDOWS\system32\isign32.dll
2011-07-21 21:44:00 ----A---- C:\WINDOWS\system32\inetcfg.dll
2011-07-21 21:44:00 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2011-07-21 21:43:58 ----D---- C:\Program Files\Common Files\MSSoap
2011-07-21 21:43:53 ----D---- C:\Program Files\Common Files\System
2011-07-21 21:43:50 ----D---- C:\Program Files\Internet Explorer
2011-07-21 21:43:10 ----A---- C:\WINDOWS\system32\emptyregdb.dat
2011-07-21 21:42:59 ----D---- C:\Program Files\ComPlus Applications
2011-07-21 21:42:57 ----A---- C:\WINDOWS\vbaddin.ini
2011-07-21 21:42:57 ----A---- C:\WINDOWS\vb.ini
2011-07-21 21:42:51 ----D---- C:\WINDOWS\Registration
2011-07-21 21:42:39 ----RSH---- C:\WINDOWS\system32\host.exe
2011-07-21 21:42:33 ----HD---- C:\Program Files\WindowsUpdate
2011-07-21 21:42:33 ----D---- C:\Program Files\Online Services
2011-07-21 21:42:26 ----D---- C:\Program Files\Messenger
2011-07-21 21:42:21 ----D---- C:\Program Files\MSN
2011-07-21 21:42:17 ----D---- C:\Program Files\MSN Gaming Zone
2011-07-21 21:42:17 ----A---- C:\WINDOWS\system32\write.exe
2011-07-21 21:42:06 ----A---- C:\WINDOWS\system32\sndvol32.exe
2011-07-21 21:42:06 ----A---- C:\WINDOWS\system32\sndrec32.exe
2011-07-21 21:42:06 ----A---- C:\WINDOWS\system32\accwiz.exe
2011-07-21 21:42:05 ----A---- C:\WINDOWS\system32\mplay32.exe
2011-07-21 21:42:05 ----A---- C:\WINDOWS\system32\hypertrm.dll
2011-07-21 21:42:05 ----A---- C:\WINDOWS\system32\hticons.dll
2011-07-21 21:42:05 ----A---- C:\WINDOWS\system32\avwav.dll
2011-07-21 21:42:05 ----A---- C:\WINDOWS\system32\avtapi.dll
2011-07-21 21:42:05 ----A---- C:\WINDOWS\system32\avmeter.dll
2011-07-21 21:42:04 ----D---- C:\Program Files\Windows NT
2011-07-21 21:42:04 ----A---- C:\WINDOWS\system32\winchat.exe
2011-07-21 21:42:03 ----A---- C:\WINDOWS\system32\mspaint.exe
2011-07-21 21:41:57 ----A---- C:\WINDOWS\system32\clipbrd.exe
2011-07-21 21:41:56 ----A---- C:\WINDOWS\system32\charmap.exe
2011-07-21 21:41:56 ----A---- C:\WINDOWS\system32\getuname.dll
2011-07-21 21:41:56 ----A---- C:\WINDOWS\system32\calc.exe
2011-07-21 21:41:55 ----A---- C:\WINDOWS\system32\winmine.exe
2011-07-21 21:41:55 ----A---- C:\WINDOWS\system32\spider.exe
2011-07-21 21:41:55 ----A---- C:\WINDOWS\system32\sol.exe
2011-07-21 21:41:54 ----A---- C:\WINDOWS\system32\wuauserv.dll
2011-07-21 21:41:54 ----A---- C:\WINDOWS\system32\wuaueng.dll
2011-07-21 21:41:54 ----A---- C:\WINDOWS\system32\wuauclt.exe
2011-07-21 21:41:54 ----A---- C:\WINDOWS\system32\mshearts.exe
2011-07-21 21:41:54 ----A---- C:\WINDOWS\system32\freecell.exe
2011-07-21 21:41:54 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2011-07-21 21:41:54 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2011-07-21 21:41:53 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2011-07-21 21:41:53 ----A---- C:\WINDOWS\system32\sessmgr.exe
2011-07-21 21:41:53 ----A---- C:\WINDOWS\system32\reset.exe
2011-07-21 21:41:53 ----A---- C:\WINDOWS\system32\remotepg.dll
2011-07-21 21:41:53 ----A---- C:\WINDOWS\system32\rdshost.exe
2011-07-21 21:41:53 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2011-07-21 21:41:53 ----A---- C:\WINDOWS\system32\mstscax.dll
2011-07-21 21:41:53 ----A---- C:\WINDOWS\system32\mstsc.exe
2011-07-21 21:41:53 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2011-07-21 21:41:52 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2011-07-21 21:41:52 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2011-07-21 21:41:52 ----A---- C:\WINDOWS\system32\tslabels.ini
2011-07-21 21:41:52 ----A---- C:\WINDOWS\system32\tskill.exe
2011-07-21 21:41:52 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2011-07-21 21:41:52 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2011-07-21 21:41:52 ----A---- C:\WINDOWS\system32\tscon.exe
2011-07-21 21:41:52 ----A---- C:\WINDOWS\system32\termsrv.dll
2011-07-21 21:41:52 ----A---- C:\WINDOWS\system32\shadow.exe
2011-07-21 21:41:52 ----A---- C:\WINDOWS\system32\rdchost.dll
2011-07-21 21:41:51 ----A---- C:\WINDOWS\system32\rwinsta.exe
2011-07-21 21:41:51 ----A---- C:\WINDOWS\system32\regini.exe
2011-07-21 21:41:51 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2011-07-21 21:41:51 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2011-07-21 21:41:51 ----A---- C:\WINDOWS\system32\rdpclip.exe
2011-07-21 21:41:51 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2011-07-21 21:41:51 ----A---- C:\WINDOWS\system32\qwinsta.exe
2011-07-21 21:41:51 ----A---- C:\WINDOWS\system32\qprocess.exe
2011-07-21 21:41:51 ----A---- C:\WINDOWS\system32\qappsrv.exe
2011-07-21 21:41:51 ----A---- C:\WINDOWS\system32\msg.exe
2011-07-21 21:41:51 ----A---- C:\WINDOWS\system32\logoff.exe
2011-07-21 21:41:51 ----A---- C:\WINDOWS\system32\icaapi.dll
2011-07-21 21:41:50 ----D---- C:\WINDOWS\system32\MsDtc
2011-07-21 21:41:50 ----A---- C:\WINDOWS\system32\mtxoci.dll
2011-07-21 21:41:50 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2011-07-21 21:41:50 ----A---- C:\WINDOWS\system32\msdtctm.dll
2011-07-21 21:41:50 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2011-07-21 21:41:50 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2011-07-21 21:41:50 ----A---- C:\WINDOWS\system32\cdmodem.dll
2011-07-21 21:41:49 ----A---- C:\WINDOWS\system32\xolehlp.dll
2011-07-21 21:41:49 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2011-07-21 21:41:49 ----A---- C:\WINDOWS\system32\msdtclog.dll
2011-07-21 21:41:49 ----A---- C:\WINDOWS\system32\msdtc.exe
2011-07-21 21:41:48 ----D---- C:\WINDOWS\system32\Com
2011-07-21 21:41:48 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2011-07-21 21:41:48 ----A---- C:\WINDOWS\system32\mtxex.dll
2011-07-21 21:41:48 ----A---- C:\WINDOWS\system32\mtxdm.dll
2011-07-21 21:41:48 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2011-07-21 21:41:47 ----A---- C:\WINDOWS\system32\stclient.dll
2011-07-21 21:41:47 ----A---- C:\WINDOWS\system32\comrepl.dll
2011-07-21 21:41:47 ----A---- C:\WINDOWS\system32\comaddin.dll
2011-07-21 21:41:47 ----A---- C:\WINDOWS\system32\colbact.dll
2011-07-21 21:41:47 ----A---- C:\WINDOWS\system32\clbcatex.dll
2011-07-21 21:41:47 ----A---- C:\WINDOWS\system32\catsrvut.dll
2011-07-21 21:41:47 ----A---- C:\WINDOWS\system32\catsrvps.dll
2011-07-21 21:41:47 ----A---- C:\WINDOWS\system32\catsrv.dll
2011-07-21 21:41:46 ----A---- C:\WINDOWS\system32\comuid.dll
2011-07-21 21:41:46 ----A---- C:\WINDOWS\system32\comsvcs.dll
2011-07-21 21:41:46 ----A---- C:\WINDOWS\system32\comsnap.dll
2011-07-21 21:41:46 ----A---- C:\WINDOWS\system32\clbcatq.dll
2011-07-21 21:41:35 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2011-07-21 21:41:35 ----A---- C:\WINDOWS\system32\servdeps.dll
2011-07-21 21:41:34 ----A---- C:\WINDOWS\system32\mmfutil.dll
2011-07-21 21:41:34 ----A---- C:\WINDOWS\system32\licwmi.dll
2011-07-21 21:41:34 ----A---- C:\WINDOWS\system32\cmprops.dll
2011-07-21 21:41:32 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2011-07-21 21:41:31 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys

======List of files/folders modified in the last 1 month======

2011-07-21 23:31:51 ----A---- C:\WINDOWS\system.ini
2011-07-21 22:21:02 ----A---- C:\WINDOWS\win.ini
2011-07-21 22:15:05 ----RASH---- C:\NTDETECT.COM
2011-07-21 21:46:34 ----ASH---- C:\WINDOWS\fonts\desktop.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\System32\DRIVERS\uagp35.sys [2004-08-03 44672]
R3 EL90X;3Com EtherLink XL 90X Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xnd5.sys [2001-10-24 153631]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-17 41216]
S3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2004-08-03 15872]

-----------------EOF-----------------


RKILL:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 21.07.2011 at 22:28:14.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 21.07.2011 at 22:28:18.

EXEHELPER:
exeHelper by Raktor
Build 20100414
Run at 22:07:21 on 07/21/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 22:28:31 on 07/21/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


ROGUEKILLER:
RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Administrator [Admin rights]
Mode: Remove -- Date : 07/21/2011 22:29:20

Bad processes: 0

Registry Entries: 3
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[] HKLM\[...]\Windows : () -> ACCESS DENIED

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt



Teď jdu na Combofix, tak jak bude dokončen, vložím sem jeho LOG... Omlouvám se, že to tak dlouho trvalo, ale jsem v těchto věcech opravdový začátečník...

[motji]

To jste instaloval windows bez formátu? Protože breberky tam jsou pořád.

[Sunny03]

Ne, ne... Nejdříve jsem formátoval a pak teprve instaloval ve formátu NTFS... Jak je to možné? Jinak bych chtěl moc poděkovat za radu ohledně Combofixu. Ve stavu nouze a s přejmenovaným názvem proběhl naprosto v pořádku. Tady je report:

ComboFix 11-07-21.02 - Administrator 21.07.2011 22:40:02.1.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.287 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\breberka.com.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\host.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-21 do 2011-07-21 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ALG
*NewlyCreated* - DCOMLAUNCH
*NewlyCreated* - FLTMGR
*NewlyCreated* - IPNAT
*NewlyCreated* - SPUPDSVC
*NewlyCreated* - WUAUSERV
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-21 22:43
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2011-07-21 22:45:25
ComboFix-quarantined-files.txt 2011-07-21 20:45
.
Před spuštěním: Volných bajtů: 16 844 308 480
Po spuštění: Volných bajtů: 16 822 910 976
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - BBF675C6B9027C2A506C0D8879CB2A2B

[motji]

Ted to s počítačem vypadá jak?

[Sunny03]

No tak zatím jede v pořádku... Znamená to, že je konec?

[motji]

skoro

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[Sunny03]

Zadal jsem rychlý test a toto mi vyskočilo...

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7224

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

21.7.2011 23:26:54
mbam-log-2011-07-21 (23-26-49).txt

Typ kontroly: Rychlý test
Testované objekty: 151002
Uplynulý čas: 3 minut, 26 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\Windows Update (Backdoor.Bot) -> Value: Windows Update -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[motji]

Smazat a uplný sken

[Sunny03]

Úplný sken... Toto je výsledek:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7224

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

21.7.2011 23:59:52
mbam-log-2011-07-21 (23-59-50).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 195437
Uplynulý čas: 19 minut, 46 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Qoobox\quarantine\C\WINDOWS\system32\host.exe.vir (Backdoor.Bot.pcrypt) -> No action taken.
c:\system volume information\_restore{6a69d674-2d7d-42f7-af78-db48e8ca3e6d}\RP1\A0004586.exe (Backdoor.Bot.pcrypt) -> No action taken.
d:\instalace a zálohy\virtual dj +crack and skins\Crack.exe (RiskWare.Tool.CK) -> No action taken.

[motji]

Vše smažte.

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://tharifas.sweb.cz/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?