Prosím o kontrolu logu

Zpráva

#76 Příspěvek od **motji** » 02 zář 2009 10:57

Ahoj

zkusíme, já se jen tak nevzdávám

. Koukneme první na viry a pak na vypalovačku. Jinak NOD maže viry, ale něco nezvládá.

:arrow:Stáhněte OTM http://oldtimer.geekstogo.com/OTM.exe
Stáhněte na plochu Otm, 2krát klikněte na Otm,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru skopírujete skript

Kód: Vybrat vše

:processes
explorer.exe
 
:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s

:commands
[emptytemp]
[start explorer]
[Reboot]

-klikněte na červené tlačítko Moveit!
-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTM\MovedFiles. Log vložte sem

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem

Frenki · #77 Příspěvek od **Frenki** » 02 zář 2009 11:19

OTM log:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\002864_.tmp moved successfully.
C:\WINDOWS\SET25.tmp moved successfully.
C:\WINDOWS\SET26.tmp moved successfully.
C:\WINDOWS\SET27.tmp moved successfully.
C:\WINDOWS\SET28.tmp moved successfully.
C:\WINDOWS\SET29.tmp moved successfully.
C:\WINDOWS\SET2A.tmp moved successfully.
C:\WINDOWS\SET2B.tmp moved successfully.
C:\WINDOWS\SET2C.tmp moved successfully.
C:\WINDOWS\SET2D.tmp moved successfully.
C:\WINDOWS\SET2E.tmp moved successfully.
C:\WINDOWS\SET2F.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET30.tmp moved successfully.
C:\WINDOWS\SET31.tmp moved successfully.
C:\WINDOWS\SET32.tmp moved successfully.
C:\WINDOWS\SET33.tmp moved successfully.
C:\WINDOWS\SET34.tmp moved successfully.
C:\WINDOWS\SET35.tmp moved successfully.
C:\WINDOWS\SET36.tmp moved successfully.
C:\WINDOWS\SET37.tmp moved successfully.
C:\WINDOWS\SET38.tmp moved successfully.
C:\WINDOWS\SET39.tmp moved successfully.
C:\WINDOWS\SET3A.tmp moved successfully.
C:\WINDOWS\SET3B.tmp moved successfully.
C:\WINDOWS\SET3C.tmp moved successfully.
C:\WINDOWS\SET3D.tmp moved successfully.
C:\WINDOWS\SET3E.tmp moved successfully.
C:\WINDOWS\SET3F.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET40.tmp moved successfully.
C:\WINDOWS\SET41.tmp moved successfully.
C:\WINDOWS\SET42.tmp moved successfully.
C:\WINDOWS\SET43.tmp moved successfully.
C:\WINDOWS\SET44.tmp moved successfully.
C:\WINDOWS\SET45.tmp moved successfully.
C:\WINDOWS\SET46.tmp moved successfully.
C:\WINDOWS\SET47.tmp moved successfully.
C:\WINDOWS\SET48.tmp moved successfully.
C:\WINDOWS\SET49.tmp moved successfully.
C:\WINDOWS\SET4A.tmp moved successfully.
C:\WINDOWS\SET4B.tmp moved successfully.
C:\WINDOWS\SET4C.tmp moved successfully.
C:\WINDOWS\SET4D.tmp moved successfully.
C:\WINDOWS\SET4E.tmp moved successfully.
C:\WINDOWS\SET4F.tmp moved successfully.
C:\WINDOWS\SET50.tmp moved successfully.
C:\WINDOWS\SET51.tmp moved successfully.
C:\WINDOWS\SET52.tmp moved successfully.
C:\WINDOWS\SET53.tmp moved successfully.
C:\WINDOWS\SET54.tmp moved successfully.
C:\WINDOWS\SET55.tmp moved successfully.
C:\WINDOWS\SET56.tmp moved successfully.
C:\WINDOWS\SET57.tmp moved successfully.
C:\WINDOWS\SET58.tmp moved successfully.
C:\WINDOWS\SET59.tmp moved successfully.
C:\WINDOWS\SET5A.tmp moved successfully.
C:\WINDOWS\SET5B.tmp moved successfully.
C:\WINDOWS\SET5C.tmp moved successfully.
C:\WINDOWS\SET5D.tmp moved successfully.
C:\WINDOWS\SET5E.tmp moved successfully.
C:\WINDOWS\SET5F.tmp moved successfully.
C:\WINDOWS\SET60.tmp moved successfully.
C:\WINDOWS\SET61.tmp moved successfully.
C:\WINDOWS\SET62.tmp moved successfully.
C:\WINDOWS\SET63.tmp moved successfully.
C:\WINDOWS\SET64.tmp moved successfully.
C:\WINDOWS\SET65.tmp moved successfully.
C:\WINDOWS\SET66.tmp moved successfully.
C:\WINDOWS\SET67.tmp moved successfully.
C:\WINDOWS\SET68.tmp moved successfully.
C:\WINDOWS\SET69.tmp moved successfully.
C:\WINDOWS\SET6A.tmp moved successfully.
C:\WINDOWS\SET6B.tmp moved successfully.
C:\WINDOWS\SET6C.tmp moved successfully.
C:\WINDOWS\SET6D.tmp moved successfully.
C:\WINDOWS\SET6E.tmp moved successfully.
C:\WINDOWS\SET6F.tmp moved successfully.
C:\WINDOWS\SET70.tmp moved successfully.
C:\WINDOWS\SET71.tmp moved successfully.
C:\WINDOWS\SET72.tmp moved successfully.
C:\WINDOWS\SET73.tmp moved successfully.
C:\WINDOWS\SET74.tmp moved successfully.
C:\WINDOWS\SET75.tmp moved successfully.
C:\WINDOWS\SET76.tmp moved successfully.
C:\WINDOWS\SET77.tmp moved successfully.
C:\WINDOWS\SET78.tmp moved successfully.
C:\WINDOWS\SET79.tmp moved successfully.
C:\WINDOWS\SET7A.tmp moved successfully.
C:\WINDOWS\SET7B.tmp moved successfully.
C:\WINDOWS\SET7C.tmp moved successfully.
C:\WINDOWS\SET7D.tmp moved successfully.
C:\WINDOWS\SET7E.tmp moved successfully.
C:\WINDOWS\SET7F.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\SET80.tmp moved successfully.
C:\WINDOWS\SET81.tmp moved successfully.
C:\WINDOWS\SET82.tmp moved successfully.
C:\WINDOWS\SET83.tmp moved successfully.
C:\WINDOWS\SET84.tmp moved successfully.
C:\WINDOWS\SET85.tmp moved successfully.
C:\WINDOWS\SET86.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3C28.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6A87.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP762.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA10.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\system32\Com\COM406.tmp moved successfully.
C:\WINDOWS\Temp\HTT4A.tmp moved successfully.
C:\WINDOWS\Temp\NOD1B92.tmp moved successfully.
C:\WINDOWS\Temp\NOD7D78.tmp moved successfully.
C:\WINDOWS\Temp\NODD00.tmp moved successfully.
C:\WINDOWS\Temp\NODE9.tmp moved successfully.
C:\WINDOWS\Temp\NODEB.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Vít
->Temp folder emptied: -69004689 bytes
->Temporary Internet Files folder emptied: 1213744 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 53330793 bytes

C:\USMT.TMP\USMT2.HN folder deleted successfully.
C:\USMT.TMP\DIR0005.TMP folder deleted successfully.
C:\USMT.TMP folder deleted successfully.
%systemdrive% .tmp files removed: 33224 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 10200 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = -13,69 mb

OTM by OldTimer - Version 3.0.0.6 log created on 09022009_121053

Files moved on Reboot...

Registry entries deleted on Reboot...

A teď jdu udělat ostatní.A jinak mi už si tykáme

#78 Příspěvek od **motji** » 02 zář 2009 11:20

Promin, návody mám napsané na vykání

Frenki · #79 Příspěvek od **Frenki** » 02 zář 2009 12:05

log combofix:

ComboFix 09-09-01.04 - Vít 02.09.2009 12:46.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.287.93 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vít\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1004336348-839522115-1957994488-1003
c:\recycler\S-1-5-21-1214440339-492894223-1060284298-1003
c:\recycler\S-1-5-21-484763869-764733703-842925246-1003
c:\recycler\S-1-5-21-484763869-764733703-842925246-500
c:\windows\system32\drivers\kungsfsxddddqg.sys
c:\windows\system32\kungsfckaoyrlt.dll
c:\windows\system32\kungsfmhaodtiw.dll
c:\windows\system32\kungsfvnxttdrx.dat
c:\windows\system32\kungsfynkexlky.dat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kungsfabocttkd
-------\Legacy_kungsfabocttkd

((((((((((((((((((((((((( Soubory vytvořené od 2009-08-02 do 2009-09-02 )))))))))))))))))))))))))))))))
.

2009-09-02 10:10 . 2009-09-02 10:10 -------- d-----w- C:\_OTM
2009-09-02 09:20 . 2009-09-02 09:20 -------- d-----w- c:\program files\Avant Browser
2009-09-02 09:08 . 2009-09-02 09:29 -------- d-----w- c:\program files\trend micro
2009-09-01 08:06 . 2009-09-01 08:06 -------- d-----w- c:\program files\MSXML 4.0
2009-09-01 07:22 . 2009-09-01 07:25 -------- d-----w- c:\program files\Common Files\Ahead
2009-09-01 07:22 . 2009-09-01 07:22 -------- d-----w- c:\program files\Nero
2009-09-01 05:48 . 2009-09-01 05:52 1852 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-01 04:32 . 2009-09-01 04:32 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-09-01 04:32 . 2009-09-01 04:32 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-08-31 20:25 . 2009-08-31 20:25 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-08-31 20:14 . 2009-08-31 20:25 -------- d-----w- c:\windows\system32\NtmsData
2009-08-31 16:55 . 2009-08-31 16:55 -------- d-----w- c:\program files\Windows Sidebar
2009-08-31 16:17 . 2009-08-31 20:09 -------- d-----w- c:\program files\Common Files\Nero
2009-08-31 12:39 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-08-31 12:34 . 2009-08-31 12:38 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-31 12:33 . 2009-08-31 12:33 -------- d-----w- c:\program files\Reference Assemblies
2009-08-31 12:32 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-31 12:32 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-31 12:32 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-31 12:32 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-31 12:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-31 12:32 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-31 12:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-31 12:32 . 2009-08-31 12:33 -------- d-----w- C:\95a19979d3735c42338ad9c9d985
2009-08-31 10:36 . 2009-08-31 10:36 -------- d-----w- c:\program files\Alcohol Soft
2009-08-29 17:42 . 2009-08-29 17:46 1740 ----a-w- c:\windows\system32\d3d8caps.dat
2009-08-29 14:27 . 2009-08-29 14:27 -------- d-----w- c:\windows\Sun
2009-08-29 14:17 . 2009-08-29 14:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-29 14:17 . 2009-08-29 14:17 -------- d-----w- c:\program files\Java
2009-08-29 13:58 . 2009-08-29 13:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-29 13:47 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-29 13:46 . 2009-08-29 13:46 -------- d-----w- c:\windows\ie8updates
2009-08-29 13:46 . 2009-07-03 16:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-29 13:46 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-29 13:46 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-29 13:46 . 2009-07-03 16:59 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-08-29 13:46 . 2009-07-03 16:59 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-29 13:46 . 2009-07-19 16:46 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-08-29 13:44 . 2009-08-29 13:45 -------- dc-h--w- c:\windows\ie8
2009-08-29 12:45 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-08-29 12:45 . 2009-02-09 11:26 2191232 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-29 12:45 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-08-29 12:45 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-08-29 12:45 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-08-29 12:45 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-08-29 12:45 . 2009-06-25 08:27 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-08-29 12:45 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-08-29 12:45 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-08-29 12:45 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-29 12:45 . 2009-02-09 11:26 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-29 12:45 . 2009-02-09 11:26 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-29 12:42 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-08-29 12:42 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-08-29 12:42 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-08-29 12:42 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-08-29 12:42 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-08-29 12:42 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-29 12:41 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-08-29 12:38 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-08-29 12:38 . 2008-09-04 17:17 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-08-29 12:37 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-08-29 10:31 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-08-29 10:28 . 2009-08-29 10:28 -------- d-----w- c:\program files\Microsoft Works
2009-08-29 10:28 . 2009-08-31 12:33 -------- d-----w- c:\program files\MSBuild
2009-08-29 10:19 . 2009-08-29 10:27 -------- d-----w- c:\windows\SHELLNEW
2009-08-29 09:00 . 2009-08-29 09:15 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-29 08:45 . 2009-08-29 08:45 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-29 08:42 . 2009-08-29 08:43 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-08-29 08:42 . 2009-08-29 08:42 -------- d-----w- c:\windows\system32\LogFiles
2009-08-28 11:03 . 2009-08-28 11:03 180224 ----a-w- c:\windows\system32\WinVd32.sys
2009-08-28 11:03 . 2009-08-28 11:03 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2009-08-28 11:03 . 2009-08-28 11:03 10752 ----a-w- c:\windows\system32\WinFLdrv.sys
2009-08-28 11:03 . 2009-08-28 11:03 -------- d-----w- c:\program files\Folder Lock 6
2009-08-28 10:51 . 2009-08-28 10:52 -------- d-----w- c:\program files\Opera
2009-08-28 10:32 . 2009-08-29 14:53 -------- d-----w- c:\program files\The KMPlayer
2009-08-28 10:18 . 2009-08-29 05:53 -------- d-----w- c:\program files\IncrediMail
2009-08-28 10:08 . 2009-08-28 10:08 -------- d-----w- c:\program files\ESET
2009-08-28 10:07 . 2009-08-28 10:07 -------- d-----w- c:\program files\Toddler Keys
2009-08-28 09:04 . 2008-09-10 01:16 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-08-28 09:04 . 2008-09-10 01:16 1307648 ----a-w- c:\windows\system32\msxml6.dll
2009-08-28 09:04 . 2008-04-14 06:49 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-08-28 09:04 . 2008-04-14 06:00 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-08-28 09:04 . 2008-04-14 06:00 80896 ------w- c:\windows\system32\msxml6r.dll
2009-08-28 09:04 . 2008-04-14 06:51 9728 ------w- c:\windows\system32\rwnh.dll
2009-08-28 09:04 . 2008-04-14 06:51 10752 ------w- c:\windows\system32\smtpapi.dll
2009-08-28 09:04 . 2008-04-13 22:15 46592 ------w- c:\windows\system32\drivers\irbus.sys
2009-08-28 09:04 . 2008-04-13 22:13 9728 ------w- c:\windows\system32\comsdupd.exe
2009-08-28 09:02 . 2008-04-13 22:21 101120 ----a-w- c:\windows\system32\drivers\bthpan.sys
2009-08-28 09:02 . 2008-04-13 22:16 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2009-08-28 09:02 . 2008-04-13 22:16 17024 ----a-w- c:\windows\system32\drivers\bthenum.sys
2009-08-28 09:02 . 2008-04-14 06:52 152064 ----a-w- c:\windows\system32\irftp.exe
2009-08-28 09:02 . 2008-04-14 06:51 27648 ----a-w- c:\windows\system32\irmon.dll
2009-08-28 09:02 . 2008-04-14 06:52 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-08-28 09:02 . 2008-04-13 22:15 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
2009-08-28 09:02 . 2008-04-14 05:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-08-28 09:02 . 2008-06-14 17:35 272128 ----a-w- c:\windows\system32\drivers\bthport.sys
2009-08-28 09:02 . 2008-04-13 22:16 18944 ----a-w- c:\windows\system32\drivers\bthusb.sys
2009-08-28 09:02 . 2001-10-24 12:24 470144 ----a-w- c:\windows\system32\G200d.dll
2009-08-28 09:02 . 2001-10-24 11:56 320384 ----a-w- c:\windows\system32\drivers\G200m.sys
2009-08-28 09:01 . 2008-04-14 06:51 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2009-08-28 09:01 . 2008-04-14 06:51 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-08-28 09:01 . 2008-04-13 22:49 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2009-08-28 09:01 . 2008-04-13 22:49 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-08-28 09:01 . 2002-06-03 09:18 40832 -c--a-w- c:\windows\system32\dllcache\es1371mp.sys
2009-08-28 09:01 . 2002-06-03 09:18 40832 ----a-w- c:\windows\system32\drivers\es1371mp.sys
2009-08-28 09:01 . 2008-04-13 22:15 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2009-08-28 09:01 . 2008-04-13 22:15 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-08-28 09:01 . 2001-08-17 21:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2009-08-28 09:01 . 2008-04-14 06:52 75264 ----a-w- c:\windows\system32\usbui.dll
2009-08-28 09:01 . 2008-04-13 22:06 42368 ----a-w- c:\windows\system32\drivers\agp440.sys
2009-08-28 09:01 . 2001-08-17 20:11 35328 ----a-w- c:\windows\system32\drivers\pcntpci5.sys
2009-08-28 09:00 . 2009-08-28 09:00 -------- d-----w- c:\windows\ServicePackFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 09:05 . 1980-01-01 00:00 77850 ----a-w- c:\windows\system32\perfc005.dat
2009-09-01 09:05 . 1980-01-01 00:00 428744 ----a-w- c:\windows\system32\perfh005.dat
2009-08-29 18:30 . 2009-09-01 05:10 183490 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1029.dat
2009-08-28 09:07 . 2009-08-28 07:56 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-28 09:07 . 2009-08-28 07:56 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-08-28 09:05 . 2009-08-28 07:57 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-08-28 08:25 . 2009-08-28 08:25 -------- d-----w- c:\program files\microsoft frontpage
2009-08-28 07:51 . 2009-08-28 07:51 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-05 09:01 . 1980-01-01 00:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:36 . 1980-01-01 00:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:36 . 1980-01-01 00:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-18 06:00 . 2009-07-18 06:00 412160 ----a-w- C:\SRDownloader.exe
2009-07-17 19:04 . 1980-01-01 00:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 1980-01-01 00:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 1980-01-01 00:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:27 . 1980-01-01 00:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 1980-01-01 00:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 1980-01-01 00:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:27 . 1980-01-01 00:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:27 . 1980-01-01 00:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 1980-01-01 00:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 1980-01-01 00:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-23 07:20 . 2009-06-23 06:50 322523176 ----a-w- C:\SP3.exe
2009-06-15 10:45 . 1980-01-01 00:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:45 . 1980-01-01 00:00 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 1980-01-01 00:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2009-08-28 07:50 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 1980-01-01 00:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-08-10 251264]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-29 149280]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-10-15 1818624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 14:23 727720]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [28.8.2009 13:03 10752]
R3 G200;G200;c:\windows\system32\drivers\G200m.sys [28.8.2009 11:02 320384]
S3 NtApm;Ovladač rozhraní služby NT Apm/Legacy;c:\windows\system32\drivers\NtApm.sys [28.8.2009 11:03 9472]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-09-02 c:\windows\Tasks\RegCure Program Check.job
- c:\regcure\RegCure.exe [2009-06-10 01:11]

2009-08-28 c:\windows\Tasks\RegCure.job
- c:\regcure\RegCure.exe [2009-06-10 01:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-02 12:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\documents and settings\Vít\Data aplikací\systemfl.$dk 990 bytes
c:\windows\system32\sys_drv.dat 9036 bytes
c:\windows\system32\sys_drv_2.dat 7028 bytes

sken byl úspešně dokončen
skryté soubory: 3

**************************************************************************
.
Celkový čas: 2009-09-02 13:02
ComboFix-quarantined-files.txt 2009-09-02 11:02

Před spuštěním: Volných bajtů: 14 391 713 792
Po spuštění: Volných bajtů: 14 379 278 336

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

242 --- E O F --- 2009-09-01 09:42

Frenki · #80 Příspěvek od **Frenki** » 02 zář 2009 12:51

No Já žasnu

Po použití Combofixu už Nero načítá Vypalovačku.
Combo při běhu hlásil aktivitu rotkit pak to zlikvidoval-asi-.
Co se týče toho NOD32 je to 4 doporučili mi jí kluci z práce že prý je nej.Jaký antivir bys mi doporučila Ty? Víťa

#81 Příspěvek od **motji** » 02 zář 2009 17:51

kdes to nabral, prosím Tě

, takovej zvěřinec, rootkita

a na čerstvé instalaci

.

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Frenki · #82 Příspěvek od **Frenki** » 02 zář 2009 19:53

Tak tady je log MBAM
Malwarebytes' Anti-Malware 1.40
Verze databáze: 2730
Windows 5.1.2600 Service Pack 3

2.9.2009 20:48:01
mbam-log-2009-09-02 (20-48-00).txt

Typ skenu: Úplný sken (C:\|)
Objektu skenováno: 141348
Uplynulý cas: 1 hour(s), 4 minute(s), 49 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

#83 Příspěvek od **motji** » 02 zář 2009 20:04

Podle mě téměř čisto

Start - ovládací panely - možnosti složky - zobrazení - odkrýt skryté a systémové soubory

Dejte soubor otestovat na http://www.virustotal.com

c:\documents and settings\Vít\Data aplikací\systemfl.$dk
c:\windows\system32\sys_drv.dat
c:\windows\system32\sys_drv_2.dat

Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
Sem vložte link s výsledky.

Nod je dobrý, ale doporučím legální antivir. Hodně záleží co na pc děláš.

Frenki · #84 Příspěvek od **Frenki** » 03 zář 2009 06:43

Ahojky,tak soubory jsou čisté
Počítač používám hlavně na filmy-proto to Nero
Taky jsem četl tvůj recept na rumové řezy nemusí to chutnat špatně.
Díky za pomoc.Asi tak za14 dní budu přestavovat PC mám z aukra dostat Athlon 2000+
tak snad to bude lepší než ta moje P3
Přehodím tam HDD z tohodle.Ozvu se a dám vědět jak jsem dopadl.
Hledal jsem jestli nemáš profil na Lidé.cz abych viděl kdo mi pomáhá,tak jsem narazil ne ty řezy.Můj profil tam najdeš Vit.frank ahoj

#85 Příspěvek od **motji** » 03 zář 2009 08:08

Já profil nikde nemám, jsem stydlivá

Musela jsem se jít na ty řezy podívat, zapoměla jsem na ně

. Zkus, jsou výborné, moji chlapy je mají rádi

.

Nero Ti blokoval možná ten rootkit, kdes k tomu prosím Tě přišel

Odinstaluj combofix přes
Start >> Spustit zkopíruj do okénka:

ComboFix /u

stiskni Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

Stáhni T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusť,pro potvrzení volby mačkej klávesu A, Enter
-po použití prográmek vymaž.Pozor,antiviry ho mohou falešně označit za vir

Stáhni Ccleaner,viz můj podpis
-nainstaluj a vyčišti dočasné soubory, i registry

Ještě poprosím o log ze Rsitu

Frenki · #86 Příspěvek od **Frenki** » 03 zář 2009 08:35

Vše jsem provedl.Ješě se objevil problém chtěl jsem poslat fota emailem,v momentě kdy jsem zvolil miniatury zavřelo mi to operu s obvyklou hláškou došlo k problému je třeba zavřít.totéž IE 8A to samé když jsem chtěl přidat foto na profil.Ale vždy až když zvolím miniatury.
Tady je log RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Vít at 2009-09-03 09:28:47
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (15%) free of 76 GB
Total RAM: 287 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:54, on 3.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\totalcmd\TOTALCMD.EXE
c:\download\RSIT.exe
C:\Program Files\trend micro\Vít.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5470 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-29 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-29 149280]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-02-06 2021400]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"C-Media Mixer"=Mixer.exe /startup []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2009-08-10 251264]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-09-03 09:28:47 ----D---- C:\rsit
2009-09-02 21:10:28 ----A---- C:\SRDownloader.exe
2009-09-02 19:34:30 ----D---- C:\Documents and Settings\Vít\Data aplikací\Malwarebytes
2009-09-02 19:34:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2009-09-02 19:33:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-02 15:19:09 ----SHD---- C:\RECYCLER
2009-09-02 13:02:56 ----D---- C:\WINDOWS\temp
2009-09-02 12:28:26 ----A---- C:\Boot.bak
2009-09-02 12:28:15 ----RASHD---- C:\cmdcons
2009-09-02 11:20:24 ----D---- C:\Documents and Settings\Vít\Data aplikací\Avant Profiles
2009-09-02 11:20:08 ----D---- C:\Program Files\Avant Browser
2009-09-02 11:08:52 ----D---- C:\Program Files\trend micro
2009-09-01 17:46:05 ----A---- C:\WINDOWS\NeroDigital.ini
2009-09-01 11:36:09 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-09-01 10:33:57 ----SHD---- C:\Config.Msi
2009-09-01 10:06:24 ----D---- C:\Program Files\MSXML 4.0
2009-09-01 09:26:51 ----D---- C:\Documents and Settings\Vít\Data aplikací\Ahead
2009-09-01 09:22:23 ----D---- C:\Program Files\Nero
2009-09-01 09:22:23 ----D---- C:\Program Files\Common Files\Ahead
2009-09-01 09:20:05 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-09-01 06:32:20 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-09-01 06:32:13 ----D---- C:\Program Files\DAEMON Tools Lite
2009-08-31 22:25:38 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-08-31 22:14:09 ----D---- C:\WINDOWS\system32\NtmsData
2009-08-31 19:30:40 ----D---- C:\Documents and Settings\Vít\Data aplikací\Nero
2009-08-31 18:55:06 ----D---- C:\Program Files\Windows Sidebar
2009-08-31 18:53:20 ----A---- C:\WINDOWS\Irremote.ini
2009-08-31 18:17:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2009-08-31 18:17:17 ----D---- C:\Program Files\Common Files\Nero
2009-08-31 18:16:57 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-08-31 18:11:14 ----A---- C:\WINDOWS\ENGLMENU.INI
2009-08-31 16:44:23 ----D---- C:\Documents and Settings\Vít\Data aplikací\Canneverbe_Limited
2009-08-31 16:44:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Canneverbe Limited
2009-08-31 14:39:28 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-08-31 14:39:27 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-08-31 14:34:02 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-31 14:33:46 ----D---- C:\WINDOWS\system32\en-US
2009-08-31 14:33:34 ----D---- C:\Program Files\Reference Assemblies
2009-08-31 14:32:41 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-31 14:32:40 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-31 14:32:40 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-31 14:32:39 ----D---- C:\95a19979d3735c42338ad9c9d985
2009-08-31 14:30:44 ----RSD---- C:\WINDOWS\assembly
2009-08-31 14:29:18 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-31 12:36:48 ----D---- C:\Program Files\Alcohol Soft
2009-08-29 17:54:40 ----A---- C:\WINDOWS\mixerdef.ini
2009-08-29 17:16:36 ----D---- C:\WINDOWS\pss
2009-08-29 16:27:56 ----D---- C:\WINDOWS\Sun
2009-08-29 16:17:58 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-29 16:17:58 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-08-29 16:17:57 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-29 16:17:57 ----A---- C:\WINDOWS\system32\java.exe
2009-08-29 16:17:20 ----D---- C:\Program Files\Java
2009-08-29 16:16:09 ----D---- C:\Documents and Settings\Vít\Data aplikací\Sun
2009-08-29 15:46:47 ----D---- C:\WINDOWS\ie8updates
2009-08-29 15:45:40 ----D---- C:\WINDOWS\WBEM
2009-08-29 15:44:25 ----HDC---- C:\WINDOWS\ie8
2009-08-29 15:02:53 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-08-29 15:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-29 15:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-29 15:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-29 15:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-29 15:02:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-29 15:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-29 15:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-29 15:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-29 15:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-29 15:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-29 15:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-29 14:58:01 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-29 14:57:44 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-08-29 14:57:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-29 14:57:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-29 14:57:09 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-08-29 14:56:57 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-08-29 14:56:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-08-29 14:56:33 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-08-29 14:56:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-08-29 14:56:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-08-29 14:55:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-08-29 14:55:28 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-08-29 14:55:05 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-08-29 14:54:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-08-29 14:54:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-08-29 14:54:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-08-29 14:54:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-08-29 14:54:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-08-29 14:53:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-08-29 14:53:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-08-29 14:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-08-29 14:53:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-08-29 14:53:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-08-29 14:52:54 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-08-29 14:52:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-08-29 14:52:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-08-29 14:52:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-08-29 14:52:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-08-29 14:52:01 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-08-29 14:51:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-08-29 14:51:36 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-08-29 14:51:14 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-08-29 14:50:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-08-29 14:50:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-08-29 14:50:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-08-29 14:50:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-08-29 14:49:45 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-08-29 14:34:05 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-08-29 13:27:51 ----D---- C:\Documents and Settings\Vít\Data aplikací\WinRAR
2009-08-29 13:27:38 ----D---- C:\Program Files\WinRAR
2009-08-29 12:31:26 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-08-29 12:28:44 ----D---- C:\Program Files\Microsoft Works
2009-08-29 12:28:27 ----D---- C:\Program Files\MSBuild
2009-08-29 12:27:39 ----D---- C:\Program Files\Microsoft Visual Studio
2009-08-29 12:27:38 ----D---- C:\Program Files\Common Files\DESIGNER
2009-08-29 12:19:09 ----D---- C:\WINDOWS\SHELLNEW
2009-08-29 12:17:22 ----D---- C:\Program Files\Microsoft Office
2009-08-29 12:17:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2009-08-29 11:15:13 ----D---- C:\Documents and Settings\Vít\Data aplikací\DAEMON Tools Lite
2009-08-29 10:46:06 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-08-29 10:46:04 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-08-29 10:45:12 ----D---- C:\Program Files\Windows Media Connect 2
2009-08-29 10:44:57 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-08-29 10:43:12 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-08-29 10:42:34 ----D---- C:\WINDOWS\system32\LogFiles
2009-08-29 10:42:29 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-08-29 10:41:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2009-08-29 07:40:47 ----D---- C:\Documents and Settings\Vít\Data aplikací\Adobe
2009-08-28 13:34:23 ----D---- C:\WINDOWS\Minidump
2009-08-28 13:03:24 ----A---- C:\WINDOWS\system32\WinFLsrv.exe
2009-08-28 13:03:23 ----SHD---- C:\Documents and Settings\Vít\Data aplikací\.#
2009-08-28 13:03:14 ----D---- C:\Program Files\Folder Lock 6
2009-08-28 12:52:13 ----D---- C:\Documents and Settings\Vít\Data aplikací\Opera
2009-08-28 12:51:58 ----D---- C:\Program Files\Opera
2009-08-28 12:37:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2009-08-28 12:32:38 ----D---- C:\Program Files\The KMPlayer
2009-08-28 12:27:44 ----D---- C:\Documents and Settings\Vít\Data aplikací\Macromedia
2009-08-28 12:25:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\IM
2009-08-28 12:18:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\IncrediMail
2009-08-28 12:18:55 ----D---- C:\Program Files\IncrediMail
2009-08-28 12:12:14 ----D---- C:\Documents and Settings\Vít\Data aplikací\ESET
2009-08-28 12:08:41 ----D---- C:\Program Files\ESET
2009-08-28 12:08:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2009-08-28 12:07:10 ----D---- C:\Program Files\Toddler Keys
2009-08-28 11:17:51 ----D---- C:\WINDOWS\Prefetch
2009-08-28 11:17:39 ----A---- C:\WINDOWS\system32\h323log.txt
2009-08-28 11:04:04 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-08-28 11:04:04 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-08-28 11:04:02 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-08-28 11:04:02 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-08-28 11:04:02 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-08-28 11:03:57 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-08-28 11:03:57 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-08-28 11:03:57 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-08-28 11:03:57 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-08-28 11:03:57 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-08-28 11:03:56 ----N---- C:\WINDOWS\system32\azroles.dll
2009-08-28 11:03:56 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-08-28 11:03:56 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-08-28 11:03:56 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-08-28 11:03:55 ----N---- C:\WINDOWS\system32\credssp.dll
2009-08-28 11:03:55 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-08-28 11:03:54 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-08-28 11:03:54 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-08-28 11:03:54 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-08-28 11:03:54 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-08-28 11:03:54 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-08-28 11:03:54 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-08-28 11:03:54 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-08-28 11:03:54 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-08-28 11:03:54 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-08-28 11:03:53 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-08-28 11:03:52 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-08-28 11:03:52 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-08-28 11:03:52 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-08-28 11:03:52 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-08-28 11:03:52 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-08-28 11:03:52 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-08-28 11:03:51 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-08-28 11:03:51 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-08-28 11:03:50 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-08-28 11:03:50 ----N---- C:\WINDOWS\system32\hccoin.dll
2009-08-28 11:03:49 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-08-28 11:03:49 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-08-28 11:03:48 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-08-28 11:03:48 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-08-28 11:03:48 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-08-28 11:03:48 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-08-28 11:03:47 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-08-28 11:03:47 ----N---- C:\WINDOWS\system32\mssha.dll
2009-08-28 11:03:47 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-08-28 11:03:47 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-08-28 11:03:47 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-08-28 11:03:47 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-08-28 11:03:47 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-08-28 11:03:46 ----N---- C:\WINDOWS\system32\napstat.exe
2009-08-28 11:03:46 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-08-28 11:03:46 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-08-28 11:03:46 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-08-28 11:03:45 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-08-28 11:03:45 ----N---- C:\WINDOWS\system32\onex.dll
2009-08-28 11:03:45 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-08-28 11:03:44 ----N---- C:\WINDOWS\system32\setupn.exe
2009-08-28 11:03:44 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-08-28 11:03:44 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-08-28 11:03:44 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-08-28 11:03:44 ----N---- C:\WINDOWS\system32\qutil.dll
2009-08-28 11:03:44 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-08-28 11:03:44 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-08-28 11:03:44 ----N---- C:\WINDOWS\system32\qagent.dll
2009-08-28 11:03:43 ----N---- C:\WINDOWS\system32\slserv.exe
2009-08-28 11:03:43 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-08-28 11:03:43 ----N---- C:\WINDOWS\system32\slgen.dll
2009-08-28 11:03:43 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-08-28 11:03:43 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-08-28 11:03:42 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-08-28 11:03:42 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-08-28 11:03:41 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-08-28 11:03:41 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-08-28 11:03:40 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-08-28 11:03:40 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-08-28 11:03:38 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-08-28 11:03:37 ----N---- C:\WINDOWS\slrundll.exe
2009-08-28 11:03:37 ----D---- C:\WINDOWS\system32\cs-cz
2009-08-28 11:03:36 ----D---- C:\WINDOWS\l2schemas
2009-08-28 11:03:35 ----D---- C:\WINDOWS\system32\cs
2009-08-28 11:03:35 ----D---- C:\WINDOWS\system32\bits
2009-08-28 11:02:47 ----A---- C:\WINDOWS\system32\irmon.dll
2009-08-28 11:02:47 ----A---- C:\WINDOWS\system32\irftp.exe
2009-08-28 11:02:46 ----A---- C:\WINDOWS\system32\wshirda.dll
2009-08-28 11:02:02 ----A---- C:\WINDOWS\system32\G200d.dll
2009-08-28 11:01:57 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-08-28 11:01:46 ----A---- C:\WINDOWS\system32\usbui.dll
2009-08-28 11:00:26 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-28 10:59:02 ----SHD---- C:\WINDOWS\Installer
2009-08-28 10:59:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-28 10:59:01 ----D---- C:\Program Files\Common Files\ODBC
2009-08-28 10:59:01 ----A---- C:\WINDOWS\ODBCINST.INI
2009-08-28 10:58:56 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-08-28 10:58:55 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-08-28 10:58:55 ----D---- C:\Program Files\Common Files
2009-08-28 10:58:49 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-08-28 10:58:49 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-08-28 10:58:49 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-08-28 10:58:47 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-08-28 10:58:47 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-08-28 10:58:47 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-08-28 10:58:47 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-08-28 10:58:47 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-08-28 10:58:47 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-08-28 10:58:47 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-08-28 10:58:47 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-08-28 10:58:47 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-08-28 10:58:47 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-08-28 10:58:47 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-08-28 10:58:47 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-08-28 10:58:44 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-08-28 10:58:44 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-08-28 10:58:44 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-08-28 10:58:44 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-08-28 10:58:44 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-08-28 10:58:44 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-08-28 10:58:44 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-08-28 10:58:42 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-08-28 10:58:42 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-08-28 10:58:42 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-08-28 10:58:42 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-08-28 10:58:42 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-08-28 10:58:36 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2009-08-28 10:58:36 ----A---- C:\WINDOWS\system32\kbdsl.dll
2009-08-28 10:58:36 ----A---- C:\WINDOWS\system32\kbdro.dll
2009-08-28 10:58:35 ----A---- C:\WINDOWS\system32\kbdycl.dll
2009-08-28 10:58:35 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2009-08-28 10:58:35 ----A---- C:\WINDOWS\system32\kbdpl.dll
2009-08-28 10:58:35 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2009-08-28 10:58:35 ----A---- C:\WINDOWS\system32\kbdhu.dll
2009-08-28 10:58:35 ----A---- C:\WINDOWS\system32\kbdcr.dll
2009-08-28 10:58:35 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2009-08-28 10:58:33 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-08-28 10:58:33 ----A---- C:\WINDOWS\system32\irclass.dll
2009-08-28 10:58:33 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-08-28 10:58:33 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-08-28 10:58:32 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-08-28 10:58:29 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-08-28 10:58:29 ----A---- C:\WINDOWS\system32\batt.dll
2009-08-28 10:58:28 ----A---- C:\WINDOWS\notepad.exe
2009-08-28 10:58:26 ----A---- C:\WINDOWS\system32\storprop.dll
2009-08-28 10:58:12 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2009-08-28 10:57:29 ----D---- C:\WINDOWS\network diagnostic
2009-08-28 10:57:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-28 10:57:13 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-28 10:57:07 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-08-28 10:56:32 ----D---- C:\Documents and Settings
2009-08-28 10:55:12 ----RASH---- C:\boot.ini
2009-08-28 10:54:00 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-08-28 10:49:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-28 10:49:25 ----RSD---- C:\WINDOWS\Fonts
2009-08-28 10:49:25 ----RD---- C:\WINDOWS\Web
2009-08-28 10:49:25 ----HD---- C:\WINDOWS\inf
2009-08-28 10:49:25 ----D---- C:\WINDOWS\WinSxS
2009-08-28 10:49:25 ----D---- C:\WINDOWS\twain_32
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\wins
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\wbem
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\usmt
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\spool
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\ShellExt
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\Setup
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\ras
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\oobe
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\npp
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\mui
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\inetsrv
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\IME
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\icsxml
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\ias
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\export
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\drivers
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\dhcp
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\config
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\3com_dmi
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\3076
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\2052
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\1054
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\1042
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\1041
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\1037
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\1033
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\1031
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\1029
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\1028
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32\1025
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system32
2009-08-28 10:49:25 ----D---- C:\WINDOWS\system
2009-08-28 10:49:25 ----D---- C:\WINDOWS\security
2009-08-28 10:49:25 ----D---- C:\WINDOWS\Resources
2009-08-28 10:49:25 ----D---- C:\WINDOWS\repair
2009-08-28 10:49:25 ----D---- C:\WINDOWS\Provisioning
2009-08-28 10:49:25 ----D---- C:\WINDOWS\pchealth
2009-08-28 10:49:25 ----D---- C:\WINDOWS\PeerNet
2009-08-28 10:49:25 ----D---- C:\WINDOWS\mui
2009-08-28 10:49:25 ----D---- C:\WINDOWS\msapps
2009-08-28 10:49:25 ----D---- C:\WINDOWS\msagent
2009-08-28 10:49:25 ----D---- C:\WINDOWS\Media
2009-08-28 10:49:25 ----D---- C:\WINDOWS\java
2009-08-28 10:49:25 ----D---- C:\WINDOWS\ime
2009-08-28 10:49:25 ----D---- C:\WINDOWS\Help
2009-08-28 10:49:25 ----D---- C:\WINDOWS\ehome
2009-08-28 10:49:25 ----D---- C:\WINDOWS\Driver Cache
2009-08-28 10:49:25 ----D---- C:\WINDOWS\Debug
2009-08-28 10:49:25 ----D---- C:\WINDOWS\Cursors
2009-08-28 10:49:25 ----D---- C:\WINDOWS\Connection Wizard
2009-08-28 10:49:25 ----D---- C:\WINDOWS\Config
2009-08-28 10:49:25 ----D---- C:\WINDOWS\AppPatch
2009-08-28 10:49:25 ----D---- C:\WINDOWS\addins
2009-08-28 10:49:25 ----D---- C:\WINDOWS
2009-08-28 10:49:24 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-08-28 10:39:52 ----A---- C:\WINDOWS\WINCMD.INI
2009-08-28 10:37:03 ----D---- C:\Documents and Settings\Vít\Data aplikací\Identities
2009-08-28 10:36:59 ----HD---- C:\Program Files\Uninstall Information
2009-08-28 10:36:46 ----ASH---- C:\Documents and Settings\Vít\Data aplikací\desktop.ini
2009-08-28 10:36:45 ----SD---- C:\Documents and Settings\Vít\Data aplikací\Microsoft
2009-08-28 10:34:37 ----D---- C:\WINDOWS\SoftwareDistribution
2009-08-28 10:34:26 ----SD---- C:\WINDOWS\system32\Microsoft
2009-08-28 10:34:23 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-08-28 10:25:56 ----D---- C:\Program Files\xerox
2009-08-28 10:25:55 ----D---- C:\WINDOWS\system32\xircom
2009-08-28 10:25:55 ----D---- C:\Program Files\microsoft frontpage
2009-08-28 10:21:56 ----D---- C:\WINDOWS\RegisteredPackages
2009-08-28 10:18:19 ----D---- C:\WINDOWS\system32\PreInstall
2009-08-28 10:12:50 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-08-28 10:09:57 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-08-28 09:59:13 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-08-28 09:59:09 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-28 09:58:49 ----A---- C:\WINDOWS\control.ini
2009-08-28 09:58:10 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-08-28 09:55:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-28 09:55:46 ----RD---- C:\WINDOWS\Offline Web Pages
2009-08-28 09:55:46 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-08-28 09:55:27 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-08-28 09:55:13 ----HD---- C:\Program Files\WindowsUpdate
2009-08-28 09:55:06 ----D---- C:\Program Files\Online Services
2009-08-28 09:54:31 ----D---- C:\WINDOWS\system32\DirectX
2009-08-28 09:54:02 ----A---- C:\WINDOWS\system32\atrace.dll
2009-08-28 09:53:59 ----A---- C:\WINDOWS\system32\desktop.ini
2009-08-28 09:53:59 ----A---- C:\WINDOWS\desktop.ini
2009-08-28 09:53:52 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-08-28 09:53:51 ----A---- C:\WINDOWS\system32\acctres.dll
2009-08-28 09:53:50 ----D---- C:\Program Files\Common Files\Services
2009-08-28 09:53:45 ----SD---- C:\WINDOWS\Tasks
2009-08-28 09:53:45 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-08-28 09:53:44 ----D---- C:\Program Files\Common Files\MSSoap
2009-08-28 09:53:39 ----D---- C:\WINDOWS\srchasst
2009-08-28 09:53:38 ----D---- C:\WINDOWS\system32\Macromed
2009-08-28 09:53:34 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-08-28 09:53:34 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-08-28 09:53:33 ----A---- C:\WINDOWS\system32\wups.dll
2009-08-28 09:53:33 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-08-28 09:53:33 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-08-28 09:53:33 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-08-28 09:53:32 ----N---- C:\WINDOWS\system32\wuauclt.exe
2009-08-28 09:53:32 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-08-28 09:53:32 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-08-28 09:53:32 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-08-28 09:53:32 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-08-28 09:53:31 ----N---- C:\WINDOWS\system32\qmgr.dll
2009-08-28 09:53:31 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-08-28 09:53:27 ----D---- C:\Program Files\Movie Maker
2009-08-28 09:53:21 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-08-28 09:53:21 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-08-28 09:53:21 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-08-28 09:53:21 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-08-28 09:53:17 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-08-28 09:53:17 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-08-28 09:53:16 ----N---- C:\WINDOWS\system32\srsvc.dll
2009-08-28 09:53:16 ----D---- C:\WINDOWS\system32\Restore
2009-08-28 09:53:16 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-08-28 09:53:15 ----A---- C:\WINDOWS\system32\srclient.dll
2009-08-28 09:53:15 ----A---- C:\WINDOWS\system32\ils.dll
2009-08-28 09:53:14 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-08-28 09:53:14 ----A---- C:\WINDOWS\system32\msconf.dll
2009-08-28 09:53:14 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-08-28 09:53:14 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-08-28 09:53:14 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-08-28 09:53:11 ----D---- C:\Program Files\NetMeeting
2009-08-28 09:53:11 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-08-28 09:53:11 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-08-28 09:53:09 ----A---- C:\WINDOWS\system32\inetres.dll
2009-08-28 09:53:09 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-08-28 09:53:06 ----N---- C:\WINDOWS\system32\schedsvc.dll
2009-08-28 09:53:06 ----D---- C:\Program Files\Outlook Express
2009-08-28 09:53:06 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-08-28 09:53:06 ----A---- C:\WINDOWS\system32\mstask.dll
2009-08-28 09:53:05 ----A---- C:\WINDOWS\system32\isign32.dll
2009-08-28 09:53:05 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-08-28 09:53:05 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-08-28 09:53:05 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-08-28 09:52:57 ----D---- C:\Program Files\Common Files\System
2009-08-28 09:52:53 ----D---- C:\Program Files\Internet Explorer
2009-08-28 09:51:25 ----D---- C:\Program Files\ComPlus Applications
2009-08-28 09:51:22 ----A---- C:\WINDOWS\vbaddin.ini
2009-08-28 09:51:22 ----A---- C:\WINDOWS\vb.ini
2009-08-28 09:51:14 ----D---- C:\WINDOWS\Registration
2009-08-28 09:51:01 ----D---- C:\Program Files\Windows Media Player
2009-08-28 09:50:50 ----D---- C:\Program Files\Messenger
2009-08-28 09:50:46 ----D---- C:\Program Files\MSN Gaming Zone
2009-08-28 09:50:46 ----A---- C:\WINDOWS\system32\write.exe
2009-08-28 09:50:30 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-08-28 09:50:30 ----A---- C:\WINDOWS\system32\hticons.dll
2009-08-28 09:50:29 ----A---- C:\WINDOWS\system32\avwav.dll
2009-08-28 09:50:29 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-08-28 09:50:29 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-08-28 09:50:28 ----A---- C:\WINDOWS\system32\winchat.exe
2009-08-28 09:50:20 ----A---- C:\WINDOWS\system32\getuname.dll
2009-08-28 09:50:19 ----A---- C:\WINDOWS\system32\charmap.exe
2009-08-28 09:50:19 ----A---- C:\WINDOWS\system32\calc.exe
2009-08-28 09:50:18 ----A---- C:\WINDOWS\system32\winmine.exe
2009-08-28 09:50:18 ----A---- C:\WINDOWS\system32\sol.exe
2009-08-28 09:50:18 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-08-28 09:50:17 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-08-28 09:50:17 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-08-28 09:50:17 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-08-28 09:50:17 ----A---- C:\WINDOWS\system32\tskill.exe
2009-08-28 09:50:17 ----A---- C:\WINDOWS\system32\reset.exe
2009-08-28 09:50:17 ----A---- C:\WINDOWS\system32\freecell.exe
2009-08-28 09:50:16 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-08-28 09:50:16 ----A---- C:\WINDOWS\system32\tscon.exe
2009-08-28 09:50:16 ----A---- C:\WINDOWS\system32\shadow.exe
2009-08-28 09:50:16 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-08-28 09:50:16 ----A---- C:\WINDOWS\system32\regini.exe
2009-08-28 09:50:16 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-08-28 09:50:16 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-08-28 09:50:16 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-08-28 09:50:16 ----A---- C:\WINDOWS\system32\msg.exe
2009-08-28 09:50:16 ----A---- C:\WINDOWS\system32\logoff.exe
2009-08-28 09:50:15 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-08-28 09:50:15 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-08-28 09:50:14 ----RA---- C:\WINDOWS\system32\comrepl.dll
2009-08-28 09:50:14 ----A---- C:\WINDOWS\system32\stclient.dll
2009-08-28 09:50:14 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-08-28 09:50:14 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-08-28 09:50:14 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-08-28 09:50:14 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-08-28 09:50:14 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-08-28 09:50:13 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-08-28 09:50:05 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-08-28 09:50:04 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-08-28 09:50:04 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-08-28 09:50:04 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-08-28 09:50:03 ----RA---- C:\WINDOWS\system32\hypertrm.dll
2009-08-28 09:50:03 ----D---- C:\Program Files\Windows NT
2009-08-28 09:50:02 ----A---- C:\WINDOWS\system32\spider.exe
2009-08-28 09:50:02 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-08-28 09:50:02 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-08-28 09:50:01 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-08-28 09:50:01 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-08-28 09:50:00 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-08-28 09:50:00 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-08-28 09:50:00 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-08-28 09:50:00 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-08-28 09:50:00 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-08-28 09:50:00 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-08-28 09:50:00 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-08-28 09:49:59 ----N---- C:\WINDOWS\system32\termsrv.dll
2009-08-28 09:49:59 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-08-28 09:49:59 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-08-28 09:49:59 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-08-28 09:49:59 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-08-28 09:49:59 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-08-28 09:49:59 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-08-28 09:49:58 ----RA---- C:\WINDOWS\system32\mtxoci.dll
2009-08-28 09:49:58 ----RA---- C:\WINDOWS\system32\msdtcuiu.dll
2009-08-28 09:49:58 ----RA---- C:\WINDOWS\system32\msdtcprx.dll
2009-08-28 09:49:58 ----D---- C:\WINDOWS\system32\MsDtc
2009-08-28 09:49:57 ----RA---- C:\WINDOWS\system32\xolehlp.dll
2009-08-28 09:49:57 ----RA---- C:\WINDOWS\system32\msdtctm.dll
2009-08-28 09:49:57 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-08-28 09:49:57 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-08-28 09:49:56 ----RA---- C:\WINDOWS\system32\colbact.dll
2009-08-28 09:49:56 ----RA---- C:\WINDOWS\system32\clbcatex.dll
2009-08-28 09:49:56 ----D---- C:\WINDOWS\system32\Com
2009-08-28 09:49:56 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-08-28 09:49:55 ----RA---- C:\WINDOWS\system32\catsrvut.dll
2009-08-28 09:49:55 ----RA---- C:\WINDOWS\system32\catsrv.dll
2009-08-28 09:49:54 ----RA---- C:\WINDOWS\system32\comuid.dll
2009-08-28 09:49:54 ----RA---- C:\WINDOWS\system32\comsvcs.dll
2009-08-28 09:49:54 ----RA---- C:\WINDOWS\system32\clbcatq.dll
2009-08-28 09:49:42 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-08-28 09:49:42 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-08-28 09:49:42 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-08-28 09:49:42 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-08-28 07:55:34 ----D---- C:\PARKAN
2009-08-14 09:44:34 ----A---- C:\DUBÍNEK ODKAZY.txt
2009-08-04 19:31:35 ----A---- C:\výsledek1.txt
2009-08-04 17:06:16 ----A---- C:\Výsledek.txt

======List of files/folders modified in the last 1 months======

2009-09-03 09:24:43 ----SHD---- C:\System Volume Information
2009-09-02 21:07:30 ----D---- C:\Filmy
2009-09-02 19:33:57 ----RD---- C:\Program Files
2009-09-02 18:00:38 ----D---- C:\download
2009-09-02 12:58:31 ----A---- C:\WINDOWS\system.ini
2009-09-01 09:14:13 ----D---- C:\Temp
2009-09-01 07:23:58 ----A---- C:\WINDOWS\win.ini
2009-08-28 13:02:45 ----D---- C:\FL6.2.4 inst
2009-08-28 12:57:11 ----D---- C:\RegCure
2009-08-28 11:38:28 ----D---- C:\totalcmd
2009-08-05 11:01:14 ----A---- C:\WINDOWS\system32\mswebdvd.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-02-06 56280]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-02-06 130952]
R2 WinFLdrv;WinFLdrv; C:\WINDOWS\system32\WinFLdrv.sys [2009-08-28 10752]
R2 WinVd32;WinVd32; \??\C:\WINDOWS\system32\WinVd32.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-02-06 33096]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2002-06-03 40832]
R3 G200;G200; C:\WINDOWS\system32\DRIVERS\G200m.sys [2001-10-24 320384]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 PCnet;AMD PCNET Compatable Adapter Driver; C:\WINDOWS\system32\DRIVERS\pcntpci5.sys [2001-08-17 35328]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 a2d7f93f;a2d7f93f; C:\WINDOWS\system32\drivers\a2d7f93f.sys []
S3 akrvz8s5;akrvz8s5; C:\WINDOWS\system32\drivers\akrvz8s5.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 NtApm;Ovladač rozhraní služby NT Apm/Legacy; C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-10-24 9472]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 ACPI;ACPI; C:\WINDOWS\system32\drivers\ACPI.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-29 153376]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-02-06 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#87 Příspěvek od **motji** » 03 zář 2009 10:57

Ještě prosím otestuj na www.virustotal.com
C:\WINDOWS\system32\spmsg2.dll

S těmi fotkami - dřív to nedělalo?

Frenki · #88 Příspěvek od **Frenki** » 03 zář 2009 11:26

Tak ten soubour je taky v poho.Dřív to s těma fotkama nedělalo,já bych to prozatím nějak neřešil.Kyž jsem nechal zprávu o chybě odeslat,napsalo mi to že je souvislost s Nerem7 a doporučilo mi to update na Nero9 O to zrovna moc nestojím.Ale jak říkám to bych neřešil.
dřív jsem mněl 7 a nebyl problém.K tomu Rootkitu mám podezření že se vetřel při stahování Daemon tools tehdy Nod přístup na stránku stopnul. a nebo při stahování filmů. Zatím dík za vše.Vít

#89 Příspěvek od **motji** » 27 led 2010 09:39

Dobře, log je v pořádku, když budou problémy , zase se ozvi

měj se hezky

Frenki · #90 Příspěvek od **Frenki** » 27 led 2010 09:46

Ahoj Motji
prosím skoukni mi log,hrajeme s maminou L2 a jde to cim dal hůř.
Vím že comp neni pro tuto hru ideal ale slo to lepe.
Díky moc Víťa

Logfile of random's system information tool 1.06 (written by random/random)
Run by vf at 2010-01-21 12:59:26
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 42 GB (73%) free of 57 GB
Total RAM: 255 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:37, on 21.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\kernell.dll
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\strs.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\THEKMP~1\KMPLAYER.EXE
C:\Program Files\Avant Browser\avant.exe
C:\totalcmd\TOTALCMD.EXE
c:\INSTALCE\RSIT.exe
C:\Program Files\trend micro\vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StrSystem] C:\WINDOWS\strs.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 4300 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\RegCure Program Check.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-05 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-05 149280]
"StrSystem"=C:\WINDOWS\strs.exe [2009-10-12 2352640]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Explorer Options2"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
C:\Program Files\Eraser\eraser.exe [2006-12-26 643072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe [2009-07-15 251264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrialReset]
C:\WINDOWS\regx32.exe [2008-07-03 285327]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2001-10-26 3584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{DAE0285D-0788-4E87-985E-01DF2EDE4ACD}"=C:\WINDOWS\system32\Wshxt.dll [2009-12-28 53248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoSecCpl"=0
"NoDispCpl"=0
"NoProfilePage"=0
"NoDispSettingsPage"=0
"NoConfigPage"=0
"NoDevMgrPage"=0
"NoFileSysPage"=0
"NoVirtMemPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoAddPrinter"=0
"NoDeletePrinter"=0
"NoPrinterTabs"=0
"NoFind"=0
"NoFavoritesMenu"=0
"NoRun"=0
"NoSetFolders"=0
"NoTrayContextMenu"=0
"NoViewContextMenu"=0
"NoDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\IncrediMail\bin\IncMail.exe"="E:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"E:\download\ICQ6.5\ICQ.exe"="E:\download\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-21 12:59:28 ----D---- C:\Program Files\trend micro
2010-01-21 12:59:26 ----D---- C:\rsit
2010-01-21 12:05:21 ----A---- C:\Napsaný text - 20100114.txt
2010-01-13 14:14:21 ----SHD---- C:\Config.Msi
2010-01-13 14:08:07 ----A---- C:\WINDOWS\l2control.ini
2010-01-13 14:02:40 ----D---- C:\L2C
2010-01-13 13:52:05 ----D---- C:\syst floo
2010-01-13 13:34:25 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2010-01-13 13:34:25 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2010-01-13 13:34:25 ----A---- C:\WINDOWS\system32\MFC71.dll
2010-01-13 13:34:25 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-13 13:34:23 ----D---- C:\Program Files\Alwil Software
2010-01-13 13:17:18 ----D---- C:\WIN98
2010-01-13 13:17:08 ----D---- C:\WINDOWS\system32\appmgmt
2010-01-05 09:38:31 ----A---- C:\WINDOWS\system32\mvastnet.dll
2010-01-05 08:47:22 ----D---- C:\Program Files\ICQ6Toolbar
2010-01-05 08:47:12 ----D---- C:\Documents and Settings\vf\Data aplikací\Mozilla
2010-01-05 08:47:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2009-12-28 17:19:23 ----D---- C:\Program Files\RamBooster 2.0
2009-12-28 17:11:44 ----N---- C:\Eula.txt
2009-12-28 17:11:44 ----A---- C:\procexp.exe
2009-12-28 16:59:49 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-12-28 16:59:49 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-12-28 16:59:47 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-12-28 16:59:47 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-12-28 16:59:47 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-12-28 16:59:46 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-12-28 16:59:46 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-12-28 16:59:46 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-12-28 16:59:45 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-12-28 16:59:43 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-12-28 16:45:37 ----A---- C:\WINDOWS\system32\wshxt.dll
2009-12-28 16:42:16 ----D---- C:\Program Files\Alcohol Soft
2009-12-24 05:50:06 ----D---- C:\Program Files\DustBuster
2009-12-24 05:44:08 ----A---- C:\WINDOWS\system32\wmsprog.dll
2009-12-24 05:44:08 ----A---- C:\WINDOWS\system32\kernell.dll
2009-12-24 05:41:39 ----D---- C:\LINEAGE zaloha
2009-12-24 05:39:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2009-12-24 05:39:53 ----ASH---- C:\WINDOWS\Strsysk.dll
2009-12-24 05:39:53 ----ASH---- C:\WINDOWS\Strsys.dll
2009-12-24 05:39:53 ----ASH---- C:\WINDOWS\ShellExecuteHook.dll
2009-12-24 05:39:53 ----ASH---- C:\WINDOWS\MmWatch.dll
2009-12-24 05:39:53 ----ASH---- C:\WINDOWS\HMFAxstr.dll
2009-12-24 05:39:53 ----ASH---- C:\WINDOWS\HkMgrMM.dll
2009-12-24 05:39:52 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\Strazca systemu
2009-12-24 05:39:52 ----ASH---- C:\WINDOWS\strs.exe
2009-12-24 05:39:52 ----A---- C:\WINDOWS\unins000.exe
2009-12-23 17:28:07 ----D---- C:\WINDOWS\Minidump

======List of files/folders modified in the last 1 months======

2010-01-21 12:56:10 ----A---- C:\WINDOWS\WINCMD.INI
2010-01-21 12:24:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-16 09:26:54 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-13 13:40:54 ----A---- C:\WINDOWS\Marsu-Fix 2.5 Uninstaller.exe
2010-01-05 08:51:42 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 HMFAxCore46691b2fe72383a3b643d95081ef1d95;HMFAxCore46691b2fe72383a3b643d95081ef1d95; C:\WINDOWS\system32\drivers\HMFAxCore46691b2fe72383a3b643d95081ef1d95.sys [2009-12-28 24064]
R1 Winhpfile;Winhpfile; \??\C:\exdhkkum\HPFile.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 aechzc6y;aechzc6y; C:\WINDOWS\system32\drivers\aechzc6y.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 npkcrypt;npkcrypt; \??\D:\Lineage II\system c\npkcrypt.sys []
S3 PsSdk40;PsSdk40; \??\C:\WINDOWS\system32\Drivers\pssdk40.sys []
S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-05 153376]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-19 348344]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

-----------------EOF-----------------

VIRY.CZ

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu