prosím o "preventivku"- tady toho bude hodně

Zpráva

Kutinecka · #1 Příspěvek od **Kutinecka** » 21 pro 2009 19:19

zdravím na fóru, opět jsem tady a prosím o pomoc. před časem mi odešel notebook, tak musím dělat doma na "velkém" počítači. Bohužel ho využívá především bratr a stahuje přes torrenty, tak bude asi hodně zasekaný viry. Navíc když jsem ho zkoušela projet MBAM, tak mi to našlo přes 30 virů, ale při odstranění napsal " error 7",úplně se zavřel a při dalším skenu našel ty samé viry... zatím vše funguje, ale asi je to jen otázka času.
tady je log z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Katka at 2009-12-21 19:12:59
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 88 GB (29%) free of 298 GB
Total RAM: 2047 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:02, on 21.12.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Katka\Desktop\RSIT.exe
C:\Program Files\trend micro\Katka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://webcam.i2net.cz:8080/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{86F570D7-5BD7-4788-824B-E8C1B999D779}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BA235F3-7780-4702-BD2E-812028FD118C}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EC5E20A-C416-4A7F-827B-2E766726E6CD}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 8216 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{FC7F957C-E4B6-42F5-BD98-E039280A02DB}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-09-09 173488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-06 4669440]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-05-24 71176]
""= []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2007-09-25 54672]
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 229376]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7d61601-4f6d-11dd-8d8c-001d6053da07}]
shell\AutoRun\command - K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - "C:\Windows\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-12-21 19:05:43 ----D---- C:\Program Files\trend micro
2009-12-21 19:05:42 ----D---- C:\rsit
2009-12-18 19:11:20 ----D---- C:\Users\Katka\AppData\Roaming\Malwarebytes
2009-12-18 19:11:14 ----D---- C:\ProgramData\Malwarebytes
2009-12-18 19:11:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-12 21:06:27 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-12 21:06:23 ----A---- C:\Windows\system32\httpapi.dll
2009-12-10 07:37:39 ----A---- C:\Windows\system32\winhttp.dll
2009-12-10 07:37:35 ----A---- C:\Windows\system32\mshtml.dll
2009-12-10 07:37:33 ----A---- C:\Windows\system32\ieframe.dll
2009-12-10 07:37:32 ----A---- C:\Windows\system32\iertutil.dll
2009-12-10 07:37:31 ----A---- C:\Windows\system32\wininet.dll
2009-12-10 07:37:31 ----A---- C:\Windows\system32\urlmon.dll
2009-12-10 07:37:31 ----A---- C:\Windows\system32\occache.dll
2009-12-10 07:37:31 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-10 07:37:31 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-10 07:37:30 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-10 07:37:30 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-10 07:37:30 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-10 07:37:30 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-10 07:37:30 ----A---- C:\Windows\system32\ieui.dll
2009-12-10 07:37:30 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-10 07:37:30 ----A---- C:\Windows\system32\iesetup.dll
2009-12-10 07:37:30 ----A---- C:\Windows\system32\iernonce.dll
2009-12-10 07:37:30 ----A---- C:\Windows\system32\iepeers.dll
2009-12-10 07:37:30 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-10 07:35:56 ----A---- C:\Windows\system32\rastls.dll
2009-12-05 20:22:16 ----D---- C:\Program Files\Windows Portable Devices
2009-12-05 20:20:50 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-12-05 20:20:50 ----A---- C:\Windows\system32\UIRibbon.dll
2009-12-05 20:20:50 ----A---- C:\Windows\system32\UIAnimation.dll
2009-12-05 20:20:24 ----A---- C:\Windows\system32\WMPhoto.dll
2009-12-05 20:20:23 ----A---- C:\Windows\system32\cdd.dll
2009-12-05 20:20:22 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-12-05 20:20:22 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-12-05 20:20:22 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-12-05 20:20:22 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-12-05 20:20:22 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-12-05 20:20:22 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-12-05 20:20:22 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-12-05 20:20:22 ----A---- C:\Windows\system32\dxdiagn.dll
2009-12-05 20:20:22 ----A---- C:\Windows\system32\dxdiag.exe
2009-12-05 20:20:22 ----A---- C:\Windows\system32\d3d10warp.dll
2009-12-05 20:20:22 ----A---- C:\Windows\system32\d2d1.dll
2009-12-05 20:20:21 ----A---- C:\Windows\system32\xpsservices.dll
2009-12-05 20:20:21 ----A---- C:\Windows\system32\XpsPrint.dll
2009-12-05 20:20:21 ----A---- C:\Windows\system32\OpcServices.dll
2009-12-05 20:20:21 ----A---- C:\Windows\system32\FntCache.dll
2009-12-05 20:20:21 ----A---- C:\Windows\system32\dxgi.dll
2009-12-05 20:20:21 ----A---- C:\Windows\system32\DWrite.dll
2009-12-05 20:20:21 ----A---- C:\Windows\system32\d3d11.dll
2009-12-05 20:20:21 ----A---- C:\Windows\system32\d3d10level9.dll
2009-12-05 20:20:21 ----A---- C:\Windows\system32\d3d10core.dll
2009-12-05 20:20:21 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-12-05 20:20:21 ----A---- C:\Windows\system32\d3d10_1.dll
2009-12-05 20:20:21 ----A---- C:\Windows\system32\d3d10.dll
2009-12-05 20:19:11 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-12-05 20:19:10 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-12-05 20:19:10 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-12-05 20:18:59 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-12-05 20:18:56 ----A---- C:\Windows\system32\WPDSp.dll
2009-12-05 20:18:56 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-12-05 20:18:56 ----A---- C:\Windows\system32\wpdshext.dll
2009-12-05 20:18:56 ----A---- C:\Windows\system32\WpdMtpUS.dll
2009-12-05 20:18:56 ----A---- C:\Windows\system32\WpdMtp.dll
2009-12-05 20:18:56 ----A---- C:\Windows\system32\WpdConns.dll
2009-12-05 20:18:56 ----A---- C:\Windows\system32\wpd_ci.dll
2009-12-05 20:18:56 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-12-05 20:18:56 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-12-05 20:18:56 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-12-05 20:18:56 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-12-05 20:17:46 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-12-05 20:17:46 ----A---- C:\Windows\system32\oleaccrc.dll
2009-12-05 20:17:46 ----A---- C:\Windows\system32\oleacc.dll
2009-12-04 21:13:28 ----D---- C:\Windows\system32\vi-VN
2009-12-04 21:13:28 ----D---- C:\Windows\system32\eu-ES
2009-12-04 21:13:28 ----D---- C:\Windows\system32\ca-ES
2009-12-03 22:44:08 ----D---- C:\Program Files\MyPlayCity.com
2009-11-26 11:24:32 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 16:03:09 ----RA---- C:\Windows\system32\msxml.dll
2009-11-25 16:03:02 ----RA---- C:\Windows\system32\xmltok.dll
2009-11-25 16:03:02 ----RA---- C:\Windows\system32\xmlparse.dll
2009-11-25 16:03:02 ----RA---- C:\Windows\system32\xmlinst.exe
2009-11-25 16:03:02 ----RA---- C:\Windows\system32\msxmlr.dll
2009-11-25 16:03:02 ----RA---- C:\Windows\system32\msxml3a.dll
2009-11-25 16:03:01 ----RA---- C:\Windows\system32\VB5DB.DLL
2009-11-25 16:02:43 ----A---- C:\Windows\patchw32.dll
2009-11-25 16:02:40 ----D---- C:\Program Files\ubi.com
2009-11-25 16:02:40 ----D---- C:\Program Files\Common Files\PocketSoft
2009-11-25 15:50:58 ----D---- C:\Program Files\Ubi Soft
2009-11-25 15:50:52 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 15:50:52 ----A---- C:\Windows\system32\msxml3.dll
2009-11-22 17:19:13 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-11-22 17:19:09 ----A---- C:\Windows\system32\SLsvc.exe
2009-11-22 17:19:09 ----A---- C:\Windows\system32\SLCExt.dll
2009-11-22 17:19:08 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-11-22 17:19:07 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-11-22 17:19:06 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-11-22 17:19:04 ----A---- C:\Windows\system32\mssrch.dll
2009-11-22 17:19:00 ----A---- C:\Windows\system32\tquery.dll
2009-11-22 17:18:59 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-11-22 17:18:58 ----A---- C:\Windows\system32\scavenge.dll
2009-11-22 17:18:58 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-11-22 17:18:58 ----A---- C:\Windows\system32\RMActivate.exe
2009-11-22 17:18:56 ----A---- C:\Windows\system32\msi.dll
2009-11-22 17:18:55 ----A---- C:\Windows\system32\imapi2fs.dll
2009-11-22 17:18:54 ----A---- C:\Windows\system32\WscEapPr.dll
2009-11-22 17:18:54 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-11-22 17:18:54 ----A---- C:\Windows\system32\sysmain.dll
2009-11-22 17:18:54 ----A---- C:\Windows\system32\secproc_isv.dll
2009-11-22 17:18:53 ----A---- C:\Windows\system32\icardagt.exe
2009-11-22 17:18:52 ----A---- C:\Windows\system32\EhStorShell.dll
2009-11-22 17:18:52 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-11-22 17:18:51 ----A---- C:\Windows\system32\spreview.exe
2009-11-22 17:18:51 ----A---- C:\Windows\system32\spinstall.exe
2009-11-22 17:18:50 ----A---- C:\Windows\system32\drmv2clt.dll
2009-11-22 17:18:49 ----A---- C:\Windows\system32\spwizui.dll
2009-11-22 17:18:49 ----A---- C:\Windows\system32\secproc.dll
2009-11-22 17:18:49 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-11-22 17:18:48 ----A---- C:\Windows\system32\shell32.dll
2009-11-22 17:18:46 ----A---- C:\Windows\system32\p2psvc.dll
2009-11-22 17:18:45 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-11-22 17:18:45 ----A---- C:\Windows\system32\mssvp.dll
2009-11-22 17:18:44 ----A---- C:\Windows\system32\mssphtb.dll
2009-11-22 17:18:44 ----A---- C:\Windows\system32\mssph.dll
2009-11-22 17:18:44 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-11-22 17:18:44 ----A---- C:\Windows\system32\mscoree.dll
2009-11-22 17:18:44 ----A---- C:\Windows\system32\imapi2.dll
2009-11-22 17:18:43 ----A---- C:\Windows\system32\sdohlp.dll
2009-11-22 17:18:42 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-11-22 17:18:42 ----A---- C:\Windows\system32\esent.dll
2009-11-22 17:18:42 ----A---- C:\Windows\system32\DevicePairing.dll
2009-11-22 17:18:41 ----A---- C:\Windows\system32\wevtsvc.dll
2009-11-22 17:18:41 ----A---- C:\Windows\system32\sperror.dll
2009-11-22 17:18:41 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-11-22 17:18:41 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-11-22 17:18:41 ----A---- C:\Windows\system32\korwbrkr.dll
2009-11-22 17:18:40 ----A---- C:\Windows\system32\SLC.dll
2009-11-22 17:18:40 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-11-22 17:18:40 ----A---- C:\Windows\system32\msshsq.dll
2009-11-22 17:18:38 ----A---- C:\Windows\system32\msjet40.dll
2009-11-22 17:18:38 ----A---- C:\Windows\system32\MPSSVC.dll
2009-11-22 17:18:36 ----A---- C:\Windows\system32\Query.dll
2009-11-22 17:18:36 ----A---- C:\Windows\system32\qmgr.dll
2009-11-22 17:18:35 ----A---- C:\Windows\system32\P2PGraph.dll
2009-11-22 17:18:35 ----A---- C:\Windows\system32\ole32.dll
2009-11-22 17:18:35 ----A---- C:\Windows\system32\msexch40.dll
2009-11-22 17:18:35 ----A---- C:\Windows\system32\IasMigReader.exe
2009-11-22 17:18:35 ----A---- C:\Windows\system32\diagperf.dll
2009-11-22 17:18:34 ----A---- C:\Windows\system32\srchadmin.dll
2009-11-22 17:18:34 ----A---- C:\Windows\system32\ntdll.dll
2009-11-22 17:18:33 ----A---- C:\Windows\system32\winload.exe
2009-11-22 17:18:33 ----A---- C:\Windows\system32\mblctr.exe
2009-11-22 17:18:33 ----A---- C:\Windows\system32\EncDec.dll
2009-11-22 17:18:32 ----A---- C:\Windows\system32\uDWM.dll
2009-11-22 17:18:32 ----A---- C:\Windows\system32\mmc.exe
2009-11-22 17:18:32 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-11-22 17:18:32 ----A---- C:\Windows\system32\dfsr.exe
2009-11-22 17:18:31 ----A---- C:\Windows\system32\riched20.dll
2009-11-22 17:18:31 ----A---- C:\Windows\system32\fdBth.dll
2009-11-22 17:18:30 ----A---- C:\Windows\system32\RacEngn.dll
2009-11-22 17:18:28 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-11-22 17:18:28 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-11-22 17:18:28 ----A---- C:\Windows\system32\milcore.dll
2009-11-22 17:18:28 ----A---- C:\Windows\system32\kernel32.dll
2009-11-22 17:18:28 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-11-22 17:18:27 ----A---- C:\Windows\system32\spoolss.dll
2009-11-22 17:18:27 ----A---- C:\Windows\system32\schedsvc.dll
2009-11-22 17:18:27 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-11-22 17:18:27 ----A---- C:\Windows\system32\CertEnroll.dll
2009-11-22 17:18:25 ----A---- C:\Windows\system32\msvcp60.dll
2009-11-22 17:18:25 ----A---- C:\Windows\system32\msjtes40.dll
2009-11-22 17:18:25 ----A---- C:\Windows\system32\infocardapi.dll
2009-11-22 17:18:25 ----A---- C:\Windows\system32\gpedit.dll
2009-11-22 17:18:25 ----A---- C:\Windows\system32\fsquirt.exe
2009-11-22 17:18:25 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-11-22 17:18:24 ----A---- C:\Windows\system32\WinSAT.exe
2009-11-22 17:18:23 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-11-22 17:18:23 ----A---- C:\Windows\system32\es.dll
2009-11-22 17:18:22 ----A---- C:\Windows\system32\mstext40.dll
2009-11-22 17:18:22 ----A---- C:\Windows\system32\Magnify.exe
2009-11-22 17:18:22 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-11-22 17:18:22 ----A---- C:\Windows\system32\advapi32.dll
2009-11-22 17:18:21 ----A---- C:\Windows\system32\WebClnt.dll
2009-11-22 17:18:21 ----A---- C:\Windows\system32\msexcl40.dll
2009-11-22 17:18:20 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-11-22 17:18:20 ----A---- C:\Windows\system32\slwmi.dll
2009-11-22 17:18:20 ----A---- C:\Windows\system32\msxbde40.dll
2009-11-22 17:18:20 ----A---- C:\Windows\system32\comsvcs.dll
2009-11-22 17:18:19 ----A---- C:\Windows\system32\vssapi.dll
2009-11-22 17:18:19 ----A---- C:\Windows\system32\authui.dll
2009-11-22 17:18:18 ----A---- C:\Windows\system32\NetProjW.dll
2009-11-22 17:18:18 ----A---- C:\Windows\system32\msrepl40.dll
2009-11-22 17:18:17 ----A---- C:\Windows\system32\propsys.dll
2009-11-22 17:18:17 ----A---- C:\Windows\system32\PresentationHost.exe
2009-11-22 17:18:17 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-11-22 17:18:17 ----A---- C:\Windows\system32\newdev.dll
2009-11-22 17:18:17 ----A---- C:\Windows\system32\iasrecst.dll
2009-11-22 17:18:17 ----A---- C:\Windows\system32\gpsvc.dll
2009-11-22 17:18:16 ----A---- C:\Windows\system32\rpcss.dll
2009-11-22 17:18:16 ----A---- C:\Windows\system32\eudcedit.exe
2009-11-22 17:18:16 ----A---- C:\Windows\system32\crypt32.dll
2009-11-22 17:18:16 ----A---- C:\Windows\explorer.exe
2009-11-22 17:18:15 ----A---- C:\Windows\system32\setupapi.dll
2009-11-22 17:18:15 ----A---- C:\Windows\system32\mspbde40.dll
2009-11-22 17:18:15 ----A---- C:\Windows\system32\d3d9.dll
2009-11-22 17:18:14 ----A---- C:\Windows\system32\msltus40.dll
2009-11-22 17:18:14 ----A---- C:\Windows\system32\mfc42.dll
2009-11-22 17:18:14 ----A---- C:\Windows\system32\davclnt.dll
2009-11-22 17:18:13 ----A---- C:\Windows\system32\shlwapi.dll
2009-11-22 17:18:13 ----A---- C:\Windows\system32\msrd3x40.dll
2009-11-22 17:18:13 ----A---- C:\Windows\system32\msdtctm.dll
2009-11-22 17:18:13 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-11-22 17:18:13 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-11-22 17:18:12 ----A---- C:\Windows\system32\wevtapi.dll
2009-11-22 17:18:12 ----A---- C:\Windows\system32\photowiz.dll
2009-11-22 17:18:12 ----A---- C:\Windows\system32\nlhtml.dll
2009-11-22 17:18:12 ----A---- C:\Windows\system32\browseui.dll
2009-11-22 17:18:11 ----A---- C:\Windows\system32\user32.dll
2009-11-22 17:18:10 ----A---- C:\Windows\system32\win32spl.dll
2009-11-22 17:18:10 ----A---- C:\Windows\system32\samsrv.dll
2009-11-22 17:18:10 ----A---- C:\Windows\system32\quartz.dll
2009-11-22 17:18:10 ----A---- C:\Windows\system32\ci.dll
2009-11-22 17:18:09 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-11-22 17:18:09 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-11-22 17:18:09 ----A---- C:\Windows\system32\oleaut32.dll
2009-11-22 17:18:09 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-11-22 17:18:08 ----A---- C:\Windows\system32\netshell.dll
2009-11-22 17:18:08 ----A---- C:\Windows\system32\compcln.exe
2009-11-22 17:18:08 ----A---- C:\Windows\system32\apds.dll
2009-11-22 17:18:07 ----A---- C:\Windows\system32\xmlfilter.dll
2009-11-22 17:18:07 ----A---- C:\Windows\system32\mswstr10.dll
2009-11-22 17:18:07 ----A---- C:\Windows\system32\emdmgmt.dll
2009-11-22 17:18:07 ----A---- C:\Windows\system32\audiosrv.dll
2009-11-22 17:18:06 ----A---- C:\Windows\system32\msvcrt.dll
2009-11-22 17:18:06 ----A---- C:\Windows\system32\msctf.dll
2009-11-22 17:18:06 ----A---- C:\Windows\system32\gdi32.dll
2009-11-22 17:18:05 ----A---- C:\Windows\system32\VSSVC.exe
2009-11-22 17:18:05 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-11-22 17:18:05 ----A---- C:\Windows\system32\mfc42u.dll
2009-11-22 17:18:05 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-11-22 17:18:04 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-11-22 17:18:04 ----A---- C:\Windows\system32\SLUI.exe
2009-11-22 17:18:04 ----A---- C:\Windows\system32\msrd2x40.dll
2009-11-22 17:18:04 ----A---- C:\Windows\system32\eapphost.dll
2009-11-22 17:18:02 ----A---- C:\Windows\system32\winresume.exe
2009-11-22 17:18:02 ----A---- C:\Windows\system32\propdefs.dll
2009-11-22 17:18:02 ----A---- C:\Windows\system32\odbc32.dll
2009-11-22 17:18:01 ----A---- C:\Windows\system32\shdocvw.dll
2009-11-22 17:18:00 ----A---- C:\Windows\system32\wevtutil.exe
2009-11-22 17:18:00 ----A---- C:\Windows\system32\mssitlb.dll
2009-11-22 17:18:00 ----A---- C:\Windows\system32\dbgeng.dll
2009-11-22 17:17:59 ----A---- C:\Windows\system32\WsmSvc.dll
2009-11-22 17:17:59 ----A---- C:\Windows\system32\swprv.dll
2009-11-22 17:17:59 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-11-22 17:17:58 ----A---- C:\Windows\system32\vds.exe
2009-11-22 17:17:58 ----A---- C:\Windows\system32\usp10.dll
2009-11-22 17:17:57 ----A---- C:\Windows\system32\netlogon.dll
2009-11-22 17:17:57 ----A---- C:\Windows\system32\msscb.dll
2009-11-22 17:17:57 ----A---- C:\Windows\system32\msctfp.dll
2009-11-22 17:17:57 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-11-22 17:17:57 ----A---- C:\Windows\system32\drvinst.exe
2009-11-22 17:17:57 ----A---- C:\Windows\system32\devmgr.dll
2009-11-22 17:17:57 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-11-22 17:17:57 ----A---- C:\Windows\system32\BFE.DLL
2009-11-22 17:17:57 ----A---- C:\Windows\system32\adsldpc.dll
2009-11-22 17:17:56 ----A---- C:\Windows\system32\Wldap32.dll
2009-11-22 17:17:56 ----A---- C:\Windows\system32\wcnwiz.dll
2009-11-22 17:17:56 ----A---- C:\Windows\system32\evr.dll
2009-11-22 17:17:55 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-11-22 17:17:55 ----A---- C:\Windows\system32\services.exe
2009-11-22 17:17:54 ----A---- C:\Windows\system32\wercon.exe
2009-11-22 17:17:54 ----A---- C:\Windows\system32\comdlg32.dll
2009-11-22 17:17:54 ----A---- C:\Windows\system32\adtschema.dll
2009-11-22 17:17:53 ----A---- C:\Windows\system32\wcncsvc.dll
2009-11-22 17:17:53 ----A---- C:\Windows\system32\mimefilt.dll
2009-11-22 17:17:52 ----A---- C:\Windows\system32\mswdat10.dll
2009-11-22 17:17:52 ----A---- C:\Windows\system32\msjter40.dll
2009-11-22 17:17:52 ----A---- C:\Windows\system32\msdtcprx.dll
2009-11-22 17:17:52 ----A---- C:\Windows\system32\msdrm.dll
2009-11-22 17:17:52 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-11-22 17:17:52 ----A---- C:\Windows\system32\certcli.dll
2009-11-22 17:17:51 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-11-22 17:17:51 ----A---- C:\Windows\system32\taskeng.exe
2009-11-22 17:17:51 ----A---- C:\Windows\system32\rtffilt.dll
2009-11-22 17:17:51 ----A---- C:\Windows\system32\reg.exe
2009-11-22 17:17:51 ----A---- C:\Windows\system32\dnsapi.dll
2009-11-22 17:17:51 ----A---- C:\Windows\system32\certutil.exe
2009-11-22 17:17:50 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-11-22 17:17:50 ----A---- C:\Windows\system32\w32time.dll
2009-11-22 17:17:49 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-11-22 17:17:49 ----A---- C:\Windows\system32\bcrypt.dll
2009-11-22 17:17:48 ----A---- C:\Windows\system32\msshooks.dll
2009-11-22 17:17:48 ----A---- C:\Windows\system32\msscntrs.dll
2009-11-22 17:17:48 ----A---- C:\Windows\system32\bthserv.dll
2009-11-22 17:17:47 ----A---- C:\Windows\system32\rsaenh.dll
2009-11-22 17:17:46 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-11-22 17:17:46 ----A---- C:\Windows\system32\msihnd.dll
2009-11-22 17:17:46 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-11-22 17:17:45 ----A---- C:\Windows\system32\msstrc.dll
2009-11-22 17:17:45 ----A---- C:\Windows\system32\inetcomm.dll
2009-11-22 17:17:45 ----A---- C:\Windows\system32\dfshim.dll
2009-11-22 17:17:44 ----A---- C:\Windows\system32\netapi32.dll
2009-11-22 17:17:44 ----A---- C:\Windows\system32\mtxclu.dll
2009-11-22 17:17:44 ----A---- C:\Windows\system32\inetpp.dll
2009-11-22 17:17:44 ----A---- C:\Windows\system32\hidserv.dll
2009-11-22 17:17:44 ----A---- C:\Windows\system32\fundisc.dll
2009-11-22 17:17:44 ----A---- C:\Windows\system32\cryptsvc.dll
2009-11-22 17:17:43 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-11-22 17:17:43 ----A---- C:\Windows\system32\termsrv.dll
2009-11-22 17:17:43 ----A---- C:\Windows\system32\profsvc.dll
2009-11-22 17:17:43 ----A---- C:\Windows\system32\mscories.dll
2009-11-22 17:17:43 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-11-22 17:17:42 ----A---- C:\Windows\system32\shsvcs.dll
2009-11-22 17:17:42 ----A---- C:\Windows\system32\msiexec.exe
2009-11-22 17:17:42 ----A---- C:\Windows\system32\imapi.dll
2009-11-22 17:17:41 ----A---- C:\Windows\system32\wdc.dll
2009-11-22 17:17:41 ----A---- C:\Windows\system32\iassdo.dll
2009-11-22 17:17:41 ----A---- C:\Windows\system32\chsbrkr.dll
2009-11-22 17:17:40 ----A---- C:\Windows\system32\spoolsv.exe
2009-11-22 17:17:40 ----A---- C:\Windows\system32\rasmans.dll
2009-11-22 17:17:40 ----A---- C:\Windows\system32\pnidui.dll
2009-11-22 17:17:40 ----A---- C:\Windows\system32\icardres.dll
2009-11-22 17:17:40 ----A---- C:\Windows\system32\autofmt.exe
2009-11-22 17:17:39 ----A---- C:\Windows\system32\wersvc.dll
2009-11-22 17:17:39 ----A---- C:\Windows\system32\slmgr.vbs
2009-11-22 17:17:39 ----A---- C:\Windows\system32\scrrun.dll
2009-11-22 17:17:39 ----A---- C:\Windows\system32\PSHED.DLL
2009-11-22 17:17:38 ----A---- C:\Windows\system32\pdh.dll
2009-11-22 17:17:38 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-11-22 17:17:38 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-11-22 17:17:38 ----A---- C:\Windows\system32\azroles.dll
2009-11-22 17:17:37 ----A---- C:\Windows\system32\pidgenx.dll
2009-11-22 17:17:36 ----A---- C:\Windows\system32\wmpmde.dll
2009-11-22 17:17:36 ----A---- C:\Windows\system32\winlogon.exe
2009-11-22 17:17:36 ----A---- C:\Windows\system32\SyncCenter.dll
2009-11-22 17:17:35 ----A---- C:\Windows\system32\SLUINotify.dll
2009-11-22 17:17:35 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-11-22 17:17:34 ----A---- C:\Windows\system32\ncrypt.dll
2009-11-22 17:17:34 ----A---- C:\Windows\system32\comuid.dll
2009-11-22 17:17:34 ----A---- C:\Windows\system32\certmgr.dll
2009-11-22 17:17:33 ----A---- C:\Windows\system32\untfs.dll
2009-11-22 17:17:33 ----A---- C:\Windows\system32\spp.dll
2009-11-22 17:17:33 ----A---- C:\Windows\system32\sethc.exe
2009-11-22 17:17:33 ----A---- C:\Windows\system32\scrobj.dll
2009-11-22 17:17:33 ----A---- C:\Windows\system32\kd1394.dll
2009-11-22 17:17:33 ----A---- C:\Windows\system32\iassam.dll
2009-11-22 17:17:32 ----A---- C:\Windows\system32\wisptis.exe
2009-11-22 17:17:32 ----A---- C:\Windows\system32\taskcomp.dll
2009-11-22 17:17:32 ----A---- C:\Windows\system32\rtutils.dll
2009-11-22 17:17:32 ----A---- C:\Windows\system32\dwm.exe
2009-11-22 17:17:31 ----A---- C:\Windows\system32\autochk.exe
2009-11-22 17:17:30 ----A---- C:\Windows\system32\winsrv.dll
2009-11-22 17:17:30 ----A---- C:\Windows\system32\printui.dll
2009-11-22 17:17:30 ----A---- C:\Windows\system32\iasnap.dll
2009-11-22 17:17:30 ----A---- C:\Windows\system32\autoconv.exe
2009-11-22 17:17:29 ----A---- C:\Windows\system32\userenv.dll
2009-11-22 17:17:29 ----A---- C:\Windows\system32\onex.dll
2009-11-22 17:17:29 ----A---- C:\Windows\system32\kdcom.dll
2009-11-22 17:17:29 ----A---- C:\Windows\system32\cscript.exe
2009-11-22 17:17:29 ----A---- C:\Windows\system32\basecsp.dll
2009-11-22 17:17:29 ----A---- C:\Windows\system32\audiodg.exe
2009-11-22 17:17:28 ----A---- C:\Windows\system32\wow32.dll
2009-11-22 17:17:28 ----A---- C:\Windows\system32\osk.exe
2009-11-22 17:17:28 ----A---- C:\Windows\system32\mswsock.dll
2009-11-22 17:17:27 ----A---- C:\Windows\system32\kdusb.dll
2009-11-22 17:17:26 ----A---- C:\Windows\system32\WinSCard.dll
2009-11-22 17:17:26 ----A---- C:\Windows\system32\winmm.dll
2009-11-22 17:17:26 ----A---- C:\Windows\system32\RelMon.dll
2009-11-22 17:17:26 ----A---- C:\Windows\system32\rdpencom.dll
2009-11-22 17:17:26 ----A---- C:\Windows\system32\msftedit.dll
2009-11-22 17:17:25 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-11-22 17:17:25 ----A---- C:\Windows\system32\spcmsg.dll
2009-11-22 17:17:25 ----A---- C:\Windows\system32\offfilt.dll
2009-11-22 17:17:25 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-11-22 17:17:24 ----A---- C:\Windows\system32\wsepno.dll
2009-11-22 17:17:24 ----A---- C:\Windows\system32\WerFault.exe
2009-11-22 17:17:24 ----A---- C:\Windows\system32\Utilman.exe
2009-11-22 17:17:24 ----A---- C:\Windows\system32\stobject.dll
2009-11-22 17:17:24 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-11-22 17:17:24 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-11-22 17:17:24 ----A---- C:\Windows\system32\mfplat.dll
2009-11-22 17:17:24 ----A---- C:\Windows\system32\diskraid.exe
2009-11-22 17:17:23 ----A---- C:\Windows\system32\SndVol.exe
2009-11-22 17:17:23 ----A---- C:\Windows\system32\mscms.dll
2009-11-22 17:17:23 ----A---- C:\Windows\system32\mcmde.dll
2009-11-22 17:17:23 ----A---- C:\Windows\system32\apphelp.dll
2009-11-22 17:17:22 ----A---- C:\Windows\system32\wiaservc.dll
2009-11-22 17:17:22 ----A---- C:\Windows\system32\sysclass.dll
2009-11-22 17:17:22 ----A---- C:\Windows\system32\prnntfy.dll
2009-11-22 17:17:22 ----A---- C:\Windows\system32\odbccp32.dll
2009-11-22 17:17:22 ----A---- C:\Windows\system32\msnetobj.dll
2009-11-22 17:17:22 ----A---- C:\Windows\system32\adsmsext.dll
2009-11-22 17:17:21 ----A---- C:\Windows\system32\wscript.exe
2009-11-22 17:17:21 ----A---- C:\Windows\system32\ulib.dll
2009-11-22 17:17:21 ----A---- C:\Windows\system32\iasdatastore.dll
2009-11-22 17:17:21 ----A---- C:\Windows\system32\dsound.dll
2009-11-22 17:17:20 ----A---- C:\Windows\system32\rastapi.dll
2009-11-22 17:17:20 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-11-22 17:17:20 ----A---- C:\Windows\system32\cryptui.dll
2009-11-22 17:17:19 ----A---- C:\Windows\system32\wscntfy.dll
2009-11-22 17:17:19 ----A---- C:\Windows\system32\wlangpui.dll
2009-11-22 17:17:19 ----A---- C:\Windows\system32\pnpsetup.dll
2009-11-22 17:17:19 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-11-22 17:17:19 ----A---- C:\Windows\system32\fdProxy.dll
2009-11-22 17:17:19 ----A---- C:\Windows\system32\brcpl.dll
2009-11-22 17:17:18 ----A---- C:\Windows\system32\wscsvc.dll
2009-11-22 17:17:18 ----A---- C:\Windows\system32\vdsdyn.dll
2009-11-22 17:17:18 ----A---- C:\Windows\system32\logman.exe
2009-11-22 17:17:18 ----A---- C:\Windows\system32\iashlpr.dll
2009-11-22 17:17:18 ----A---- C:\Windows\system32\gpapi.dll
2009-11-22 17:17:18 ----A---- C:\Windows\system32\diskpart.exe
2009-11-22 17:17:17 ----A---- C:\Windows\system32\wusa.exe
2009-11-22 17:17:17 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-11-22 17:17:17 ----A---- C:\Windows\system32\regsvc.dll
2009-11-22 17:17:17 ----A---- C:\Windows\system32\rasapi32.dll
2009-11-22 17:17:17 ----A---- C:\Windows\system32\ntprint.dll
2009-11-22 17:17:17 ----A---- C:\Windows\system32\mscorier.dll
2009-11-22 17:17:16 ----A---- C:\Windows\system32\zipfldr.dll
2009-11-22 17:17:16 ----A---- C:\Windows\system32\wshext.dll
2009-11-22 17:17:16 ----A---- C:\Windows\system32\wpccpl.dll
2009-11-22 17:17:16 ----A---- C:\Windows\system32\iasrad.dll
2009-11-22 17:17:16 ----A---- C:\Windows\system32\findstr.exe
2009-11-22 17:17:15 ----A---- C:\Windows\system32\rasdlg.dll
2009-11-22 17:17:15 ----A---- C:\Windows\system32\netcenter.dll
2009-11-22 17:17:14 ----A---- C:\Windows\system32\wsnmp32.dll
2009-11-22 17:17:14 ----A---- C:\Windows\system32\wer.dll
2009-11-22 17:17:14 ----A---- C:\Windows\system32\themecpl.dll
2009-11-22 17:17:14 ----A---- C:\Windows\system32\iassvcs.dll
2009-11-22 17:17:13 ----A---- C:\Windows\system32\uxsms.dll
2009-11-22 17:17:13 ----A---- C:\Windows\system32\mssprxy.dll
2009-11-22 17:17:12 ----A---- C:\Windows\system32\tsbyuv.dll
2009-11-22 17:17:12 ----A---- C:\Windows\system32\srvsvc.dll
2009-11-22 17:17:12 ----A---- C:\Windows\system32\scansetting.dll
2009-11-22 17:17:12 ----A---- C:\Windows\system32\ntmarta.dll
2009-11-22 17:17:12 ----A---- C:\Windows\system32\msutb.dll
2009-11-22 17:17:12 ----A---- C:\Windows\system32\mstlsapi.dll
2009-11-22 17:17:12 ----A---- C:\Windows\system32\iasads.dll
2009-11-22 17:17:11 ----A---- C:\Windows\system32\slcc.dll
2009-11-22 17:17:11 ----A---- C:\Windows\system32\powrprof.dll
2009-11-22 17:17:11 ----A---- C:\Windows\system32\networkmap.dll
2009-11-22 17:17:11 ----A---- C:\Windows\system32\mstsc.exe
2009-11-22 17:17:11 ----A---- C:\Windows\system32\iasacct.dll
2009-11-22 17:17:10 ----A---- C:\Windows\system32\powercpl.dll
2009-11-22 17:17:10 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-11-22 17:17:10 ----A---- C:\Windows\system32\authz.dll
2009-11-22 17:17:09 ----A---- C:\Windows\system32\systemcpl.dll
2009-11-22 17:17:09 ----A---- C:\Windows\system32\sud.dll
2009-11-22 17:17:09 ----A---- C:\Windows\system32\newdev.exe
2009-11-22 17:17:09 ----A---- C:\Windows\system32\dot3svc.dll
2009-11-22 17:17:09 ----A---- C:\Windows\system32\connect.dll
2009-11-22 17:17:08 ----A---- C:\Windows\system32\themeui.dll
2009-11-22 17:17:08 ----A---- C:\Windows\system32\samlib.dll
2009-11-22 17:17:08 ----A---- C:\Windows\system32\pcaui.dll
2009-11-22 17:17:08 ----A---- C:\Windows\system32\mmci.dll
2009-11-22 17:17:08 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-11-22 17:17:07 ----A---- C:\Windows\system32\wlanpref.dll
2009-11-22 17:17:07 ----A---- C:\Windows\system32\usercpl.dll
2009-11-22 17:17:07 ----A---- C:\Windows\system32\qdvd.dll
2009-11-22 17:17:07 ----A---- C:\Windows\system32\autoplay.dll
2009-11-22 17:17:06 ----A---- C:\Windows\system32\wpcao.dll
2009-11-22 17:17:06 ----A---- C:\Windows\system32\rpchttp.dll
2009-11-22 17:17:06 ----A---- C:\Windows\system32\regapi.dll
2009-11-22 17:17:06 ----A---- C:\Windows\system32\msinfo32.exe
2009-11-22 17:17:05 ----A---- C:\Windows\system32\vdsutil.dll
2009-11-22 17:17:05 ----A---- C:\Windows\system32\tapisrv.dll
2009-11-22 17:17:05 ----A---- C:\Windows\system32\scksp.dll
2009-11-22 17:17:05 ----A---- C:\Windows\system32\feclient.dll
2009-11-22 17:17:04 ----A---- C:\Windows\system32\scesrv.dll
2009-11-22 17:17:04 ----A---- C:\Windows\system32\psisdecd.dll
2009-11-22 17:17:04 ----A---- C:\Windows\system32\oleprn.dll
2009-11-22 17:17:04 ----A---- C:\Windows\system32\mpr.dll
2009-11-22 17:17:04 ----A---- C:\Windows\system32\imm32.dll
2009-11-22 17:17:04 ----A---- C:\Windows\system32\AudioSes.dll
2009-11-22 17:17:03 ----A---- C:\Windows\system32\wscisvif.dll
2009-11-22 17:17:03 ----A---- C:\Windows\system32\rekeywiz.exe
2009-11-22 17:17:03 ----A---- C:\Windows\system32\iaspolcy.dll
2009-11-22 17:17:03 ----A---- C:\Windows\system32\Faultrep.dll
2009-11-22 17:17:03 ----A---- C:\Windows\system32\dot3msm.dll
2009-11-22 17:17:02 ----A---- C:\Windows\system32\sdclt.exe
2009-11-22 17:17:02 ----A---- C:\Windows\system32\qedit.dll
2009-11-22 17:17:02 ----A---- C:\Windows\system32\ncryptui.dll
2009-11-22 17:17:02 ----A---- C:\Windows\system32\dpapimig.exe
2009-11-22 17:17:02 ----A---- C:\Windows\system32\DeviceEject.exe
2009-11-22 17:17:01 ----A---- C:\Windows\system32\scecli.dll
2009-11-22 17:17:01 ----A---- C:\Windows\system32\rasgcw.dll
2009-11-22 17:17:01 ----A---- C:\Windows\system32\pnpui.dll
2009-11-22 17:17:01 ----A---- C:\Windows\system32\perfdisk.dll
2009-11-22 17:17:01 ----A---- C:\Windows\system32\hdwwiz.exe
2009-11-22 17:17:01 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-11-22 17:17:01 ----A---- C:\Windows\system32\certreq.exe
2009-11-22 17:17:00 ----A---- C:\Windows\system32\TSTheme.exe
2009-11-22 17:17:00 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-11-22 17:17:00 ----A---- C:\Windows\system32\spwinsat.dll
2009-11-22 17:17:00 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-11-22 17:17:00 ----A---- C:\Windows\system32\rasplap.dll
2009-11-22 17:17:00 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-11-22 17:17:00 ----A---- C:\Windows\system32\cmmon32.exe
2009-11-22 17:16:59 ----A---- C:\Windows\system32\whealogr.dll
2009-11-22 17:16:59 ----A---- C:\Windows\system32\tcpmon.dll
2009-11-22 17:16:59 ----A---- C:\Windows\system32\srcore.dll
2009-11-22 17:16:59 ----A---- C:\Windows\system32\fdWSD.dll
2009-11-22 17:16:59 ----A---- C:\Windows\system32\conime.exe
2009-11-22 17:16:59 ----A---- C:\Windows\system32\cmdial32.dll
2009-11-22 17:16:58 ----A---- C:\Windows\system32\wiaaut.dll
2009-11-22 17:16:58 ----A---- C:\Windows\system32\SnippingTool.exe
2009-11-22 17:16:58 ----A---- C:\Windows\system32\SCardSvr.dll
2009-11-22 17:16:58 ----A---- C:\Windows\system32\raschap.dll
2009-11-22 17:16:58 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-11-22 17:16:58 ----A---- C:\Windows\system32\fontext.dll
2009-11-22 17:16:57 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-11-22 17:16:57 ----A---- C:\Windows\system32\wlanui.dll
2009-11-22 17:16:57 ----A---- C:\Windows\system32\rasppp.dll
2009-11-22 17:16:56 ----A---- C:\Windows\system32\shwebsvc.dll
2009-11-22 17:16:56 ----A---- C:\Windows\system32\PnPutil.exe
2009-11-22 17:16:56 ----A---- C:\Windows\system32\dsprop.dll
2009-11-22 17:16:56 ----A---- C:\Windows\system32\dimsroam.dll
2009-11-22 17:16:55 ----A---- C:\Windows\system32\shsetup.dll
2009-11-22 17:16:55 ----A---- C:\Windows\system32\oobefldr.dll
2009-11-22 17:16:54 ----A---- C:\Windows\system32\rasmontr.dll
2009-11-22 17:16:54 ----A---- C:\Windows\system32\mscandui.dll
2009-11-22 17:16:54 ----A---- C:\Windows\system32\modemui.dll
2009-11-22 17:16:53 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-11-22 17:16:53 ----A---- C:\Windows\system32\chtbrkr.dll
2009-11-22 17:16:53 ----A---- C:\Windows\system32\dataclen.dll
2009-11-22 17:16:52 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-11-22 17:16:52 ----A---- C:\Windows\system32\smss.exe
2009-11-22 17:16:52 ----A---- C:\Windows\system32\rdpwsx.dll
2009-11-22 17:16:52 ----A---- C:\Windows\system32\credui.dll
2009-11-22 17:16:52 ----A---- C:\Windows\system32\blackbox.dll
2009-11-22 17:16:51 ----A---- C:\Windows\system32\WSDMon.dll
2009-11-22 17:16:51 ----A---- C:\Windows\system32\wmpeffects.dll
2009-11-22 17:16:51 ----A---- C:\Windows\system32\netplwiz.dll
2009-11-22 17:16:50 ----A---- C:\Windows\system32\networkexplorer.dll
2009-11-22 17:16:50 ----A---- C:\Windows\system32\certprop.dll
2009-11-22 17:16:49 ----A---- C:\Windows\system32\wscapi.dll
2009-11-22 17:16:49 ----A---- C:\Windows\system32\wpcsvc.dll
2009-11-22 17:16:49 ----A---- C:\Windows\system32\msscp.dll
2009-11-22 17:16:49 ----A---- C:\Windows\system32\msimtf.dll
2009-11-22 17:16:49 ----A---- C:\Windows\system32\logagent.exe
2009-11-22 17:16:49 ----A---- C:\Windows\system32\InkEd.dll
2009-11-22 17:16:49 ----A---- C:\Windows\system32\ifmon.dll
2009-11-22 17:16:49 ----A---- C:\Windows\system32\gpresult.exe
2009-11-22 17:16:49 ----A---- C:\Windows\system32\cipher.exe
2009-11-22 17:16:48 ----A---- C:\Windows\system32\thawbrkr.dll
2009-11-22 17:16:48 ----A---- C:\Windows\system32\softkbd.dll
2009-11-22 17:16:48 ----A---- C:\Windows\system32\sendmail.dll
2009-11-22 17:16:47 ----A---- C:\Windows\system32\msctfui.dll
2009-11-22 17:16:47 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-11-22 17:16:46 ----A---- C:\Windows\system32\olepro32.dll
2009-11-22 17:16:46 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-11-22 17:16:46 ----A---- C:\Windows\system32\dmsynth.dll
2009-11-22 17:16:45 ----A---- C:\Windows\system32\wshbth.dll
2009-11-22 17:16:45 ----A---- C:\Windows\system32\version.dll
2009-11-22 17:16:45 ----A---- C:\Windows\system32\SLLUA.exe
2009-11-22 17:16:45 ----A---- C:\Windows\system32\puiapi.dll
2009-11-22 17:16:45 ----A---- C:\Windows\system32\msisip.dll
2009-11-22 17:16:45 ----A---- C:\Windows\system32\mprapi.dll
2009-11-22 17:16:45 ----A---- C:\Windows\system32\input.dll
2009-11-22 17:16:45 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-11-22 17:16:44 ----A---- C:\Windows\system32\fdSSDP.dll
2009-11-22 17:16:44 ----A---- C:\Windows\system32\fc.exe
2009-11-22 17:16:43 ----A---- C:\Windows\system32\msjint40.dll
2009-11-22 17:16:43 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-11-22 17:16:43 ----A---- C:\Windows\system32\l2nacp.dll
2009-11-22 17:16:43 ----A---- C:\Windows\system32\ftp.exe
2009-11-22 17:16:43 ----A---- C:\Windows\system32\eapp3hst.dll
2009-11-22 17:16:43 ----A---- C:\Windows\system32\dmusic.dll
2009-11-22 17:16:43 ----A---- C:\Windows\system32\cscapi.dll
2009-11-22 17:16:42 ----A---- C:\Windows\system32\wsdchngr.dll
2009-11-22 17:16:42 ----A---- C:\Windows\system32\cscdll.dll
2009-11-22 17:16:41 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-11-22 17:16:41 ----A---- C:\Windows\system32\bthci.dll
2009-11-22 17:16:40 ----A---- C:\Windows\system32\Storprop.dll
2009-11-22 17:16:40 ----A---- C:\Windows\system32\rasdial.exe
2009-11-22 17:16:40 ----A---- C:\Windows\system32\rasdiag.dll
2009-11-22 17:16:40 ----A---- C:\Windows\system32\fdWCN.dll
2009-11-22 17:16:40 ----A---- C:\Windows\system32\dot3cfg.dll
2009-11-22 17:16:40 ----A---- C:\Windows\system32\bthudtask.exe
2009-11-22 17:16:39 ----A---- C:\Windows\system32\ipconfig.exe
2009-11-22 17:16:39 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-11-22 17:16:39 ----A---- C:\Windows\system32\eappcfg.dll
2009-11-22 17:16:38 ----A---- C:\Windows\system32\tscupgrd.exe
2009-11-22 17:16:38 ----A---- C:\Windows\system32\slcinst.dll
2009-11-22 17:16:38 ----A---- C:\Windows\system32\nslookup.exe
2009-11-22 17:16:38 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-11-22 17:16:37 ----A---- C:\Windows\system32\eappgnui.dll
2009-11-22 17:16:36 ----A---- C:\Windows\system32\ocsetup.exe
2009-11-22 17:16:36 ----A---- C:\Windows\system32\hbaapi.dll
2009-11-22 17:16:36 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-11-22 17:16:36 ----A---- C:\Windows\system32\fdeploy.dll
2009-11-22 17:16:35 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-11-22 17:16:35 ----A---- C:\Windows\system32\mmcico.dll
2009-11-22 17:16:34 ----A---- C:\Windows\system32\gpupdate.exe
2009-11-22 17:16:34 ----A---- C:\Windows\system32\cbsra.exe
2009-11-22 17:16:33 ----A---- C:\Windows\system32\NcdProp.dll
2009-11-22 17:16:33 ----A---- C:\Windows\system32\iscsilog.dll
2009-11-22 17:16:33 ----A---- C:\Windows\system32\csrstub.exe
2009-11-22 17:16:33 ----A---- C:\Windows\system32\bitsigd.dll
2009-11-22 17:16:32 ----A---- C:\Windows\system32\winrnr.dll
2009-11-22 17:16:32 ----A---- C:\Windows\system32\vdmdbg.dll
2009-11-22 17:16:32 ----A---- C:\Windows\system32\slwga.dll
2009-11-22 17:16:32 ----A---- C:\Windows\system32\odbcconf.dll
2009-11-22 17:16:32 ----A---- C:\Windows\system32\inetppui.dll
2009-11-22 17:16:31 ----A---- C:\Windows\system32\midimap.dll
2009-11-22 17:16:26 ----A---- C:\Windows\system32\msimsg.dll
2009-11-22 17:16:26 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-11-22 17:15:31 ----A---- C:\Windows\system32\SmiEngine.dll
2009-11-22 17:15:07 ----A---- C:\Windows\system32\wdscore.dll
2009-11-22 17:15:07 ----A---- C:\Windows\system32\PkgMgr.exe
2009-11-22 17:14:04 ----A---- C:\Windows\system32\drvstore.dll

======List of files/folders modified in the last 1 months======

2009-12-21 19:12:23 ----D---- C:\Windows\temp
2009-12-21 19:05:43 ----RD---- C:\Program Files
2009-12-21 19:05:08 ----D---- C:\Program Files\Auslogics
2009-12-21 18:58:34 ----D---- C:\Program Files\Mozilla Firefox

Kutinecka · #2 Příspěvek od **Kutinecka** » 21 pro 2009 19:19

2009-12-21 18:56:39 ----D---- C:\Windows\Prefetch
2009-12-21 18:46:31 ----D---- C:\Windows
2009-12-21 18:22:21 ----D---- C:\Windows\System32
2009-12-21 18:22:21 ----D---- C:\Windows\inf
2009-12-21 18:22:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-20 15:02:23 ----SHD---- C:\Windows\Installer
2009-12-19 15:17:02 ----D---- C:\Windows\system32\catroot2
2009-12-19 15:14:06 ----SHD---- C:\System Volume Information
2009-12-19 15:13:53 ----D---- C:\Windows\system32\config
2009-12-18 19:11:16 ----D---- C:\Windows\system32\drivers
2009-12-18 19:11:14 ----HD---- C:\ProgramData
2009-12-18 19:10:49 ----D---- C:\Users\Katka\AppData\Roaming\Auslogics
2009-12-18 17:51:32 ----D---- C:\ProgramData\NVIDIA
2009-12-18 17:47:03 ----D---- C:\Windows\system32\catroot
2009-12-18 17:38:36 ----D---- C:\Windows\Debug
2009-12-18 17:04:56 ----D---- C:\Users\Katka\AppData\Roaming\DataLayer
2009-12-18 16:18:54 ----D---- C:\Program Files\Nokia
2009-12-18 16:17:05 ----D---- C:\Users\Katka\AppData\Roaming\Nokia
2009-12-12 21:10:51 ----SD---- C:\Windows\Downloaded Program Files
2009-12-12 21:09:51 ----D---- C:\Windows\winsxs
2009-12-11 15:41:37 ----D---- C:\Windows\rescache
2009-12-11 13:28:29 ----D---- C:\Windows\system32\migration
2009-12-11 13:28:29 ----D---- C:\Windows\system32\cs-CZ
2009-12-11 13:28:29 ----D---- C:\Program Files\Windows Mail
2009-12-11 13:28:29 ----D---- C:\Program Files\Internet Explorer
2009-12-06 18:58:36 ----D---- C:\Windows\Microsoft.NET
2009-12-06 18:58:31 ----RSD---- C:\Windows\assembly
2009-12-06 18:22:31 ----D---- C:\Windows\system32\Tasks
2009-12-05 20:22:16 ----D---- C:\Windows\system32\wbem
2009-12-05 20:22:14 ----D---- C:\Windows\system32\zh-TW
2009-12-05 20:22:14 ----D---- C:\Windows\system32\zh-HK
2009-12-05 20:22:14 ----D---- C:\Windows\system32\zh-CN
2009-12-05 20:22:14 ----D---- C:\Windows\system32\uk-UA
2009-12-05 20:22:14 ----D---- C:\Windows\system32\tr-TR
2009-12-05 20:22:14 ----D---- C:\Windows\system32\th-TH
2009-12-05 20:22:14 ----D---- C:\Windows\system32\sv-SE
2009-12-05 20:22:14 ----D---- C:\Windows\system32\sr-Latn-CS
2009-12-05 20:22:14 ----D---- C:\Windows\system32\sl-SI
2009-12-05 20:22:14 ----D---- C:\Windows\system32\sk-SK
2009-12-05 20:22:14 ----D---- C:\Windows\system32\ru-RU
2009-12-05 20:22:14 ----D---- C:\Windows\system32\ro-RO
2009-12-05 20:22:14 ----D---- C:\Windows\system32\pt-PT
2009-12-05 20:22:14 ----D---- C:\Windows\system32\pt-BR
2009-12-05 20:22:14 ----D---- C:\Windows\system32\pl-PL
2009-12-05 20:22:14 ----D---- C:\Windows\system32\nl-NL
2009-12-05 20:22:14 ----D---- C:\Windows\system32\nb-NO
2009-12-05 20:22:14 ----D---- C:\Windows\system32\lv-LV
2009-12-05 20:22:14 ----D---- C:\Windows\system32\lt-LT
2009-12-05 20:22:14 ----D---- C:\Windows\system32\ko-KR
2009-12-05 20:22:14 ----D---- C:\Windows\system32\ja-JP
2009-12-05 20:22:14 ----D---- C:\Windows\system32\it-IT
2009-12-05 20:22:14 ----D---- C:\Windows\system32\hu-HU
2009-12-05 20:22:14 ----D---- C:\Windows\system32\hr-HR
2009-12-05 20:22:14 ----D---- C:\Windows\system32\he-IL
2009-12-05 20:22:14 ----D---- C:\Windows\system32\fr-FR
2009-12-05 20:22:14 ----D---- C:\Windows\system32\fi-FI
2009-12-05 20:22:14 ----D---- C:\Windows\system32\et-EE
2009-12-05 20:22:14 ----D---- C:\Windows\system32\es-ES
2009-12-05 20:22:14 ----D---- C:\Windows\system32\en-US
2009-12-05 20:22:14 ----D---- C:\Windows\system32\el-GR
2009-12-05 20:22:14 ----D---- C:\Windows\system32\de-DE
2009-12-05 20:22:14 ----D---- C:\Windows\system32\da-DK
2009-12-05 20:22:14 ----D---- C:\Windows\system32\bg-BG
2009-12-05 20:22:14 ----D---- C:\Windows\system32\ar-SA
2009-12-04 21:25:27 ----SHD---- C:\Boot
2009-12-04 21:13:59 ----D---- C:\Program Files\Windows Sidebar
2009-12-04 21:13:59 ----D---- C:\Program Files\Windows Calendar
2009-12-04 21:13:59 ----D---- C:\Program Files\Movie Maker
2009-12-04 21:13:58 ----D---- C:\Program Files\Windows Photo Gallery
2009-12-04 21:13:58 ----D---- C:\Program Files\Windows Media Player
2009-12-04 21:13:58 ----D---- C:\Program Files\Windows Journal
2009-12-04 21:13:58 ----D---- C:\Program Files\Windows Collaboration
2009-12-04 21:13:58 ----D---- C:\Program Files\Common Files\System
2009-12-04 21:13:56 ----D---- C:\Windows\servicing
2009-12-04 21:13:56 ----D---- C:\Windows\ehome
2009-12-04 21:13:56 ----D---- C:\Program Files\Windows Defender
2009-12-04 21:13:51 ----D---- C:\Windows\system32\XPSViewer
2009-12-04 21:13:51 ----D---- C:\Windows\IME
2009-12-04 21:13:50 ----D---- C:\Windows\system32\oobe
2009-12-04 21:13:49 ----D---- C:\Windows\system32\setup
2009-12-04 21:13:49 ----D---- C:\Windows\system32\cs
2009-12-04 21:13:49 ----D---- C:\Windows\system32\AdvancedInstallers
2009-12-04 21:13:47 ----D---- C:\Windows\system32\SLUI
2009-12-04 21:13:46 ----D---- C:\Windows\system32\manifeststore
2009-12-04 21:13:44 ----D---- C:\Windows\system32\migwiz
2009-12-04 21:13:34 ----RSD---- C:\Windows\Fonts
2009-12-04 21:13:34 ----D---- C:\Windows\AppPatch
2009-12-04 21:13:28 ----D---- C:\Windows\system32\Boot
2009-12-04 21:11:39 ----D---- C:\Windows\system32\RTCOM
2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-28 21:18:14 ----D---- C:\yBook
2009-11-25 16:26:01 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-25 16:02:40 ----D---- C:\Program Files\Common Files
2009-11-25 00:54:29 ----A---- C:\Windows\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-10-25 278984]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-10-25 25416]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-04-13 228224]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:\Windows\system32\drivers\HCW85BDA.sys [2007-06-11 968064]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-11 1793880]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-12-03 38224]
R3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-06-26 9777376]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 a8cmun7f;a8cmun7f; C:\Windows\system32\drivers\a8cmun7f.sys []
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2007-08-24 15872]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-01-30 17480]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 Nokia USB Generic;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2006-05-29 127488]
S3 Nokia USB Port;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcj.sys [2006-05-29 13312]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-06-01 47360]
S3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-05-24 61440]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-06-26 211488]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc); C:\Windows\system32\pr2ah4nc.exe [2007-05-18 407152]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2007-11-12 77944]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-05-11 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-03 74656]
S3 VundoFixSvc;VundoFix Service; C:\Windows\system32\VundoFixSVC.exe [2008-02-22 24576]

-----------------EOF-----------------

#3 Příspěvek od **motji** » 21 pro 2009 21:25

Dobrý večer

Můžu vidět log z mbamu?

Kutinecka · #4 Příspěvek od **Kutinecka** » 23 pro 2009 13:14

po hodině a půl vyplivnul tohle. přitom našel 32 konfliktů,ale pak napsal něco ve smyslu, že nastala chyba a že nepodporuje písmo Arial...zkusím to ještě přes rychlou kontrolu

Malwarebytes' Anti-Malware 1.42
Verze databáze: 3385
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

23.12.2009 11:41:55
mbam-log-2009-12-23 (11-41-55).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 17
Uplynulý čas: 28 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Kutinecka · #5 Příspěvek od **Kutinecka** » 23 pro 2009 13:27

z rychlé kontroly vypadlo aspoň tohle:

Malwarebytes' Anti-Malware 1.42
Verze databáze: 3385
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

23.12.2009 13:26:50
mbam-log-2009-12-23 (13-26-43).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 109095
Uplynulý čas: 3 minute(s), 56 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 19
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 3
Infikované soubory: 10

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3935b537-3e6d-04ed-abb3-acb16a699e3b} (Rogue.Multiple) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ba2020ce-af34-4b1a-82d4-507c7f002079} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba2020ce-af34-4b1a-82d4-507c7f002079} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\WinPCDoctor (Rogue.WinPCDoctor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AntiVirusPro (Rogue.AntiVirusPro) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
C:\Program Files\ThunMail (Trojan.Agent) -> No action taken.
C:\Users\Jarda\AppData\Roaming\CC\faq (Rogue.ControlCenter) -> No action taken.
C:\Users\Jarda\AppData\Roaming\CC\faq\images (Rogue.ControlCenter) -> No action taken.

Infikované soubory:
C:\Users\Jarda\AppData\Roaming\CC\faq\guide.html (Rogue.ControlCenter) -> No action taken.
C:\Users\Jarda\AppData\Roaming\CC\faq\images\05.png (Rogue.ControlCenter) -> No action taken.
C:\Users\Jarda\AppData\Roaming\CC\faq\images\06.png (Rogue.ControlCenter) -> No action taken.
C:\Users\Jarda\AppData\Roaming\CC\faq\images\07.png (Rogue.ControlCenter) -> No action taken.
C:\Users\Jarda\AppData\Roaming\CC\faq\images\08.png (Rogue.ControlCenter) -> No action taken.
C:\Users\Jarda\AppData\Roaming\CC\faq\images\09.png (Rogue.ControlCenter) -> No action taken.
C:\Users\Jarda\AppData\Roaming\CC\faq\images\10.png (Rogue.ControlCenter) -> No action taken.
C:\Users\Jarda\Favorites\VIP Casino.url (Rogue.Link) -> No action taken.
C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\AntiSpyKit 5.2.lnk (Rogue.AntiSpyKit) -> No action taken.
C:\Windows\System32\system.EXE (Spyware.OnlineGames) -> No action taken.

Kutinecka · #6 Příspěvek od **Kutinecka** » 23 pro 2009 14:52

tady je konečně log z kompletního skenu MBAM:

Malwarebytes' Anti-Malware 1.42
Verze databáze: 3385
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

23.12.2009 14:51:26
mbam-log-2009-12-23 (14-51-21).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 344004
Uplynulý čas: 1 hour(s), 19 minute(s), 29 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 19
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 3
Infikované soubory: 10

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3935b537-3e6d-04ed-abb3-acb16a699e3b} (Rogue.Multiple) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ba2020ce-af34-4b1a-82d4-507c7f002079} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba2020ce-af34-4b1a-82d4-507c7f002079} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\WinPCDoctor (Rogue.WinPCDoctor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AntiVirusPro (Rogue.AntiVirusPro) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
C:\Program Files\ThunMail (Trojan.Agent) -> No action taken.
C:\Users\Jarda\AppData\Roaming\CC\faq (Rogue.ControlCenter) -> No action taken.
C:\Users\Jarda\AppData\Roaming\CC\faq\images (Rogue.ControlCenter) -> No action taken.

Infikované soubory:
C:\Users\Jarda\AppData\Roaming\CC\faq\guide.html (Rogue.ControlCenter) -> No action taken.
C:\Users\Jarda\AppData\Roaming\CC\faq\images\05.png (Rogue.ControlCenter) -> No action taken.
C:\Users\Jarda\AppData\Roaming\CC\faq\images\06.png (Rogue.ControlCenter) -> No action taken.
C:\Users\Jarda\AppData\Roaming\CC\faq\images\07.png (Rogue.ControlCenter) -> No action taken.
C:\Users\Jarda\AppData\Roaming\CC\faq\images\08.png (Rogue.ControlCenter) -> No action taken.
C:\Users\Jarda\AppData\Roaming\CC\faq\images\09.png (Rogue.ControlCenter) -> No action taken.
C:\Users\Jarda\AppData\Roaming\CC\faq\images\10.png (Rogue.ControlCenter) -> No action taken.
C:\Users\Jarda\Favorites\VIP Casino.url (Rogue.Link) -> No action taken.
C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\AntiSpyKit 5.2.lnk (Rogue.AntiSpyKit) -> No action taken.
C:\Windows\System32\system.EXE (Spyware.OnlineGames) -> No action taken.

#7 Příspěvek od **motji** » 23 pro 2009 17:02

Všechno smažte

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem

Kutinecka · #8 Příspěvek od **Kutinecka** » 24 pro 2009 15:13

MBAM odmítá smazat naezené soubory, napíše chybu error 7" out of memory a úplně se uazvře. CmboFix měl problémy se spustit, sám si restartoval počítač,ale naknec to zkontroloval. tady je log:

ComboFix 09-12-23.05 - Katka 24.12.2009 14:21:19.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.1079 [GMT 1:00]
Spuštěný z: c:\users\Katka\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081121-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081121-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ThunMail
c:\users\Jarda\AppData\Roaming\CC
c:\users\Jarda\AppData\Roaming\CC\faq\guide.html
c:\users\Jarda\AppData\Roaming\CC\faq\images\05.png
c:\users\Jarda\AppData\Roaming\CC\faq\images\06.png
c:\users\Jarda\AppData\Roaming\CC\faq\images\07.png
c:\users\Jarda\AppData\Roaming\CC\faq\images\08.png
c:\users\Jarda\AppData\Roaming\CC\faq\images\09.png
c:\users\Jarda\AppData\Roaming\CC\faq\images\10.png
c:\users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\AntiSpyKit 5.2.lnk
c:\users\Jarda\Favorites\VIP Casino.url
c:\users\Katka\AppData\Roaming\inst.exe
c:\windows\desktop
c:\windows\desktop\Play Rogue Squadron.lnk
c:\windows\search_res.txt
c:\windows\system32\anlkkruu.ini
c:\windows\system32\AntiVirusPro.exe.log
c:\windows\system32\anwcytuj.ini
c:\windows\system32\docjhenc.ini
c:\windows\system32\eghkj.ini
c:\windows\system32\jtjqvidd.ini
c:\windows\system32\kbsouuxy.ini
c:\windows\system32\kmd.exe
c:\windows\system32\kwxkarrx.ini
c:\windows\system32\mskucsmx.ini
c:\windows\system32\onnmp.ini
c:\windows\system32\ppsut.ini
c:\windows\system32\ruvut.ini
c:\windows\system32\scbewqdw.ini
c:\windows\system32\sdiancdg.ini
c:\windows\system32\slyojsqn.ini
c:\windows\system32\supkaqut.ini
c:\windows\system32\suwvw.ini
c:\windows\system32\svycf.ini
c:\windows\system32\system.exe
c:\windows\system32\uxabc.ini
c:\windows\system32\vmtfbusc.ini
c:\windows\system32\wsfrkdnj.ini
c:\windows\system32\wtqlsiey.ini
c:\windows\system32\xnhjvegv.ini
c:\windows\system32\xsyofthv.ini

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-24 do 2009-12-24 )))))))))))))))))))))))))))))))
.

2009-12-24 13:32 . 2009-12-24 13:32 -------- d-----w- c:\users\Katka\AppData\Local\temp
2009-12-24 13:32 . 2009-12-24 13:32 -------- d-----w- c:\users\Jarda\AppData\Local\temp
2009-12-24 13:32 . 2009-12-24 13:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-23 14:32 . 2009-12-23 14:33 -------- d-----w- c:\users\Jarda\AppData\Local\Adobe
2009-12-21 20:22 . 2009-12-21 20:22 -------- d-----w- c:\users\Jarda\AppData\Roaming\Auslogics
2009-12-21 18:05 . 2009-12-21 18:13 -------- d-----w- c:\program files\trend micro
2009-12-21 18:05 . 2009-12-21 18:05 -------- d-----w- C:\rsit
2009-12-18 18:11 . 2009-12-18 18:11 -------- d-----w- c:\users\Katka\AppData\Roaming\Malwarebytes
2009-12-18 18:11 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 18:11 . 2009-12-18 18:11 -------- d-----w- c:\programdata\Malwarebytes
2009-12-18 18:11 . 2009-12-18 18:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 18:11 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-18 07:08 . 2009-12-18 07:08 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-12 20:06 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 20:06 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-12 20:06 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 06:35 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-05 19:22 . 2009-12-05 19:22 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-05 19:19 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-12-05 19:19 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-12-05 19:19 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-12-05 19:17 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-05 19:17 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-05 19:17 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-04 20:13 . 2009-12-04 20:13 -------- d-----w- c:\windows\system32\ca-ES
2009-12-04 20:13 . 2009-12-04 20:13 -------- d-----w- c:\windows\system32\eu-ES
2009-12-04 20:13 . 2009-12-04 20:13 -------- d-----w- c:\windows\system32\vi-VN
2009-12-03 21:44 . 2009-12-03 21:44 -------- d-----w- c:\program files\MyPlayCity.com
2009-11-26 10:24 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 15:03 . 2001-05-04 09:05 505104 ----a-r- c:\windows\system32\msxml.dll
2009-11-25 15:03 . 2002-10-17 08:35 26096 ----a-r- c:\windows\system32\xmlinst.exe
2009-11-25 15:03 . 2002-01-07 14:30 24576 ----a-r- c:\windows\system32\msxml3a.dll
2009-11-25 15:03 . 2001-05-04 09:05 28432 ----a-r- c:\windows\system32\msxmlr.dll
2009-11-25 15:03 . 2000-03-17 06:21 36864 ----a-r- c:\windows\system32\xmlparse.dll
2009-11-25 15:03 . 2000-03-17 06:21 69632 ----a-r- c:\windows\system32\xmltok.dll
2009-11-25 15:03 . 1998-06-17 22:00 89360 ----a-r- c:\windows\system32\VB5DB.DLL
2009-11-25 15:02 . 2009-11-25 15:02 -------- d-----w- c:\users\Jarda\AppData\Roaming\ubi.com
2009-11-25 15:02 . 2001-07-30 17:03 185344 ----a-w- c:\windows\patchw32.dll
2009-11-25 15:02 . 2009-11-25 15:02 -------- d-----w- c:\program files\ubi.com
2009-11-25 15:02 . 2009-11-25 15:02 -------- d-----w- c:\program files\Common Files\PocketSoft
2009-11-25 14:50 . 2009-11-25 15:03 -------- d-----w- c:\program files\Ubi Soft
2009-11-25 14:50 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 14:50 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 13:26 . 2007-09-07 04:20 601854 ----a-w- c:\windows\system32\perfh005.dat
2009-12-24 13:26 . 2007-09-07 04:20 115998 ----a-w- c:\windows\system32\perfc005.dat
2009-12-24 13:19 . 2009-05-25 17:34 48127 ----a-w- c:\programdata\nvModes.dat
2009-12-24 13:18 . 2007-11-13 13:10 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-21 18:05 . 2009-10-18 08:47 -------- d-----w- c:\program files\Auslogics
2009-12-18 18:10 . 2009-10-18 08:47 -------- d-----w- c:\users\Katka\AppData\Roaming\Auslogics
2009-12-18 16:51 . 2007-09-06 19:10 -------- d-----w- c:\programdata\NVIDIA
2009-12-18 16:04 . 2008-08-01 16:03 -------- d-----w- c:\users\Katka\AppData\Roaming\DataLayer
2009-12-18 15:18 . 2008-03-10 17:04 -------- d-----w- c:\program files\Nokia
2009-12-18 15:17 . 2007-11-16 20:17 -------- d-----w- c:\users\Katka\AppData\Roaming\Nokia
2009-12-18 15:16 . 2009-12-18 15:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-11 12:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-05 19:22 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-05 19:21 . 2009-12-05 19:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-04 20:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-04 20:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-04 20:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-04 20:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-04 20:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-04 20:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-11-29 20:39 . 2009-08-22 20:25 -------- d-----w- c:\users\Jarda\AppData\Roaming\Any Video Converter
2009-11-27 16:18 . 2007-11-11 15:47 136984 ----a-w- c:\users\Katka\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-25 15:26 . 2007-09-06 19:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-24 23:54 . 2007-11-18 11:50 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2008-03-31 18:03 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-03-31 18:03 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2007-11-18 11:50 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2007-11-18 11:50 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-11-18 11:50 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-11-18 11:50 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 06:40 . 2009-12-10 06:37 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 06:37 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-10 06:37 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-10 06:37 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 20:00 . 2009-10-18 08:42 -------- d-----w- c:\programdata\McAfee Security Scan
2009-11-17 20:00 . 2008-05-14 11:11 -------- d-----w- c:\program files\Total Immersion Racing
2009-11-17 20:00 . 2007-11-12 20:39 -------- d-----w- c:\program files\Scorpions WinCheater
2009-11-17 20:00 . 2009-10-18 08:42 -------- d-----w- c:\program files\McAfee Security Scan
2009-11-17 20:00 . 2009-05-06 19:52 -------- d-----w- c:\program files\RegCleaner
2009-11-17 20:00 . 2007-12-19 12:27 -------- d-----w- c:\program files\LimeWire
2009-11-17 20:00 . 2008-05-12 16:05 -------- d-----w- c:\program files\Electronic Arts
2009-11-17 20:00 . 2008-01-31 09:02 -------- d-----w- c:\program files\Counter-Strike Source
2009-11-17 19:28 . 2009-11-17 19:28 -------- d-----w- c:\program files\Wintuneup Pro
2009-11-17 19:26 . 2009-11-17 19:26 -------- d-----w- c:\program files\Marcos Velasco Security
2009-11-17 19:25 . 2009-11-17 19:25 -------- d-----w- c:\program files\Čistič
2009-11-15 16:03 . 2009-09-02 09:06 -------- d-----w- c:\users\Jarda\AppData\Roaming\DMCache
2009-11-15 15:28 . 2009-11-15 15:28 -------- d-----w- c:\program files\HWiNFO32
2009-11-02 19:42 . 2009-10-03 07:13 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 14:01 . 2007-11-12 05:36 136984 ----a-w- c:\users\Jarda\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-25 19:35 . 2009-10-25 19:35 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-10-25 19:35 . 2009-10-25 19:35 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-10-25 19:31 . 2009-10-25 19:31 -------- d-----w- c:\program files\Playlogic
2009-10-01 01:02 . 2009-12-05 19:18 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-12-05 19:18 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-12-05 19:18 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:01 . 2009-12-05 19:18 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-12-05 19:18 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-12-05 19:18 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-12-05 19:18 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-12-05 19:18 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-12-05 19:18 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-12-05 19:18 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-12-05 19:18 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-12-05 19:18 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-12-05 19:18 33280 ----a-w- c:\windows\system32\WpdConns.dll
2006-05-03 10:06 . 2009-01-28 12:08 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-01-28 12:08 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-01-28 12:08 216064 --sh--r- c:\windows\System32\nbDX.dll
2007-09-07 04:35 . 2007-09-07 04:22 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-09-25 54672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

c:\users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ubisoft register.lnk - c:\program files\Ubi Soft\Register\schedule.exe [2009-11-25 32768]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d2,76,cd,4d,1f,75,ca,01

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\System32\drivers\pe3ah4nc.sys [18.5.2007 20:53 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\System32\drivers\ps6ah4nc.sys [18.5.2007 20:52 55160]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [31.3.2008 19:03 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [31.3.2008 19:03 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [18.11.2007 12:50 53328]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9.7.2008 19:44 222456]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\System32\drivers\HCW85BDA.sys [6.9.2007 20:06 968064]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [12.11.2007 21:25 685816]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\System32\drivers\BthAvrcp.sys [24.8.2007 19:34 15872]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [25.4.2008 15:09 21504]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [18.12.2009 19:11 38224]
S3 VundoFixSvc;VundoFix Service;VundoFixSVC.exe --> VundoFixSVC.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Doplňkový sken -------
.
uStart Page = start.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = about:blank
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: {86F570D7-5BD7-4788-824B-E8C1B999D779} = 208.67.220.220,208.67.222.222
TCP: {8BA235F3-7780-4702-BD2E-812028FD118C} = 208.67.220.220,208.67.222.222
TCP: {8EC5E20A-C416-4A7F-827B-2E766726E6CD} = 208.67.220.220,208.67.222.222
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam.i2net.cz:8080/activex/AMC.cab
FF - ProfilePath - c:\users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\ah62wrkd.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-LucasArts' Rogue Squadron - c:\program files\LucasArts\ROGUE\DeIsL1.isu

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-24 14:32
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-12-24 14:36:21
ComboFix-quarantined-files.txt 2009-12-24 13:36

Před spuštěním: Volných bajtů: 116 112 531 456
Po spuštění: Volných bajtů: 117 529 051 136

- - End Of File - - 7E96175E1480299AA0EC7B198C820D13

#9 Příspěvek od **motji** » 24 pro 2009 22:28

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

Kutinecka · #10 Příspěvek od **Kutinecka** » 27 pro 2009 12:45

mám jenom otázku, sken AVPTool jede už přes dvě hodiny a pořád je tam 1%. sice to může trvat pár hodin,ale není tohle přece jen trochu pomalé?

#11 Příspěvek od **motji** » 27 pro 2009 12:49

to je, ale pak to může přeskočit na víc procent. Pokud by to přesto nešlo dál, zkuste sken webcureitem, viz můj podpis

Kutinecka · #12 Příspěvek od **Kutinecka** » 27 pro 2009 17:13

Autoscan: completed 17 minutes ago (events: 8, objects: 437180, time: 06:24:21)
27.12.2009 10:31:53 Task started
27.12.2009 13:14:49 Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Jarda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\21fb6c01-51143df5
27.12.2009 13:14:52 Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Jarda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\40bf31a1-76e8f0ca
27.12.2009 13:14:52 Detected: Exploit.Java.ByteVerify C:\Documents and Settings\Jarda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\693f3c4-7ac778c1
27.12.2009 13:15:49 Deleted: Exploit.Java.ByteVerify C:\Documents and Settings\Jarda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\21fb6c01-51143df5
27.12.2009 13:15:50 Deleted: Exploit.Java.ByteVerify C:\Documents and Settings\Jarda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\693f3c4-7ac778c1
27.12.2009 13:15:50 Deleted: Exploit.Java.ByteVerify C:\Documents and Settings\Jarda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\40bf31a1-76e8f0ca
27.12.2009 16:56:14 Task completed

#13 Příspěvek od **motji** » 27 pro 2009 18:34

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
Extra::
DDS::
Start Page = start.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = about:blank
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
Firefox::
FF - ProfilePath - c:\users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\ah62wrkd.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Vypněte rezident u defenderu, máte už Spybot, praly by se

Spusťte program Windows Defender klepnutím na tlačítko Start - Všechny programy a potom klepnutím na položku Windows Defender.

Klepněte na nabídku Nástroje a pak na příkaz Možnosti.
Ve skupinovém rámečku Možnosti ochrany v reálném čase vyškrtněte políčko Použít ochranu v reálném čase .

Jak to vypadá s počítačem?

Kutinecka · #14 Příspěvek od **Kutinecka** » 28 pro 2009 10:06

ComboFix 09-12-23.05 - Katka 28.12.2009 9:46.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.1452 [GMT 1:00]
Spuštěný z: c:\users\Katka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Katka\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 081121-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081121-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-28 )))))))))))))))))))))))))))))))
.

2009-12-28 08:54 . 2009-12-28 08:54 -------- d-----w- c:\users\Katka\AppData\Local\temp
2009-12-28 08:54 . 2009-12-28 08:54 -------- d-----w- c:\users\Jarda\AppData\Local\temp
2009-12-28 08:54 . 2009-12-28 08:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-27 09:19 . 2009-12-27 09:26 -------- d-----w- c:\programdata\Kaspersky Lab
2009-12-25 20:46 . 2009-12-25 20:46 -------- d-----w- c:\users\Katka\AppData\Local\Adobe
2009-12-21 20:22 . 2009-12-21 20:22 -------- d-----w- c:\users\Jarda\AppData\Roaming\Auslogics
2009-12-21 18:05 . 2009-12-21 18:13 -------- d-----w- c:\program files\trend micro
2009-12-21 18:05 . 2009-12-21 18:05 -------- d-----w- C:\rsit
2009-12-18 18:11 . 2009-12-18 18:11 -------- d-----w- c:\users\Katka\AppData\Roaming\Malwarebytes
2009-12-18 18:11 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 18:11 . 2009-12-18 18:11 -------- d-----w- c:\programdata\Malwarebytes
2009-12-18 18:11 . 2009-12-18 18:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 18:11 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-18 07:08 . 2009-12-18 07:08 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-12 20:06 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 20:06 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-12 20:06 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 06:35 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-05 19:22 . 2009-12-05 19:22 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-05 19:19 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-12-05 19:19 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-12-05 19:19 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-12-05 19:17 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-05 19:17 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-05 19:17 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-04 20:13 . 2009-12-04 20:13 -------- d-----w- c:\windows\system32\ca-ES
2009-12-04 20:13 . 2009-12-04 20:13 -------- d-----w- c:\windows\system32\eu-ES
2009-12-04 20:13 . 2009-12-04 20:13 -------- d-----w- c:\windows\system32\vi-VN
2009-12-03 21:44 . 2009-12-03 21:44 -------- d-----w- c:\program files\MyPlayCity.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 08:32 . 2009-05-25 17:34 48127 ----a-w- c:\programdata\nvModes.dat
2009-12-28 08:31 . 2007-11-13 13:10 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-25 20:44 . 2007-09-07 04:20 601854 ----a-w- c:\windows\system32\perfh005.dat
2009-12-25 20:44 . 2007-09-07 04:20 115998 ----a-w- c:\windows\system32\perfc005.dat
2009-12-21 18:05 . 2009-10-18 08:47 -------- d-----w- c:\program files\Auslogics
2009-12-18 18:10 . 2009-10-18 08:47 -------- d-----w- c:\users\Katka\AppData\Roaming\Auslogics
2009-12-18 16:51 . 2007-09-06 19:10 -------- d-----w- c:\programdata\NVIDIA
2009-12-18 16:04 . 2008-08-01 16:03 -------- d-----w- c:\users\Katka\AppData\Roaming\DataLayer
2009-12-18 15:18 . 2008-03-10 17:04 -------- d-----w- c:\program files\Nokia
2009-12-18 15:17 . 2007-11-16 20:17 -------- d-----w- c:\users\Katka\AppData\Roaming\Nokia
2009-12-18 15:16 . 2009-12-18 15:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-11 12:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-05 19:22 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-05 19:21 . 2009-12-05 19:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-04 20:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-04 20:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-04 20:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-04 20:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-04 20:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-04 20:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-11-29 20:39 . 2009-08-22 20:25 -------- d-----w- c:\users\Jarda\AppData\Roaming\Any Video Converter
2009-11-27 16:18 . 2007-11-11 15:47 136984 ----a-w- c:\users\Katka\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-25 15:26 . 2007-09-06 19:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-25 15:03 . 2009-11-25 14:50 -------- d-----w- c:\program files\Ubi Soft
2009-11-25 15:02 . 2009-11-25 15:02 -------- d-----w- c:\users\Jarda\AppData\Roaming\ubi.com
2009-11-25 15:02 . 2009-11-25 15:02 -------- d-----w- c:\program files\ubi.com
2009-11-25 15:02 . 2009-11-25 15:02 -------- d-----w- c:\program files\Common Files\PocketSoft
2009-11-24 23:54 . 2007-11-18 11:50 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2008-03-31 18:03 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-03-31 18:03 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2007-11-18 11:50 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2007-11-18 11:50 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-11-18 11:50 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-11-18 11:50 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 06:40 . 2009-12-10 06:37 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 06:37 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-10 06:37 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-10 06:37 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 20:00 . 2009-10-18 08:42 -------- d-----w- c:\programdata\McAfee Security Scan
2009-11-17 20:00 . 2008-05-14 11:11 -------- d-----w- c:\program files\Total Immersion Racing
2009-11-17 20:00 . 2007-11-12 20:39 -------- d-----w- c:\program files\Scorpions WinCheater
2009-11-17 20:00 . 2009-10-18 08:42 -------- d-----w- c:\program files\McAfee Security Scan
2009-11-17 20:00 . 2009-05-06 19:52 -------- d-----w- c:\program files\RegCleaner
2009-11-17 20:00 . 2007-12-19 12:27 -------- d-----w- c:\program files\LimeWire
2009-11-17 20:00 . 2008-05-12 16:05 -------- d-----w- c:\program files\Electronic Arts
2009-11-17 20:00 . 2008-01-31 09:02 -------- d-----w- c:\program files\Counter-Strike Source
2009-11-17 19:28 . 2009-11-17 19:28 -------- d-----w- c:\program files\Wintuneup Pro
2009-11-17 19:26 . 2009-11-17 19:26 -------- d-----w- c:\program files\Marcos Velasco Security
2009-11-17 19:25 . 2009-11-17 19:25 -------- d-----w- c:\program files\Čistič
2009-11-15 16:03 . 2009-09-02 09:06 -------- d-----w- c:\users\Jarda\AppData\Roaming\DMCache
2009-11-15 15:28 . 2009-11-15 15:28 -------- d-----w- c:\program files\HWiNFO32
2009-11-02 19:42 . 2009-10-03 07:13 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 14:01 . 2007-11-12 05:36 136984 ----a-w- c:\users\Jarda\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-29 09:17 . 2009-11-26 10:24 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-25 19:35 . 2009-10-25 19:35 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-10-25 19:35 . 2009-10-25 19:35 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-10-01 01:02 . 2009-12-05 19:18 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-12-05 19:18 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-12-05 19:18 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:01 . 2009-12-05 19:18 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-12-05 19:18 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-12-05 19:18 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-12-05 19:18 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-12-05 19:18 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-12-05 19:18 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-12-05 19:18 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-12-05 19:18 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-12-05 19:18 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-12-05 19:18 33280 ----a-w- c:\windows\system32\WpdConns.dll
2006-05-03 10:06 . 2009-01-28 12:08 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-01-28 12:08 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-01-28 12:08 216064 --sh--r- c:\windows\System32\nbDX.dll
2007-09-07 04:35 . 2007-09-07 04:22 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-09-25 54672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

c:\users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ubisoft register.lnk - c:\program files\Ubi Soft\Register\schedule.exe [2009-11-25 32768]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d2,76,cd,4d,1f,75,ca,01

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\System32\drivers\pe3ah4nc.sys [18.5.2007 20:53 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\System32\drivers\ps6ah4nc.sys [18.5.2007 20:52 55160]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [31.3.2008 19:03 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [31.3.2008 19:03 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [18.11.2007 12:50 53328]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9.7.2008 19:44 222456]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\System32\drivers\HCW85BDA.sys [6.9.2007 20:06 968064]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [12.11.2007 21:25 685816]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\System32\drivers\BthAvrcp.sys [24.8.2007 19:34 15872]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [25.4.2008 15:09 21504]
S3 VundoFixSvc;VundoFix Service;VundoFixSVC.exe --> VundoFixSVC.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Doplňkový sken -------
.
uStart Page = start.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: {86F570D7-5BD7-4788-824B-E8C1B999D779} = 208.67.220.220,208.67.222.222
TCP: {8BA235F3-7780-4702-BD2E-812028FD118C} = 208.67.220.220,208.67.222.222
TCP: {8EC5E20A-C416-4A7F-827B-2E766726E6CD} = 208.67.220.220,208.67.222.222
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam.i2net.cz:8080/activex/AMC.cab
FF - ProfilePath - c:\users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\ah62wrkd.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 09:54
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-12-28 09:57:16
ComboFix-quarantined-files.txt 2009-12-28 08:57

Před spuštěním: Volných bajtů: 121 681 932 288
Po spuštění: Volných bajtů: 121 637 015 552

- - End Of File - - 9FF6CBB27F6EEA69D7258978CE7D26C5

počítač zatím nezlobil, až na MBAM. zkusím jej znovu projet a uvidím, co provede. mám sem pak dát log?

#15 Příspěvek od **motji** » 28 pro 2009 10:17

VIRY.CZ

prosím o "preventivku"- tady toho bude hodně

prosím o "preventivku"- tady toho bude hodně

Re: prosím o "preventivku"- tady toho bude hodně

Re: prosím o "preventivku"- tady toho bude hodně

Re: prosím o "preventivku"- tady toho bude hodně

Re: prosím o "preventivku"- tady toho bude hodně

Re: prosím o "preventivku"- tady toho bude hodně

Re: prosím o "preventivku"- tady toho bude hodně

Re: prosím o "preventivku"- tady toho bude hodně

Re: prosím o "preventivku"- tady toho bude hodně

Re: prosím o "preventivku"- tady toho bude hodně

Re: prosím o "preventivku"- tady toho bude hodně

Re: prosím o "preventivku"- tady toho bude hodně

Re: prosím o "preventivku"- tady toho bude hodně

Re: prosím o "preventivku"- tady toho bude hodně

Re: prosím o "preventivku"- tady toho bude hodně