Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

win32 rustock

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
parom
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 26 bře 2010 14:20

win32 rustock

#1 Příspěvek od parom »

Dobry den

NOD32 detekoval infiltraciu Win32/rustock, ale neda sa liecit.

log z Rsitu:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Vlastník at 2010-03-26 14:16:59
Microsoft Windows XP Home Edition
System drive C: has 7 GB (28%) free of 26 GB
Total RAM: 1023 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:17:14, on 26. 3. 2010
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\System32\WTClient.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\HP CP1700PS RIP\Program\App2.exe
C:\Program Files\TotalCmd\TOTALCMD.EXE
C:\Program Files\Winamp\Winamp.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Documents and Settings\Vlastník\Plocha\RSIT.exe
C:\Program Files\trend micro\Vlastník.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP00364 - {2F16DE49-9D33-4849-B812-2ED38C9BCE15} - (no file)
O2 - BHO: (no name) - {34062413-1ABA-8EA5-618A-024C27617594} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Par1284] C:\Program Files\HP CP1700PS RIP\Program\1284Inst.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [qbknyjgd] rundll32.exe "C:\Program Files\qbknyjgd\kbuxstyp.dll",Init
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP CP1700PS RIP.lnk = C:\Program Files\HP CP1700PS RIP\Program\App2.exe
O12 - Plugin for .azetmail[1]: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F20FEF9-2338-418C-826E-5D23B820FA5C}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: windtl32 - windtl32.dll (file missing)
O20 - Winlogon Notify: wintuh32 - wintuh32.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O22 - SharedTaskScheduler: {93ac7c30-3878-4eaa-9420-7977285df5b1} - cinnamomum - (no file)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9ae0ead15d878) (gupdate1c9ae0ead15d878) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 7268 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-11 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F16DE49-9D33-4849-B812-2ED38C9BCE15}]
XBTP00364 Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34062413-1ABA-8EA5-618A-024C27617594}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-25 325048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2010-02-16 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 147456]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-19 2403392]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINDOWS\System32\msdxm.ocx [2001-11-05 846608]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2010-02-16 2349080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2004-04-06 1298542]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Par1284"=C:\Program Files\HP CP1700PS RIP\Program\1284Inst.exe [2003-03-10 36864]
"C-Media Mixer"=Mixer.exe /startup []
"OrderReminder"=C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2006-01-30 98304]
"qbknyjgd"=C:\Program Files\qbknyjgd\kbuxstyp.dll,Init []
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"WTClient"=C:\WINDOWS\system32\WTClient.exe [2007-04-11 40960]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2001-08-02 1077277]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-25 68856]
"ctfmon.exe"=C:\WINDOWS\System32\ctfmon.exe [2001-10-25 13312]

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP CP1700PS RIP.lnk - C:\Program Files\HP CP1700PS RIP\Program\App2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\windtl32]
windtl32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wintuh32]
wintuh32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
{93ac7c30-3878-4eaa-9420-7977285df5b1} - cinnamomum

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-03-26 12:55:32 ----D---- C:\Program Files\trend micro
2010-03-26 12:55:30 ----D---- C:\rsit
2010-03-26 11:03:28 ----A---- C:\WINDOWS\ScanSpyware.INI
2010-03-26 10:50:28 ----D---- C:\Documents and Settings\Vlastník\Data aplikací\ScanSpyware
2010-03-25 11:23:42 ----D---- C:\WINDOWS\System32\MpEngineStore
2010-03-18 09:13:38 ----A---- C:\WINDOWS\System32\hlvdd.dll
2010-03-18 09:07:32 ----A---- C:\WINDOWS\System32\SignLab6R.ini

======List of files/folders modified in the last 1 months======

2010-03-26 14:13:33 ----A---- C:\WINDOWS\WINCMD.INI
2010-03-26 14:11:56 ----D---- C:\WINDOWS\System32\CatRoot2
2010-03-26 14:11:35 ----D---- C:\WINDOWS\Prefetch
2010-03-26 14:10:40 ----RSHDC---- C:\WINDOWS\System32\dllcache
2010-03-26 14:10:00 ----D---- C:\WINDOWS\system32
2010-03-26 14:08:04 ----D---- C:\Documents and Settings\Vlastník\Data aplikací\Skype
2010-03-26 13:58:55 ----D---- C:\WINDOWS\Temp
2010-03-26 13:54:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-26 13:53:56 ----D---- C:\WINDOWS\Debug
2010-03-26 13:53:36 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-26 13:13:32 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2010-03-26 13:12:18 ----AD---- C:\Program Files
2010-03-26 13:11:30 ----SHD---- C:\Config.Msi
2010-03-26 13:11:30 ----D---- C:\WINDOWS
2010-03-26 13:11:30 ----D---- C:\Program Files\Common Files
2010-03-26 13:11:26 ----D---- C:\WINDOWS\System32\drivers
2010-03-26 13:11:26 ----D---- C:\Program Files\Lavasoft
2010-03-26 13:10:57 ----SHD---- C:\WINDOWS\Installer
2010-03-26 12:14:30 ----D---- C:\WINDOWS\Minidump
2010-03-26 10:04:37 ----AC---- C:\WINDOWS\barcode.ini
2010-03-26 07:35:44 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-25 09:36:36 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-03-25 09:19:04 ----D---- C:\Program Files\Opera
2010-03-25 08:40:11 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Adobe
2010-03-24 10:47:30 ----D---- C:\Documents and Settings\Vlastník\Data aplikací\The Bat!
2010-03-19 08:14:30 ----D---- C:\Documents and Settings\Vlastník\Data aplikací\Adobe
2010-03-18 11:20:23 ----A---- C:\WINDOWS\FontMgr.ini
2010-03-18 10:05:06 ----RSD---- C:\WINDOWS\Fonts
2010-03-18 09:13:38 ----A---- C:\WINDOWS\System32\haspvdd.dll
2010-03-18 09:07:39 ----A---- C:\WINDOWS\win.ini
2010-03-15 13:39:56 ----D---- C:\Program Files\OpenOffice.org1.1.4
2010-03-08 13:17:33 ----D---- C:\Program Files\Metin2_CZ
2010-03-05 13:25:17 ----D---- C:\Documents and Settings\Vlastník\Data aplikací\AdobeUM
2010-03-04 07:06:03 ----D---- C:\Program Files\pics-factory Toolbar
2010-03-01 21:30:14 ----AC---- C:\WINDOWS\System32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-04-06 25600]
R1 NmPar;MosChip Unusable Parallel Port; C:\WINDOWS\System32\DRIVERS\NmPar.sys [2006-10-11 76416]
R1 nmserial;MosChip PCI Serial Port; C:\WINDOWS\System32\DRIVERS\nmserial.sys [2006-10-12 60032]
R2 eamon;eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 hardlock;hardlock; \??\C:\WINDOWS\System32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\System32\drivers\Haspnt.sys []
R2 Par1284;Par1284; \??\C:\Program Files\HP CP1700PS RIP\Program\Par1284.sys []
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-22 73728]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 G400;G400; C:\WINDOWS\System32\DRIVERS\G400m.sys [2001-10-24 322432]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mf;mf; C:\WINDOWS\System32\DRIVERS\mf.sys [2001-10-25 62208]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2001-08-17 23070]
R3 TClass2k;Tablet Class Driver; C:\WINDOWS\System32\DRIVERS\TClass2k.sys [2007-04-23 18432]
R3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\System32\DRIVERS\UCTblHid.sys [2007-05-31 12800]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2001-10-25 50688]
R3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2001-08-17 24832]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2001-10-25 18944]
R4 InCDfs;InCD File System; C:\WINDOWS\System32\drivers\InCDfs.sys [2004-04-06 89472]
S2 Machnm32;Machnm32 Driver; \??\C:\WINDOWS\System32\Machnm32.sys []
S3 CADlink;CADlink; \??\C:\CADlink\SignLab5\CADlink.sys []
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2001-08-17 205056]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4ufd;HP Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\hppaufd0.sys [2001-10-22 17600]
S3 mkusb;Mimaki Plotter USB Port Controller (mkusb.sys); C:\WINDOWS\System32\Drivers\mkusb.sys [2003-06-12 93824]
S3 NIC2000;USB-USB Network Bridge Adapter; C:\WINDOWS\System32\DRIVERS\NIC2000.sys [2001-11-05 5766]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 StMp3Rec;Player Recovery Device Control Driver; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2004-11-19 68222]
S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys [2007-04-23 17920]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2001-08-17 13824]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-17 21760]
S3 UtilNT;UtilNT; \??\C:\WINDOWS\system32\drivers\UtilNT.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-04-06 929904]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2001-10-25 12800]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R2 WinTabService;WinTab Service; C:\WINDOWS\System32\Drivers\WTSRV.EXE [2007-05-31 53248]
S2 gupdate1c9ae0ead15d878;Google Update Service (gupdate1c9ae0ead15d878); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-26 133104]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 138168]

-----------------EOF-----------------

parom
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 26 bře 2010 14:20

Re: win32 rustock

#2 Příspěvek od parom »

Ahoj, sa ospravedlnujem, cez week som nebol na pc. Tu je log. Pocas scanovania program zmazal 3 data, jeden priamo na C a dva v C/WINDOWS/ ..., ale nenapisem vam ake to boli :( Vopred dakujem za ochotu :)

(ja som pre zmenu na pc od 7 - 16 h, asi sa budeme takto minat z prac dôvodov)


ComboFix 10-03-28.02 - Vlastník . 03. 2010 10:32:55.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.0.1250.420.1029.18.1023.644 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vlastník\Plocha\abraka.com.exe
.
/wow section - STAGE 4


((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\COMMON~1\{3067B~1
c:\progra~1\PICS-F~1\tbHElper.dll
c:\program files\Helper
c:\recycler\S-1-5-21-299502267-1177238915-725345543-500
C:\Thumbs.db
c:\windows\system32\components
c:\windows\system32\ieuinit.inf
c:\windows\system32\xpdx.sys

c:\windows\system32\qmgr.dll . . . je infikován!!

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_xpdx


((((((((((((((((((((((((( Soubory vytvořené od 2010-02-28 do 2010-03-29 )))))))))))))))))))))))))))))))
.

2010-03-26 11:55 . 2010-03-26 13:17 -------- d-----w- c:\program files\trend micro
2010-03-26 11:55 . 2010-03-26 11:56 -------- d-----w- C:\rsit
2010-03-25 10:23 . 2010-03-25 10:23 -------- d-----w- c:\windows\system32\MpEngineStore
2010-03-18 08:13 . 2010-03-18 08:13 291328 ----a-w- c:\windows\system32\hlvdd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 08:40 . 2001-10-25 12:00 46016 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 08:40 . 2001-10-25 12:00 309716 ----a-w- c:\windows\system32\perfh005.dat
2010-03-29 08:36 . 2007-08-07 08:11 -------- d-----w- c:\program files\pics-factory Toolbar
2010-03-26 13:43 . 2006-04-25 10:18 2496 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-26 12:53 . 2007-12-07 10:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-26 12:11 . 2008-05-21 05:47 -------- d-----w- c:\program files\Lavasoft
2010-03-25 08:19 . 2008-09-16 07:57 -------- d-----w- c:\program files\Opera
2010-03-18 08:13 . 2005-05-27 11:11 6656 ----a-w- c:\windows\system32\haspvdd.dll
2010-03-18 08:13 . 2005-05-27 11:11 383 ----a-w- c:\windows\system32\haspdos.sys
2010-03-18 08:13 . 2005-05-27 11:11 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2010-03-15 12:39 . 2005-06-23 06:54 -------- d-----w- c:\program files\OpenOffice.org1.1.4
2010-02-26 09:05 . 2007-08-22 09:04 2608 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-01 12:24 . 2006-04-12 10:16 -------- d-----w- c:\program files\Google
2004-03-11 11:27 . 2004-11-17 14:13 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-02-16 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-02-16 07:00 2349080 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-02-16 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-02-16 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-04-06 1298542]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Par1284"="c:\program files\HP CP1700PS RIP\Program\1284Inst.exe" [2003-03-10 36864]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe [2003-7-17 217180]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-5-27 110592]
HP CP1700PS RIP.lnk - c:\program files\HP CP1700PS RIP\Program\App2.exe [2004-7-16 2707456]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14. 5. 2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14. 5. 2009 15:49 94360]
R1 NmPar;MosChip Unusable Parallel Port;c:\windows\system32\drivers\NmPar.sys [24. 10. 2007 10:51 76416]
R1 nmserial;MosChip PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [24. 10. 2007 10:51 60032]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14. 5. 2009 15:47 731840]
S2 gupdate1c9ae0ead15d878;Google Update Service (gupdate1c9ae0ead15d878);c:\program files\Google\Update\GoogleUpdate.exe [26. 3. 2009 14:30 133104]
S3 mkusb;Mimaki Plotter USB Port Controller (mkusb.sys);c:\windows\system32\drivers\mkusb.sys [12. 6. 2003 10:36 93824]
S3 NIC2000;USB-USB Network Bridge Adapter;c:\windows\system32\drivers\NIC2000.SYS [22. 10. 2007 13:11 5766]
S3 UtilNT;UtilNT;c:\windows\system32\drivers\utilnt.sys [27. 5. 2005 12:17 5533]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ALG
*NewlyCreated* - IPNAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 12:30]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 12:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {3F20FEF9-2338-418C-826E-5D23B820FA5C} = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-qbknyjgd - c:\program files\qbknyjgd\kbuxstyp.dll
HKU-Default-Run-CTFMON.EXE - c:\windows\System32\CTFMON.EXE
Notify-windtl32 - windtl32.dll
Notify-wintuh32 - wintuh32.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-29 10:39
Windows 5.1.2600 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1229272821-1303643608-725345543-1003\Software\Corel\WritingTools\9.1\User Word Lists\í*o]
"Selected UWL"=hex:02,00

[HKEY_USERS\S-1-5-21-1229272821-1303643608-725345543-1003\Software\Corel\WritingTools\9.1\User Word Lists\í*o\Word List 0]
"Name"="c:\\Documents and Settings\\Vlastník\\Dokumenty\\Corel User Files\\WT9_1íů.UWL"
"Enabled"=hex:01,00,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(476)
c:\windows\system32\ODBC32.dll

- - - - - - - > 'lsass.exe'(536)
c:\windows\System32\dssenh.dll
c:\windows\system32\mswsock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\wdfmgr.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\windows\Mixer.exe
c:\windows\System32\WTClient.exe
.
**************************************************************************
.
Celkový čas: 2010-03-29 10:44:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-29 08:44

Před spuštěním: 8 162 701 312
Po spuštění: 8 164 974 592

WinXP_CS_PER_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

- - End Of File - - 29C46D2413469C1D71F014CC513AF71B

parom
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 26 bře 2010 14:20

Re: win32 rustock

#3 Příspěvek od parom »

tu je log z rxchleho skenu:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-29 11:49:44
Windows 5.1.2600
Running: gmer.exe; Driver: C:\DOCUME~1\VLASTN~1\LOCALS~1\Temp\pfdyapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- EOF - GMER 1.0.15 ----




tu je log z neskutzocne dlheho skenu :)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-29 13:21:42
Windows 5.1.2600
Running: gmer.exe; Driver: C:\DOCUME~1\VLASTN~1\LOCALS~1\Temp\pfdyapow.sys


---- System - GMER 1.0.15 ----

SSDT 86F7BA20 ZwAssignProcessToJobObject
SSDT 86F7C5A0 ZwDebugActiveProcess
SSDT 86F7BFD0 ZwDuplicateObject
SSDT 86F7B160 ZwOpenProcess
SSDT 86F7B460 ZwOpenThread
SSDT 86F7BE60 ZwProtectVirtualMemory
SSDT 86F7BD00 ZwSetContextThread
SSDT 86F7BB80 ZwSetInformationThread
SSDT 86F78A50 ZwSetSecurityObject
SSDT 86F7B8C0 ZwSuspendProcess
SSDT 86F7B760 ZwSuspendThread
SSDT 86F7B2F0 ZwTerminateProcess
SSDT 86F7B5F0 ZwTerminateThread
SSDT 86F7C3F0 ZwWriteVirtualMemory

INT 0x06 \??\C:\WINDOWS\System32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) F137E16D
INT 0x0E \??\C:\WINDOWS\System32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) F137DFC2

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\GEAbstractBalloonCoClass.GEAbstract\CLSID@ {B1068D20-A431-4dba-B1F8-990621E8A762}
Reg HKLM\SOFTWARE\Classes\GEAbstractBalloonCoClass.GEAbstract\CurVer@ GEAbstractBalloonCoClass.GEAbstract.1.0
Reg HKLM\SOFTWARE\Classes\GEAbstractBalloonCoClass.GEAbstract.1.0\CLSID@ {B1068D20-A431-4dba-B1F8-990621E8A762}
Reg HKLM\SOFTWARE\Classes\GEBalloonState_CoClass.GEBalloonSta\CLSID@ {B29922E4-4279-4319-8153-6064BA4609AF}
Reg HKLM\SOFTWARE\Classes\GEBalloonState_CoClass.GEBalloonSta\CurVer@ GEBalloonState_CoClass.GEBalloonSta.1.0
Reg HKLM\SOFTWARE\Classes\GEBalloonState_CoClass.GEBalloonSta.1.0\CLSID@ {B29922E4-4279-4319-8153-6064BA4609AF}
Reg HKLM\SOFTWARE\Classes\GEBoundingBoxView_CoClass.GEBoundin\CLSID@ {589c3930-f194-11dd-ba2f-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GEBoundingBoxView_CoClass.GEBoundin\CurVer@ GEBoundingBoxView_CoClass.GEBoundin.1.0
Reg HKLM\SOFTWARE\Classes\GEBoundingBoxView_CoClass.GEBoundin.1.0\CLSID@ {589c3930-f194-11dd-ba2f-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GEEventEmitterCoClass.GEEventEmitte\CLSID@ {26ea376a-51e6-11dc-8314-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GEEventEmitterCoClass.GEEventEmitte\CurVer@ GEEventEmitterCoClass.GEEventEmitte.1.0
Reg HKLM\SOFTWARE\Classes\GEEventEmitterCoClass.GEEventEmitte.1.0\CLSID@ {26ea376a-51e6-11dc-8314-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GEExecuteBatch_CoClass.GEExecuteBat\CLSID@ {2C64651A-7B7F-4ced-A051-16AD65AF57F5}
Reg HKLM\SOFTWARE\Classes\GEExecuteBatch_CoClass.GEExecuteBat\CurVer@ GEExecuteBatch_CoClass.GEExecuteBat.1.0
Reg HKLM\SOFTWARE\Classes\GEExecuteBatch_CoClass.GEExecuteBat.1.0\CLSID@ {2C64651A-7B7F-4ced-A051-16AD65AF57F5}
Reg HKLM\SOFTWARE\Classes\GEFeatureBalloonCoClass.GEFeatureBa\CLSID@ {012B7A17-97C0-4506-B05C-FE051B88ECB7}
Reg HKLM\SOFTWARE\Classes\GEFeatureBalloonCoClass.GEFeatureBa\CurVer@ GEFeatureBalloonCoClass.GEFeatureBa.1.0
Reg HKLM\SOFTWARE\Classes\GEFeatureBalloonCoClass.GEFeatureBa.1.0\CLSID@ {012B7A17-97C0-4506-B05C-FE051B88ECB7}
Reg HKLM\SOFTWARE\Classes\GEFeatureContainerCoClass.GEFeature\CLSID@ {56b61e20-0fc6-11dd-bd0b-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GEFeatureContainerCoClass.GEFeature\CurVer@ GEFeatureContainerCoClass.GEFeature.1.0
Reg HKLM\SOFTWARE\Classes\GEFeatureContainerCoClass.GEFeature.1.0\CLSID@ {56b61e20-0fc6-11dd-bd0b-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GEFeatureView_CoClass.GEFeatureView\CLSID@ {62bf65a0-f193-11dd-ba2f-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GEFeatureView_CoClass.GEFeatureView\CurVer@ GEFeatureView_CoClass.GEFeatureView.1.0
Reg HKLM\SOFTWARE\Classes\GEFeatureView_CoClass.GEFeatureView.1.0\CLSID@ {62bf65a0-f193-11dd-ba2f-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GEFetchKmlHelper_CoClass.GEFetchKml\CLSID@ {288e09a2-927a-49a7-bb24-9481abf8817d}
Reg HKLM\SOFTWARE\Classes\GEFetchKmlHelper_CoClass.GEFetchKml\CurVer@ GEFetchKmlHelper_CoClass.GEFetchKml.1.0
Reg HKLM\SOFTWARE\Classes\GEFetchKmlHelper_CoClass.GEFetchKml.1.0\CLSID@ {288e09a2-927a-49a7-bb24-9481abf8817d}
Reg HKLM\SOFTWARE\Classes\GEGeometryContainerCoClass.GEGeomet\CLSID@ {b1e81530-2120-11dd-bd0b-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GEGeometryContainerCoClass.GEGeomet\CurVer@ GEGeometryContainerCoClass.GEGeomet.1.0
Reg HKLM\SOFTWARE\Classes\GEGeometryContainerCoClass.GEGeomet.1.0\CLSID@ {b1e81530-2120-11dd-bd0b-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GEGlobeCoClass.GEGlobeCoClass\CLSID@ {288e09a2-927a-49a7-bb24-2988abdd83ef}
Reg HKLM\SOFTWARE\Classes\GEGlobeCoClass.GEGlobeCoClass\CurVer@ GEGlobeCoClass.GEGlobeCoClass.1.0
Reg HKLM\SOFTWARE\Classes\GEGlobeCoClass.GEGlobeCoClass.1.0\CLSID@ {288e09a2-927a-49a7-bb24-2988abdd83ef}
Reg HKLM\SOFTWARE\Classes\GEHitTestResultCoClass.GEHitTestRes\CLSID@ {2040ddef-7dd9-4903-a552-dc82c74a3c0f}
Reg HKLM\SOFTWARE\Classes\GEHitTestResultCoClass.GEHitTestRes\CurVer@ GEHitTestResultCoClass.GEHitTestRes.1.0
Reg HKLM\SOFTWARE\Classes\GEHitTestResultCoClass.GEHitTestRes.1.0\CLSID@ {2040ddef-7dd9-4903-a552-dc82c74a3c0f}
Reg HKLM\SOFTWARE\Classes\GEHtmlBalloonCoClass.GEHtmlBalloonC\CLSID@ {A52BFCF1-6B91-4acc-9566-8F018C044E61}
Reg HKLM\SOFTWARE\Classes\GEHtmlBalloonCoClass.GEHtmlBalloonC\CurVer@ GEHtmlBalloonCoClass.GEHtmlBalloonC.1.0
Reg HKLM\SOFTWARE\Classes\GEHtmlBalloonCoClass.GEHtmlBalloonC.1.0\CLSID@ {A52BFCF1-6B91-4acc-9566-8F018C044E61}
Reg HKLM\SOFTWARE\Classes\GEHtmlDivBalloonCoClass.GEHtmlDivBa\CLSID@ {07E8E5BA-2347-47bd-9113-44D275F36205}
Reg HKLM\SOFTWARE\Classes\GEHtmlDivBalloonCoClass.GEHtmlDivBa\CurVer@ GEHtmlDivBalloonCoClass.GEHtmlDivBa.1.0
Reg HKLM\SOFTWARE\Classes\GEHtmlDivBalloonCoClass.GEHtmlDivBa.1.0\CLSID@ {07E8E5BA-2347-47bd-9113-44D275F36205}
Reg HKLM\SOFTWARE\Classes\GEHtmlStringBalloonCoClass.GEHtmlSt\CLSID@ {9C23E22F-BEBE-4e75-86C1-68C08607574B}
Reg HKLM\SOFTWARE\Classes\GEHtmlStringBalloonCoClass.GEHtmlSt\CurVer@ GEHtmlStringBalloonCoClass.GEHtmlSt.1.0
Reg HKLM\SOFTWARE\Classes\GEHtmlStringBalloonCoClass.GEHtmlSt.1.0\CLSID@ {9C23E22F-BEBE-4e75-86C1-68C08607574B}
Reg HKLM\SOFTWARE\Classes\GELinearRingContainerCoClass.GELine\CLSID@ {546864f0-1bf8-11dd-bd0b-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GELinearRingContainerCoClass.GELine\CurVer@ GELinearRingContainerCoClass.GELine.1.0
Reg HKLM\SOFTWARE\Classes\GELinearRingContainerCoClass.GELine.1.0\CLSID@ {546864f0-1bf8-11dd-bd0b-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GEModeler_CoClass.GEModeler_CoClass\CLSID@ {ca5a19c0-c269-11dd-ad8b-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GEModeler_CoClass.GEModeler_CoClass\CurVer@ GEModeler_CoClass.GEModeler_CoClass.1.0
Reg HKLM\SOFTWARE\Classes\GEModeler_CoClass.GEModeler_CoClass.1.0\CLSID@ {ca5a19c0-c269-11dd-ad8b-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GENavigationControlCoClass.GENaviga\CLSID@ {23144a1f-af18-4815-82e0-3d198ef782ab}
Reg HKLM\SOFTWARE\Classes\GENavigationControlCoClass.GENaviga\CurVer@ GENavigationControlCoClass.GENaviga.1.0
Reg HKLM\SOFTWARE\Classes\GENavigationControlCoClass.GENaviga.1.0\CLSID@ {23144a1f-af18-4815-82e0-3d198ef782ab}
Reg HKLM\SOFTWARE\Classes\GEOptionsCoClass.GEOptionsCoClass\CLSID@ {051064bb-aef7-4815-82e0-3d155ff09f8a}
Reg HKLM\SOFTWARE\Classes\GEOptionsCoClass.GEOptionsCoClass\CurVer@ GEOptionsCoClass.GEOptionsCoClass.1.0
Reg HKLM\SOFTWARE\Classes\GEOptionsCoClass.GEOptionsCoClass.1.0\CLSID@ {051064bb-aef7-4815-82e0-3d155ff09f8a}
Reg HKLM\SOFTWARE\Classes\GEPhotoControlCoClass.GEPhotoContro\CLSID@ {EEFEC232-DD4E-4da8-9777-C3AFB8520D73}
Reg HKLM\SOFTWARE\Classes\GEPhotoControlCoClass.GEPhotoContro\CurVer@ GEPhotoControlCoClass.GEPhotoContro.1.0
Reg HKLM\SOFTWARE\Classes\GEPhotoControlCoClass.GEPhotoContro.1.0\CLSID@ {EEFEC232-DD4E-4da8-9777-C3AFB8520D73}
Reg HKLM\SOFTWARE\Classes\GEPhotoOverlayViewerCoClass.GEPhoto\CLSID@ {bb465410-0465-11de-8c30-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GEPhotoOverlayViewerCoClass.GEPhoto\CurVer@ GEPhotoOverlayViewerCoClass.GEPhoto.1.0
Reg HKLM\SOFTWARE\Classes\GEPhotoOverlayViewerCoClass.GEPhoto.1.0\CLSID@ {bb465410-0465-11de-8c30-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GEPhotoOverlayView_CoClass.GEPhotoO\CLSID@ {bbbfd220-f193-11dd-ba2f-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GEPhotoOverlayView_CoClass.GEPhotoO\CurVer@ GEPhotoOverlayView_CoClass.GEPhotoO.1.0
Reg HKLM\SOFTWARE\Classes\GEPhotoOverlayView_CoClass.GEPhotoO.1.0\CLSID@ {bbbfd220-f193-11dd-ba2f-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GEPluginCoClass.GEPluginCoClass\CLSID@ {F9152AEC-3462-4632-8087-EEE3C3CDDA24}
Reg HKLM\SOFTWARE\Classes\GEPluginCoClass.GEPluginCoClass\CurVer@ GEPluginCoClass.GEPluginCoClass.1.0
Reg HKLM\SOFTWARE\Classes\GEPluginCoClass.GEPluginCoClass.1.0\CLSID@ {F9152AEC-3462-4632-8087-EEE3C3CDDA24}
Reg HKLM\SOFTWARE\Classes\GESchemaObjectCoClass.GESchemaObjec\CLSID@ {4060edfe-cc12-489c-9d95-62f7fd9a1a8c}
Reg HKLM\SOFTWARE\Classes\GESchemaObjectCoClass.GESchemaObjec\CurVer@ GESchemaObjectCoClass.GESchemaObjec.1.0
Reg HKLM\SOFTWARE\Classes\GESchemaObjectCoClass.GESchemaObjec.1.0\CLSID@ {4060edfe-cc12-489c-9d95-62f7fd9a1a8c}
Reg HKLM\SOFTWARE\Classes\GESchemaObjectContainerCoClass.GESc\CLSID@ {8de80270-0cd6-11dd-bd0b-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GESchemaObjectContainerCoClass.GESc\CurVer@ GESchemaObjectContainerCoClass.GESc.1.0
Reg HKLM\SOFTWARE\Classes\GESchemaObjectContainerCoClass.GESc.1.0\CLSID@ {8de80270-0cd6-11dd-bd0b-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GESideDatabaseHelper_CoClass.GESide\CLSID@ {CC1B9A74-16E2-4DAC-9FC8-430785F0A452}
Reg HKLM\SOFTWARE\Classes\GESideDatabaseHelper_CoClass.GESide\CurVer@ GESideDatabaseHelper_CoClass.GESide.1.0
Reg HKLM\SOFTWARE\Classes\GESideDatabaseHelper_CoClass.GESide.1.0\CLSID@ {CC1B9A74-16E2-4DAC-9FC8-430785F0A452}
Reg HKLM\SOFTWARE\Classes\GEStyleSelectorContainerCoClass.GES\CLSID@ {03a81800-0cd8-11dd-bd0b-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GEStyleSelectorContainerCoClass.GES\CurVer@ GEStyleSelectorContainerCoClass.GES.1.0
Reg HKLM\SOFTWARE\Classes\GEStyleSelectorContainerCoClass.GES.1.0\CLSID@ {03a81800-0cd8-11dd-bd0b-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GESunCoClass.GESunCoClass\CLSID@ {2938abf2-9123-4112-ba24-38771abbc34c}
Reg HKLM\SOFTWARE\Classes\GESunCoClass.GESunCoClass\CurVer@ GESunCoClass.GESunCoClass.1.0
Reg HKLM\SOFTWARE\Classes\GESunCoClass.GESunCoClass.1.0\CLSID@ {2938abf2-9123-4112-ba24-38771abbc34c}
Reg HKLM\SOFTWARE\Classes\GETourPlayerCoClass.GETourPlayerCoC\CLSID@ {1b9d5a00-f252-11dd-ba2f-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GETourPlayerCoClass.GETourPlayerCoC\CurVer@ GETourPlayerCoClass.GETourPlayerCoC.1.0
Reg HKLM\SOFTWARE\Classes\GETourPlayerCoClass.GETourPlayerCoC.1.0\CLSID@ {1b9d5a00-f252-11dd-ba2f-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GETourView_CoClass.GETourView_CoCla\CLSID@ {a8469360-c168-11dd-ad8b-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GETourView_CoClass.GETourView_CoCla\CurVer@ GETourView_CoClass.GETourView_CoCla.1.0
Reg HKLM\SOFTWARE\Classes\GETourView_CoClass.GETourView_CoCla.1.0\CLSID@ {a8469360-c168-11dd-ad8b-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GEViewCoClass.GEViewCoClass\CLSID@ {f2aa8ff0-0201-11dd-95ff-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GEViewCoClass.GEViewCoClass\CurVer@ GEViewCoClass.GEViewCoClass.1.0
Reg HKLM\SOFTWARE\Classes\GEViewCoClass.GEViewCoClass.1.0\CLSID@ {f2aa8ff0-0201-11dd-95ff-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\GEWindowCoClass.GEWindowCoClass\CLSID@ {288e09a2-927a-49a7-bb24-58e48ebad58c}
Reg HKLM\SOFTWARE\Classes\GEWindowCoClass.GEWindowCoClass\CurVer@ GEWindowCoClass.GEWindowCoClass.1.0
Reg HKLM\SOFTWARE\Classes\GEWindowCoClass.GEWindowCoClass.1.0\CLSID@ {288e09a2-927a-49a7-bb24-58e48ebad58c}
Reg HKLM\SOFTWARE\Classes\KmlAbstractViewCoClass.KmlAbstractV\CLSID@ {a4155c74-d67f-11dc-91f3-896c55d89593}
Reg HKLM\SOFTWARE\Classes\KmlAbstractViewCoClass.KmlAbstractV\CurVer@ KmlAbstractViewCoClass.KmlAbstractV.1.0
Reg HKLM\SOFTWARE\Classes\KmlAbstractViewCoClass.KmlAbstractV.1.0\CLSID@ {a4155c74-d67f-11dc-91f3-896c55d89593}
Reg HKLM\SOFTWARE\Classes\KmlBalloonOpeningEventCoClass.KmlBa\CLSID@ {765ea019-3e9f-4122-90b5-65b68362b814}
Reg HKLM\SOFTWARE\Classes\KmlBalloonOpeningEventCoClass.KmlBa\CurVer@ KmlBalloonOpeningEventCoClass.KmlBa.1.0
Reg HKLM\SOFTWARE\Classes\KmlBalloonOpeningEventCoClass.KmlBa.1.0\CLSID@ {765ea019-3e9f-4122-90b5-65b68362b814}
Reg HKLM\SOFTWARE\Classes\KmlBalloonStyleCoClass.KmlBalloonSt\CLSID@ {5dec30f0-8361-4403-8d65-496a0f1e43cc}
Reg HKLM\SOFTWARE\Classes\KmlBalloonStyleCoClass.KmlBalloonSt\CurVer@ KmlBalloonStyleCoClass.KmlBalloonSt.1.0
Reg HKLM\SOFTWARE\Classes\KmlBalloonStyleCoClass.KmlBalloonSt.1.0\CLSID@ {5dec30f0-8361-4403-8d65-496a0f1e43cc}
Reg HKLM\SOFTWARE\Classes\KmlCameraCoClass.KmlCameraCoClass\CLSID@ {bf356210-dc0b-11dc-95ff-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\KmlCameraCoClass.KmlCameraCoClass\CurVer@ KmlCameraCoClass.KmlCameraCoClass.1.0
Reg HKLM\SOFTWARE\Classes\KmlCameraCoClass.KmlCameraCoClass.1.0\CLSID@ {bf356210-dc0b-11dc-95ff-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\KmlColorCoClass.KmlColorCoClass\CLSID@ {8a2cf8a4-b7ea-484b-bf26-83771abb3281}
Reg HKLM\SOFTWARE\Classes\KmlColorCoClass.KmlColorCoClass\CurVer@ KmlColorCoClass.KmlColorCoClass.1.0
Reg HKLM\SOFTWARE\Classes\KmlColorCoClass.KmlColorCoClass.1.0\CLSID@ {8a2cf8a4-b7ea-484b-bf26-83771abb3281}
Reg HKLM\SOFTWARE\Classes\KmlColorStyleCoClass.KmlColorStyleC\CLSID@ {8a2cf8a4-b7ea-484b-bf26-5172089c88a0}
Reg HKLM\SOFTWARE\Classes\KmlColorStyleCoClass.KmlColorStyleC\CurVer@ KmlColorStyleCoClass.KmlColorStyleC.1.0
Reg HKLM\SOFTWARE\Classes\KmlColorStyleCoClass.KmlColorStyleC.1.0\CLSID@ {8a2cf8a4-b7ea-484b-bf26-5172089c88a0}
Reg HKLM\SOFTWARE\Classes\KmlContainerCoClass.KmlContainerCoC\CLSID@ {DE556AEC-1266-2931-2441-D203819332AF}
Reg HKLM\SOFTWARE\Classes\KmlContainerCoClass.KmlContainerCoC\CurVer@ KmlContainerCoClass.KmlContainerCoC.1.0
Reg HKLM\SOFTWARE\Classes\KmlContainerCoClass.KmlContainerCoC.1.0\CLSID@ {DE556AEC-1266-2931-2441-D203819332AF}
Reg HKLM\SOFTWARE\Classes\KmlCoordArrayCoClass.KmlCoordArrayC\CLSID@ {94b91ab6-ac08-4c5b-9b80-f195024b6923}
Reg HKLM\SOFTWARE\Classes\KmlCoordArrayCoClass.KmlCoordArrayC\CurVer@ KmlCoordArrayCoClass.KmlCoordArrayC.1.0
Reg HKLM\SOFTWARE\Classes\KmlCoordArrayCoClass.KmlCoordArrayC.1.0\CLSID@ {94b91ab6-ac08-4c5b-9b80-f195024b6923}
Reg HKLM\SOFTWARE\Classes\KmlCoordCoClass.KmlCoordCoClass\CLSID@ {F9152AEC-3462-9202-3411-175546271882}
Reg HKLM\SOFTWARE\Classes\KmlCoordCoClass.KmlCoordCoClass\CurVer@ KmlCoordCoClass.KmlCoordCoClass.1.0
Reg HKLM\SOFTWARE\Classes\KmlCoordCoClass.KmlCoordCoClass.1.0\CLSID@ {F9152AEC-3462-9202-3411-175546271882}
Reg HKLM\SOFTWARE\Classes\KmlDocumentCoClass.KmlDocumentCoCla\CLSID@ {1CCCB35C-7924-4244-ADC3-0CCD16034A71}
Reg HKLM\SOFTWARE\Classes\KmlDocumentCoClass.KmlDocumentCoCla\CurVer@ KmlDocumentCoClass.KmlDocumentCoCla.1.0
Reg HKLM\SOFTWARE\Classes\KmlDocumentCoClass.KmlDocumentCoCla.1.0\CLSID@ {1CCCB35C-7924-4244-ADC3-0CCD16034A71}
Reg HKLM\SOFTWARE\Classes\KmlEventCoClass.KmlEventCoClass\CLSID@ {6e7b1428-73a7-420e-9601-bc0fd12f7881}
Reg HKLM\SOFTWARE\Classes\KmlEventCoClass.KmlEventCoClass\CurVer@ KmlEventCoClass.KmlEventCoClass.1.0
Reg HKLM\SOFTWARE\Classes\KmlEventCoClass.KmlEventCoClass.1.0\CLSID@ {6e7b1428-73a7-420e-9601-bc0fd12f7881}
Reg HKLM\SOFTWARE\Classes\KmlExtrudableGeometryCoClass.KmlExt\CLSID@ {49274e02-ac7e-431b-8c24-3005c2f00cb0}
Reg HKLM\SOFTWARE\Classes\KmlExtrudableGeometryCoClass.KmlExt\CurVer@ KmlExtrudableGeometryCoClass.KmlExt.1.0
Reg HKLM\SOFTWARE\Classes\KmlExtrudableGeometryCoClass.KmlExt.1.0\CLSID@ {49274e02-ac7e-431b-8c24-3005c2f00cb0}
Reg HKLM\SOFTWARE\Classes\KmlFeatureCoClass.KmlFeatureCoClass\CLSID@ {F9152AEC-3462-4632-8087-F23539485E40}
Reg HKLM\SOFTWARE\Classes\KmlFeatureCoClass.KmlFeatureCoClass\CurVer@ KmlFeatureCoClass.KmlFeatureCoClass.1.0
Reg HKLM\SOFTWARE\Classes\KmlFeatureCoClass.KmlFeatureCoClass.1.0\CLSID@ {F9152AEC-3462-4632-8087-F23539485E40}
Reg HKLM\SOFTWARE\Classes\KmlFolderCoClass.KmlFolderCoClass\CLSID@ {DE556AEC-F321-1EF3-2441-921ABFEDD133}
Reg HKLM\SOFTWARE\Classes\KmlFolderCoClass.KmlFolderCoClass\CurVer@ KmlFolderCoClass.KmlFolderCoClass.1.0
Reg HKLM\SOFTWARE\Classes\KmlFolderCoClass.KmlFolderCoClass.1.0\CLSID@ {DE556AEC-F321-1EF3-2441-921ABFEDD133}
Reg HKLM\SOFTWARE\Classes\KmlGeometryCoClass.KmlGeometryCoCla\CLSID@ {F9152AEC-3462-4632-8087-F123B498BC3C}
Reg HKLM\SOFTWARE\Classes\KmlGeometryCoClass.KmlGeometryCoCla\CurVer@ KmlGeometryCoClass.KmlGeometryCoCla.1.0
Reg HKLM\SOFTWARE\Classes\KmlGeometryCoClass.KmlGeometryCoCla.1.0\CLSID@ {F9152AEC-3462-4632-8087-F123B498BC3C}
Reg HKLM\SOFTWARE\Classes\KmlGroundOverlayCoClass.KmlGroundOv\CLSID@ {8ABBC112-3462-4632-8087-1199A8BEED11}
Reg HKLM\SOFTWARE\Classes\KmlGroundOverlayCoClass.KmlGroundOv\CurVer@ KmlGroundOverlayCoClass.KmlGroundOv.1.0
Reg HKLM\SOFTWARE\Classes\KmlGroundOverlayCoClass.KmlGroundOv.1.0\CLSID@ {8ABBC112-3462-4632-8087-1199A8BEED11}
Reg HKLM\SOFTWARE\Classes\KmlIconCoClass.KmlIconCoClass\CLSID@ {3a508b42-fffe-4b78-acfd-ef66a94cd156}
Reg HKLM\SOFTWARE\Classes\KmlIconCoClass.KmlIconCoClass\CurVer@ KmlIconCoClass.KmlIconCoClass.1.0
Reg HKLM\SOFTWARE\Classes\KmlIconCoClass.KmlIconCoClass.1.0\CLSID@ {3a508b42-fffe-4b78-acfd-ef66a94cd156}
Reg HKLM\SOFTWARE\Classes\KmlIconStyleCoClass.KmlIconStyleCoC\CLSID@ {f99a79e0-13e1-478a-8836-56add3610c90}
Reg HKLM\SOFTWARE\Classes\KmlIconStyleCoClass.KmlIconStyleCoC\CurVer@ KmlIconStyleCoClass.KmlIconStyleCoC.1.0
Reg HKLM\SOFTWARE\Classes\KmlIconStyleCoClass.KmlIconStyleCoC.1.0\CLSID@ {f99a79e0-13e1-478a-8836-56add3610c90}
Reg HKLM\SOFTWARE\Classes\KmlLabelStyleCoClass.KmlLabelStyleC\CLSID@ {b7a51621-758f-42b7-9365-7f8cbcbbed08}
Reg HKLM\SOFTWARE\Classes\KmlLabelStyleCoClass.KmlLabelStyleC\CurVer@ KmlLabelStyleCoClass.KmlLabelStyleC.1.0
Reg HKLM\SOFTWARE\Classes\KmlLabelStyleCoClass.KmlLabelStyleC.1.0\CLSID@ {b7a51621-758f-42b7-9365-7f8cbcbbed08}
Reg HKLM\SOFTWARE\Classes\KmlLatLonAltBoxCoClass.KmlLatLonAlt\CLSID@ {15beb520-8337-4cb3-97f4-39a8710bc739}
Reg HKLM\SOFTWARE\Classes\KmlLatLonAltBoxCoClass.KmlLatLonAlt\CurVer@ KmlLatLonAltBoxCoClass.KmlLatLonAlt.1.0
Reg HKLM\SOFTWARE\Classes\KmlLatLonAltBoxCoClass.KmlLatLonAlt.1.0\CLSID@ {15beb520-8337-4cb3-97f4-39a8710bc739}
Reg HKLM\SOFTWARE\Classes\KmlLatLonBoxCoClass.KmlLatLonBoxCoC\CLSID@ {15beb520-8337-4cb3-97f4-62e0721371a3}
Reg HKLM\SOFTWARE\Classes\KmlLatLonBoxCoClass.KmlLatLonBoxCoC\CurVer@ KmlLatLonBoxCoClass.KmlLatLonBoxCoC.1.0
Reg HKLM\SOFTWARE\Classes\KmlLatLonBoxCoClass.KmlLatLonBoxCoC.1.0\CLSID@ {15beb520-8337-4cb3-97f4-62e0721371a3}
Reg HKLM\SOFTWARE\Classes\KmlLayerCoClass.KmlLayerCoClass\CLSID@ {399e09a4-826a-49a7-bb24-2988abdd7700}
Reg HKLM\SOFTWARE\Classes\KmlLayerCoClass.KmlLayerCoClass\CurVer@ KmlLayerCoClass.KmlLayerCoClass.1.0
Reg HKLM\SOFTWARE\Classes\KmlLayerCoClass.KmlLayerCoClass.1.0\CLSID@ {399e09a4-826a-49a7-bb24-2988abdd7700}
Reg HKLM\SOFTWARE\Classes\KmlLayerRootCoClass.KmlLayerRootCoC\CLSID@ {048313F0-A816-11DC-8EBB-C0CA56D89593}
Reg HKLM\SOFTWARE\Classes\KmlLayerRootCoClass.KmlLayerRootCoC\CurVer@ KmlLayerRootCoClass.KmlLayerRootCoC.1.0
Reg HKLM\SOFTWARE\Classes\KmlLayerRootCoClass.KmlLayerRootCoC.1.0\CLSID@ {048313F0-A816-11DC-8EBB-C0CA56D89593}
Reg HKLM\SOFTWARE\Classes\KmlLinearRingCoClass.KmlLinearRingC\CLSID@ {B918AB28-1266-2931-E9A2-837488ABC211}
Reg HKLM\SOFTWARE\Classes\KmlLinearRingCoClass.KmlLinearRingC\CurVer@ KmlLinearRingCoClass.KmlLinearRingC.1.0
Reg HKLM\SOFTWARE\Classes\KmlLinearRingCoClass.KmlLinearRingC.1.0\CLSID@ {B918AB28-1266-2931-E9A2-837488ABC211}
Reg HKLM\SOFTWARE\Classes\KmlLineStringCoClass.KmlLineStringC\CLSID@ {DE556AEC-1266-2931-2441-0BFC47A92DD2}
Reg HKLM\SOFTWARE\Classes\KmlLineStringCoClass.KmlLineStringC\CurVer@ KmlLineStringCoClass.KmlLineStringC.1.0
Reg HKLM\SOFTWARE\Classes\KmlLineStringCoClass.KmlLineStringC.1.0\CLSID@ {DE556AEC-1266-2931-2441-0BFC47A92DD2}
Reg HKLM\SOFTWARE\Classes\KmlLineStyleCoClass.KmlLineStyleCoC\CLSID@ {e0ccee92-6573-4549-9721-5cfd87360a01}
Reg HKLM\SOFTWARE\Classes\KmlLineStyleCoClass.KmlLineStyleCoC\CurVer@ KmlLineStyleCoClass.KmlLineStyleCoC.1.0
Reg HKLM\SOFTWARE\Classes\KmlLineStyleCoClass.KmlLineStyleCoC.1.0\CLSID@ {e0ccee92-6573-4549-9721-5cfd87360a01}
Reg HKLM\SOFTWARE\Classes\KmlLinkCoClass.KmlLinkCoClass\CLSID@ {b692b1c4-8973-4db8-9fce-9813a057ed09}
Reg HKLM\SOFTWARE\Classes\KmlLinkCoClass.KmlLinkCoClass\CurVer@ KmlLinkCoClass.KmlLinkCoClass.1.0
Reg HKLM\SOFTWARE\Classes\KmlLinkCoClass.KmlLinkCoClass.1.0\CLSID@ {b692b1c4-8973-4db8-9fce-9813a057ed09}
Reg HKLM\SOFTWARE\Classes\KmlListStyleCoClass.KmlListStyleCoC\CLSID@ {f3b378cc-345e-4435-a1b3-788455599c7b}
Reg HKLM\SOFTWARE\Classes\KmlListStyleCoClass.KmlListStyleCoC\CurVer@ KmlListStyleCoClass.KmlListStyleCoC.1.0
Reg HKLM\SOFTWARE\Classes\KmlListStyleCoClass.KmlListStyleCoC.1.0\CLSID@ {f3b378cc-345e-4435-a1b3-788455599c7b}
Reg HKLM\SOFTWARE\Classes\KmlLocationCoClass.KmlLocationCoCla\CLSID@ {7C730856-A82B-11DC-91EB-7AC855D89593}
Reg HKLM\SOFTWARE\Classes\KmlLocationCoClass.KmlLocationCoCla\CurVer@ KmlLocationCoClass.KmlLocationCoCla.1.0
Reg HKLM\SOFTWARE\Classes\KmlLocationCoClass.KmlLocationCoCla.1.0\CLSID@ {7C730856-A82B-11DC-91EB-7AC855D89593}
Reg HKLM\SOFTWARE\Classes\KmlLodCoClass.KmlLodCoClass\CLSID@ {b50f4299-76e8-475e-b4b6-34b30bd89619}
Reg HKLM\SOFTWARE\Classes\KmlLodCoClass.KmlLodCoClass\CurVer@ KmlLodCoClass.KmlLodCoClass.1.0
Reg HKLM\SOFTWARE\Classes\KmlLodCoClass.KmlLodCoClass.1.0\CLSID@ {b50f4299-76e8-475e-b4b6-34b30bd89619}
Reg HKLM\SOFTWARE\Classes\KmlLookAtCoClass.KmlLookAtCoClass\CLSID@ {F9152AEC-3462-4632-8087-F1232355FD63}
Reg HKLM\SOFTWARE\Classes\KmlLookAtCoClass.KmlLookAtCoClass\CurVer@ KmlLookAtCoClass.KmlLookAtCoClass.1.0
Reg HKLM\SOFTWARE\Classes\KmlLookAtCoClass.KmlLookAtCoClass.1.0\CLSID@ {F9152AEC-3462-4632-8087-F1232355FD63}
Reg HKLM\SOFTWARE\Classes\KmlModelCoClass.KmlModelCoClass\CLSID@ {38d274e5-9232-4444-915e-9a5731409fd3}
Reg HKLM\SOFTWARE\Classes\KmlModelCoClass.KmlModelCoClass\CurVer@ KmlModelCoClass.KmlModelCoClass.1.0
Reg HKLM\SOFTWARE\Classes\KmlModelCoClass.KmlModelCoClass.1.0\CLSID@ {38d274e5-9232-4444-915e-9a5731409fd3}
Reg HKLM\SOFTWARE\Classes\KmlMouseEventCoClass.KmlMouseEventC\CLSID@ {397d6d52-48dc-4fa5-9736-7afb30ca2850}
Reg HKLM\SOFTWARE\Classes\KmlMouseEventCoClass.KmlMouseEventC\CurVer@ KmlMouseEventCoClass.KmlMouseEventC.1.0
Reg HKLM\SOFTWARE\Classes\KmlMouseEventCoClass.KmlMouseEventC.1.0\CLSID@ {397d6d52-48dc-4fa5-9736-7afb30ca2850}
Reg HKLM\SOFTWARE\Classes\KmlMultiGeometryCoClass.KmlMultiGeo\CLSID@ {82eafae0-1bf8-11dd-bd0b-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\KmlMultiGeometryCoClass.KmlMultiGeo\CurVer@ KmlMultiGeometryCoClass.KmlMultiGeo.1.0
Reg HKLM\SOFTWARE\Classes\KmlMultiGeometryCoClass.KmlMultiGeo.1.0\CLSID@ {82eafae0-1bf8-11dd-bd0b-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\KmlNetworkLinkCoClass.KmlNetworkLin\CLSID@ {ebe69a72-7483-410c-b50c-2b40885e6f5b}
Reg HKLM\SOFTWARE\Classes\KmlNetworkLinkCoClass.KmlNetworkLin\CurVer@ KmlNetworkLinkCoClass.KmlNetworkLin.1.0
Reg HKLM\SOFTWARE\Classes\KmlNetworkLinkCoClass.KmlNetworkLin.1.0\CLSID@ {ebe69a72-7483-410c-b50c-2b40885e6f5b}
Reg HKLM\SOFTWARE\Classes\KmlObjectBaseCoClass.KmlObjectBaseC\CLSID@ {1d7ca30a-3d39-435f-9507-702fe5309312}
Reg HKLM\SOFTWARE\Classes\KmlObjectBaseCoClass.KmlObjectBaseC\CurVer@ KmlObjectBaseCoClass.KmlObjectBaseC.1.0
Reg HKLM\SOFTWARE\Classes\KmlObjectBaseCoClass.KmlObjectBaseC.1.0\CLSID@ {1d7ca30a-3d39-435f-9507-702fe5309312}
Reg HKLM\SOFTWARE\Classes\KmlObjectCoClass.KmlObjectCoClass\CLSID@ {F9152AEC-3462-4632-8087-F235A566FE30}
Reg HKLM\SOFTWARE\Classes\KmlObjectCoClass.KmlObjectCoClass\CurVer@ KmlObjectCoClass.KmlObjectCoClass.1.0
Reg HKLM\SOFTWARE\Classes\KmlObjectCoClass.KmlObjectCoClass.1.0\CLSID@ {F9152AEC-3462-4632-8087-F235A566FE30}
Reg HKLM\SOFTWARE\Classes\KmlObjectListCoClass.KmlObjectListC\CLSID@ {33393037-2a45-4449-a0ab-4e5f2beff220}
Reg HKLM\SOFTWARE\Classes\KmlObjectListCoClass.KmlObjectListC\CurVer@ KmlObjectListCoClass.KmlObjectListC.1.0
Reg HKLM\SOFTWARE\Classes\KmlObjectListCoClass.KmlObjectListC.1.0\CLSID@ {33393037-2a45-4449-a0ab-4e5f2beff220}
Reg HKLM\SOFTWARE\Classes\KmlOrientationCoClass.KmlOrientatio\CLSID@ {38c744ab-b64a-4df1-8871-d3479155fadf}
Reg HKLM\SOFTWARE\Classes\KmlOrientationCoClass.KmlOrientatio\CurVer@ KmlOrientationCoClass.KmlOrientatio.1.0
Reg HKLM\SOFTWARE\Classes\KmlOrientationCoClass.KmlOrientatio.1.0\CLSID@ {38c744ab-b64a-4df1-8871-d3479155fadf}
Reg HKLM\SOFTWARE\Classes\KmlOverlayCoClass.KmlOverlayCoClass\CLSID@ {F9152AEC-3462-4632-8087-F23CA598FF34}
Reg HKLM\SOFTWARE\Classes\KmlOverlayCoClass.KmlOverlayCoClass\CurVer@ KmlOverlayCoClass.KmlOverlayCoClass.1.0
Reg HKLM\SOFTWARE\Classes\KmlOverlayCoClass.KmlOverlayCoClass.1.0\CLSID@ {F9152AEC-3462-4632-8087-F23CA598FF34}
Reg HKLM\SOFTWARE\Classes\KmlPhotoOverlayCoClass.KmlPhotoOver\CLSID@ {00ab1ef0-c172-11dd-ad8b-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\KmlPhotoOverlayCoClass.KmlPhotoOver\CurVer@ KmlPhotoOverlayCoClass.KmlPhotoOver.1.0
Reg HKLM\SOFTWARE\Classes\KmlPhotoOverlayCoClass.KmlPhotoOver.1.0\CLSID@ {00ab1ef0-c172-11dd-ad8b-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\KmlPlacemarkCoClass.KmlPlacemarkCoC\CLSID@ {F912DCEC-3462-4632-8087-FEEFB45AE521}
Reg HKLM\SOFTWARE\Classes\KmlPlacemarkCoClass.KmlPlacemarkCoC\CurVer@ KmlPlacemarkCoClass.KmlPlacemarkCoC.1.0
Reg HKLM\SOFTWARE\Classes\KmlPlacemarkCoClass.KmlPlacemarkCoC.1.0\CLSID@ {F912DCEC-3462-4632-8087-FEEFB45AE521}
Reg HKLM\SOFTWARE\Classes\KmlPointCoClass.KmlPointCoClass\CLSID@ {DE556AEC-1266-7632-8087-9847DEFB2172}
Reg HKLM\SOFTWARE\Classes\KmlPointCoClass.KmlPointCoClass\CurVer@ KmlPointCoClass.KmlPointCoClass.1.0
Reg HKLM\SOFTWARE\Classes\KmlPointCoClass.KmlPointCoClass.1.0\CLSID@ {DE556AEC-1266-7632-8087-9847DEFB2172}
Reg HKLM\SOFTWARE\Classes\KmlPolygonCoClass.KmlPolygonCoClass\CLSID@ {2a9990a5-e235-4ae6-972c-edc30b6192e5}
Reg HKLM\SOFTWARE\Classes\KmlPolygonCoClass.KmlPolygonCoClass\CurVer@ KmlPolygonCoClass.KmlPolygonCoClass.1.0
Reg HKLM\SOFTWARE\Classes\KmlPolygonCoClass.KmlPolygonCoClass.1.0\CLSID@ {2a9990a5-e235-4ae6-972c-edc30b6192e5}
Reg HKLM\SOFTWARE\Classes\KmlPolyStyleCoClass.KmlPolyStyleCoC\CLSID@ {553f44fe-a225-4783-a084-478d54edc63b}
Reg HKLM\SOFTWARE\Classes\KmlPolyStyleCoClass.KmlPolyStyleCoC\CurVer@ KmlPolyStyleCoClass.KmlPolyStyleCoC.1.0
Reg HKLM\SOFTWARE\Classes\KmlPolyStyleCoClass.KmlPolyStyleCoC.1.0\CLSID@ {553f44fe-a225-4783-a084-478d54edc63b}
Reg HKLM\SOFTWARE\Classes\KmlRegionCoClass.KmlRegionCoClass\CLSID@ {eca7f061-70d0-4507-babd-f1b0b653cc6a}
Reg HKLM\SOFTWARE\Classes\KmlRegionCoClass.KmlRegionCoClass\CurVer@ KmlRegionCoClass.KmlRegionCoClass.1.0
Reg HKLM\SOFTWARE\Classes\KmlRegionCoClass.KmlRegionCoClass.1.0\CLSID@ {eca7f061-70d0-4507-babd-f1b0b653cc6a}
Reg HKLM\SOFTWARE\Classes\KmlScaleCoClass.KmlScaleCoClass\CLSID@ {47b797f2-e873-4f47-a999-693a9fdf9e54}
Reg HKLM\SOFTWARE\Classes\KmlScaleCoClass.KmlScaleCoClass\CurVer@ KmlScaleCoClass.KmlScaleCoClass.1.0
Reg HKLM\SOFTWARE\Classes\KmlScaleCoClass.KmlScaleCoClass.1.0\CLSID@ {47b797f2-e873-4f47-a999-693a9fdf9e54}
Reg HKLM\SOFTWARE\Classes\KmlScreenOverlayCoClass.KmlScreenOv\CLSID@ {88a9100b-231a-421a-8aab-918bffe22c14}
Reg HKLM\SOFTWARE\Classes\KmlScreenOverlayCoClass.KmlScreenOv\CurVer@ KmlScreenOverlayCoClass.KmlScreenOv.1.0
Reg HKLM\SOFTWARE\Classes\KmlScreenOverlayCoClass.KmlScreenOv.1.0\CLSID@ {88a9100b-231a-421a-8aab-918bffe22c14}
Reg HKLM\SOFTWARE\Classes\KmlStyleCoClass.KmlStyleCoClass\CLSID@ {44afac41-d98b-4a3f-bb75-5aa4cc4d9763}
Reg HKLM\SOFTWARE\Classes\KmlStyleCoClass.KmlStyleCoClass\CurVer@ KmlStyleCoClass.KmlStyleCoClass.1.0
Reg HKLM\SOFTWARE\Classes\KmlStyleCoClass.KmlStyleCoClass.1.0\CLSID@ {44afac41-d98b-4a3f-bb75-5aa4cc4d9763}
Reg HKLM\SOFTWARE\Classes\KmlStyleMapCoClass.KmlStyleMapCoCla\CLSID@ {855dbc4d-c8d7-4816-b1ea-a5eba403907e}
Reg HKLM\SOFTWARE\Classes\KmlStyleMapCoClass.KmlStyleMapCoCla\CurVer@ KmlStyleMapCoClass.KmlStyleMapCoCla.1.0
Reg HKLM\SOFTWARE\Classes\KmlStyleMapCoClass.KmlStyleMapCoCla.1.0\CLSID@ {855dbc4d-c8d7-4816-b1ea-a5eba403907e}
Reg HKLM\SOFTWARE\Classes\KmlStyleSelectorCoClass.KmlStyleSel\CLSID@ {8a36a57e-ced8-4997-b3fb-19801ef969fd}
Reg HKLM\SOFTWARE\Classes\KmlStyleSelectorCoClass.KmlStyleSel\CurVer@ KmlStyleSelectorCoClass.KmlStyleSel.1.0
Reg HKLM\SOFTWARE\Classes\KmlStyleSelectorCoClass.KmlStyleSel.1.0\CLSID@ {8a36a57e-ced8-4997-b3fb-19801ef969fd}
Reg HKLM\SOFTWARE\Classes\KmlTourCoClass.KmlTourCoClass\CLSID@ {2711bc60-c16e-11dd-ad8b-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\KmlTourCoClass.KmlTourCoClass\CurVer@ KmlTourCoClass.KmlTourCoClass.1.0
Reg HKLM\SOFTWARE\Classes\KmlTourCoClass.KmlTourCoClass.1.0\CLSID@ {2711bc60-c16e-11dd-ad8b-0800200c9a66}
Reg HKLM\SOFTWARE\Classes\KmlVec2CoClass.KmlVec2CoClass\CLSID@ {d6cb4b7a-10cf-4e51-b237-41d59b17cee6}
Reg HKLM\SOFTWARE\Classes\KmlVec2CoClass.KmlVec2CoClass\CurVer@ KmlVec2CoClass.KmlVec2CoClass.1.0
Reg HKLM\SOFTWARE\Classes\KmlVec2CoClass.KmlVec2CoClass.1.0\CLSID@ {d6cb4b7a-10cf-4e51-b237-41d59b17cee6}
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress@ RstrProgress Class
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress\CLSID
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress\CLSID@ {bf404da2-7d3b-11d3-b9e5-00c04f79e399}
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress\CurVer
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress\CurVer@ RstrCC.RstrProgress.1
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress.1@ RstrProgress Class
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress.1\CLSID
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress.1\CLSID@ {bf404da2-7d3b-11d3-b9e5-00c04f79e399}

---- EOF - GMER 1.0.15 ----

parom
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 26 bře 2010 14:20

Re: win32 rustock

#4 Příspěvek od parom »

mimochodom, NOD uz nedetekuje win32 Rustock :)

odkaz:

analisis/8b68ae20f5521105d3728a0a2dd2b4dc7e4753d4ef355c963046529367a9c089-1269011218


log x CF napisek ked skonci :)

parom
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 26 bře 2010 14:20

Re: win32 rustock

#5 Příspěvek od parom »

ahoj, vcera som chvatal a musel som prec. :(

z virus totalu: Soubor qmgr.dll přijatý 2010.03.30 06:25:33 (UTC)
Současný stav: Dokončeno
Výsledek: 0/42 (0%)

parom
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 26 bře 2010 14:20

Re: win32 rustock

#6 Příspěvek od parom »

Ahoj, log RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Vlastník at 2010-03-30 12:18:08
Microsoft Windows XP Home Edition
System drive C: has 9 GB (34%) free of 26 GB
Total RAM: 1023 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:21, on 30. 3. 2010
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\System32\WTClient.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\HP CP1700PS RIP\Program\App2.exe
C:\CADlink\SignLab e6\signlab6.exe
C:\Program Files\Corel\Corel Graphics 11\Programs\CorelDrw.exe
C:\Program Files\TotalCmd\TOTALCMD.EXE
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Vlastník\Plocha\RSIT.exe
C:\Program Files\trend micro\Vlastník.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Par1284] C:\Program Files\HP CP1700PS RIP\Program\1284Inst.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP CP1700PS RIP.lnk = C:\Program Files\HP CP1700PS RIP\Program\App2.exe
O12 - Plugin for .azetmail[1]: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F20FEF9-2338-418C-826E-5D23B820FA5C}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9ae0ead15d878) (gupdate1c9ae0ead15d878) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 6422 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-12 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-25 325048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2010-02-16 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 147456]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-20 2403392]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINDOWS\System32\msdxm.ocx [2001-11-05 846608]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2010-02-16 2349080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2004-04-06 1298542]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Par1284"=C:\Program Files\HP CP1700PS RIP\Program\1284Inst.exe [2003-03-10 36864]
"C-Media Mixer"=Mixer.exe /startup []
"OrderReminder"=C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2006-01-30 98304]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"WTClient"=C:\WINDOWS\system32\WTClient.exe [2007-04-11 40960]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-25 68856]

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP CP1700PS RIP.lnk - C:\Program Files\HP CP1700PS RIP\Program\App2.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-03-30 07:26:22 ----SHD---- C:\RECYCLER
2010-03-30 07:19:54 ----D---- C:\Program Files\CCleaner
2010-03-29 15:35:32 ----D---- C:\WINDOWS\temp
2010-03-29 15:35:29 ----A---- C:\ComboFix.txt
2010-03-29 10:31:49 ----A---- C:\Boot.bak
2010-03-29 10:31:45 ----RASHD---- C:\cmdcons
2010-03-29 10:27:44 ----A---- C:\WINDOWS\PEV.exe
2010-03-29 10:27:44 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-29 10:27:44 ----A---- C:\WINDOWS\MBR.exe
2010-03-29 10:27:43 ----A---- C:\WINDOWS\zip.exe
2010-03-29 10:27:43 ----A---- C:\WINDOWS\SWREG.exe
2010-03-29 10:27:42 ----A---- C:\WINDOWS\sed.exe
2010-03-29 10:27:42 ----A---- C:\WINDOWS\grep.exe
2010-03-29 10:27:41 ----A---- C:\WINDOWS\SWSC.exe
2010-03-29 10:27:40 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-29 10:27:32 ----D---- C:\WINDOWS\ERDNT
2010-03-29 10:26:47 ----D---- C:\Qoobox
2010-03-26 13:55:32 ----D---- C:\Program Files\trend micro
2010-03-26 13:55:30 ----D---- C:\rsit
2010-03-26 12:03:28 ----A---- C:\WINDOWS\ScanSpyware.INI
2010-03-26 11:50:28 ----D---- C:\Documents and Settings\Vlastník\Data aplikací\ScanSpyware
2010-03-25 12:23:42 ----D---- C:\WINDOWS\System32\MpEngineStore
2010-03-18 10:13:38 ----A---- C:\WINDOWS\System32\hlvdd.dll
2010-03-18 10:07:32 ----A---- C:\WINDOWS\System32\SignLab6R.ini

======List of files/folders modified in the last 1 months======

2010-03-30 12:18:14 ----D---- C:\WINDOWS\Prefetch
2010-03-30 09:29:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-30 07:42:45 ----A---- C:\WINDOWS\WINCMD.INI
2010-03-30 07:26:22 ----D---- C:\WINDOWS\Minidump
2010-03-30 07:26:22 ----D---- C:\WINDOWS\Debug
2010-03-30 07:26:22 ----D---- C:\WINDOWS
2010-03-30 07:20:49 ----D---- C:\Documents and Settings\Vlastník\Data aplikací\The Bat!
2010-03-30 07:19:54 ----AD---- C:\Program Files
2010-03-29 15:35:33 ----D---- C:\WINDOWS\System32\drivers
2010-03-29 15:33:20 ----D---- C:\WINDOWS\System32\CatRoot2
2010-03-29 15:30:51 ----A---- C:\WINDOWS\system.ini
2010-03-29 15:30:01 ----D---- C:\WINDOWS\system32
2010-03-29 15:29:00 ----D---- C:\WINDOWS\AppPatch
2010-03-29 15:28:54 ----D---- C:\Program Files\Common Files
2010-03-29 10:40:09 ----AC---- C:\WINDOWS\System32\PerfStringBackup.INI
2010-03-29 10:37:12 ----D---- C:\WINDOWS\System32\config
2010-03-29 10:36:33 ----RSHDC---- C:\WINDOWS\System32\dllcache
2010-03-29 10:36:28 ----D---- C:\Program Files\pics-factory Toolbar
2010-03-29 10:31:49 ----RASH---- C:\boot.ini
2010-03-29 07:46:46 ----A---- C:\WINDOWS\FontMgr.ini
2010-03-26 15:08:04 ----D---- C:\Documents and Settings\Vlastník\Data aplikací\Skype
2010-03-26 14:53:36 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-26 14:13:32 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2010-03-26 14:11:30 ----D---- C:\Config.Msi
2010-03-26 14:11:26 ----D---- C:\Program Files\Lavasoft
2010-03-26 14:10:57 ----SHD---- C:\WINDOWS\Installer
2010-03-26 11:04:37 ----AC---- C:\WINDOWS\barcode.ini
2010-03-26 08:35:44 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-25 10:19:04 ----D---- C:\Program Files\Opera
2010-03-25 09:40:11 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Adobe
2010-03-19 09:14:30 ----D---- C:\Documents and Settings\Vlastník\Data aplikací\Adobe
2010-03-18 11:05:06 ----RSD---- C:\WINDOWS\Fonts
2010-03-18 10:13:38 ----A---- C:\WINDOWS\System32\haspvdd.dll
2010-03-18 10:07:39 ----A---- C:\WINDOWS\win.ini
2010-03-15 14:39:56 ----D---- C:\Program Files\OpenOffice.org1.1.4
2010-03-05 14:25:17 ----D---- C:\Documents and Settings\Vlastník\Data aplikací\AdobeUM
2010-03-01 22:30:14 ----AC---- C:\WINDOWS\System32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-04-06 25600]
R1 NmPar;MosChip Unusable Parallel Port; C:\WINDOWS\System32\DRIVERS\NmPar.sys [2006-10-11 76416]
R1 nmserial;MosChip PCI Serial Port; C:\WINDOWS\System32\DRIVERS\nmserial.sys [2006-10-12 60032]
R2 eamon;eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 hardlock;hardlock; \??\C:\WINDOWS\System32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\System32\drivers\Haspnt.sys []
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-22 73728]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 G400;G400; C:\WINDOWS\System32\DRIVERS\G400m.sys [2001-10-24 322432]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mf;mf; C:\WINDOWS\System32\DRIVERS\mf.sys [2001-10-25 62208]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2001-08-17 23070]
R3 TClass2k;Tablet Class Driver; C:\WINDOWS\System32\DRIVERS\TClass2k.sys [2007-04-23 18432]
R3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\System32\DRIVERS\UCTblHid.sys [2007-05-31 12800]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2001-10-25 50688]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2001-10-25 18944]
R4 InCDfs;InCD File System; C:\WINDOWS\System32\drivers\InCDfs.sys [2004-04-06 89472]
S2 Machnm32;Machnm32 Driver; \??\C:\WINDOWS\System32\Machnm32.sys []
S3 CADlink;CADlink; \??\C:\CADlink\SignLab5\CADlink.sys []
S3 catchme;catchme; \??\C:\abraka.com\catchme.sys []
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2001-08-17 205056]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4ufd;HP Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\hppaufd0.sys [2001-10-22 17600]
S3 mkusb;Mimaki Plotter USB Port Controller (mkusb.sys); C:\WINDOWS\System32\Drivers\mkusb.sys [2003-06-12 93824]
S3 NIC2000;USB-USB Network Bridge Adapter; C:\WINDOWS\System32\DRIVERS\NIC2000.sys [2001-11-05 5766]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 StMp3Rec;Player Recovery Device Control Driver; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2004-11-19 68222]
S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys [2007-04-23 17920]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2001-08-17 24832]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2001-08-17 13824]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-17 21760]
S3 UtilNT;UtilNT; \??\C:\WINDOWS\system32\drivers\UtilNT.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-04-06 929904]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2001-10-25 12800]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R2 WinTabService;WinTab Service; C:\WINDOWS\System32\Drivers\WTSRV.EXE [2007-05-31 53248]
S2 gupdate1c9ae0ead15d878;Google Update Service (gupdate1c9ae0ead15d878); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-26 133104]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 138168]

-----------------EOF-----------------

parom
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 26 bře 2010 14:20

Re: win32 rustock

#7 Příspěvek od parom »

log CF:

ComboFix 10-03-29.04 - Vlastník . 03. 2010 12:29:16.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.0.1250.420.1029.18.1023.523 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vlastník\Plocha\abraka.com.exe
.
/wow section - STAGE 4


((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

Nakažená kopie c:\windows\system32\qmgr.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\qmgr.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-28 do 2010-03-30 )))))))))))))))))))))))))))))))
.

2010-03-30 05:19 . 2010-03-30 05:19 -------- d-----w- c:\program files\CCleaner
2010-03-26 11:55 . 2010-03-30 10:18 -------- d-----w- c:\program files\trend micro
2010-03-26 11:55 . 2010-03-26 11:56 -------- d-----w- C:\rsit
2010-03-25 10:23 . 2010-03-25 10:23 -------- d-----w- c:\windows\system32\MpEngineStore
2010-03-18 08:13 . 2010-03-18 08:13 291328 ----a-w- c:\windows\system32\hlvdd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 08:40 . 2001-10-25 12:00 46016 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 08:40 . 2001-10-25 12:00 309716 ----a-w- c:\windows\system32\perfh005.dat
2010-03-29 08:36 . 2007-08-07 08:11 -------- d-----w- c:\program files\pics-factory Toolbar
2010-03-26 13:43 . 2006-04-25 10:18 2496 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-26 12:53 . 2007-12-07 10:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-26 12:11 . 2008-05-21 05:47 -------- d-----w- c:\program files\Lavasoft
2010-03-25 08:19 . 2008-09-16 07:57 -------- d-----w- c:\program files\Opera
2010-03-18 08:13 . 2005-05-27 11:11 6656 ----a-w- c:\windows\system32\haspvdd.dll
2010-03-18 08:13 . 2005-05-27 11:11 383 ----a-w- c:\windows\system32\haspdos.sys
2010-03-18 08:13 . 2005-05-27 11:11 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2010-03-15 12:39 . 2005-06-23 06:54 -------- d-----w- c:\program files\OpenOffice.org1.1.4
2010-02-26 09:05 . 2007-08-22 09:04 2608 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-01 12:24 . 2006-04-12 10:16 -------- d-----w- c:\program files\Google
2004-03-11 11:27 . 2004-11-17 14:13 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-03-29_08.39.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-01 06:00 . 2010-03-30 10:28 3506176 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-12-01 06:00 . 2010-03-29 08:28 3506176 c:\windows\system32\config\systemprofile\ntuser.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-02-16 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-02-16 07:00 2349080 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-02-16 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-02-16 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-04-06 1298542]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Par1284"="c:\program files\HP CP1700PS RIP\Program\1284Inst.exe" [2003-03-10 36864]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe [2003-7-17 217180]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-5-27 110592]
HP CP1700PS RIP.lnk - c:\program files\HP CP1700PS RIP\Program\App2.exe [2004-7-16 2707456]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14. 5. 2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14. 5. 2009 15:49 94360]
R1 NmPar;MosChip Unusable Parallel Port;c:\windows\system32\drivers\NmPar.sys [24. 10. 2007 10:51 76416]
R1 nmserial;MosChip PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [24. 10. 2007 10:51 60032]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14. 5. 2009 15:47 731840]
S2 gupdate1c9ae0ead15d878;Google Update Service (gupdate1c9ae0ead15d878);c:\program files\Google\Update\GoogleUpdate.exe [26. 3. 2009 14:30 133104]
S3 mkusb;Mimaki Plotter USB Port Controller (mkusb.sys);c:\windows\system32\drivers\mkusb.sys [12. 6. 2003 10:36 93824]
S3 NIC2000;USB-USB Network Bridge Adapter;c:\windows\system32\drivers\NIC2000.SYS [22. 10. 2007 13:11 5766]
S3 UtilNT;UtilNT;c:\windows\system32\drivers\utilnt.sys [27. 5. 2005 12:17 5533]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - PAR1284

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'

2010-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 12:30]

2010-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 12:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {3F20FEF9-2338-418C-826E-5D23B820FA5C} = 192.168.1.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-30 12:35
Windows 5.1.2600 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1229272821-1303643608-725345543-1003\Software\Corel\WritingTools\9.1\User Word Lists\í*o]
"Selected UWL"=hex:02,00

[HKEY_USERS\S-1-5-21-1229272821-1303643608-725345543-1003\Software\Corel\WritingTools\9.1\User Word Lists\í*o\Word List 0]
"Name"="c:\\Documents and Settings\\Vlastník\\Dokumenty\\Corel User Files\\WT9_1íů.UWL"
"Enabled"=hex:01,00,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(476)
c:\windows\system32\ODBC32.dll

- - - - - - - > 'lsass.exe'(536)
c:\windows\System32\dssenh.dll
c:\windows\system32\mswsock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\wdfmgr.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\windows\Mixer.exe
c:\windows\System32\WTClient.exe
.
**************************************************************************
.
Celkový čas: 2010-03-30 12:40:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-30 10:39
ComboFix2.txt 2010-03-29 08:44

Před spuštěním: 9 259 651 072
Po spuštění: 9 231 278 080

- - End Of File - - 62EA8D392B534A673F53E8D3CF1DA33A


po restarte NOD detekoval infiltraciu: C:\System Volume Information\_restore{84A31534-7007-4139-B478-FE989D2113FD}\RP1036\A0251940.dll

parom
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 26 bře 2010 14:20

Re: win32 rustock

#8 Příspěvek od parom »

ok vykonane, restartnem comp. Dakujem zatial :)

poz.: na fix. som tam vsetko nenasiel R0 ... , a R3 . ..
v zozname neboli

parom
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 26 bře 2010 14:20

Re: win32 rustock

#9 Příspěvek od parom »

odebrat sa podarilo: BS Player Toolbar
a nepodarilo, vobec nereaguje: pics-factory Toolbar - neviem co to vobec je :(

parom
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 26 bře 2010 14:20

Re: win32 rustock

#10 Příspěvek od parom »

tu je Print
Přílohy
Print.jpg
(450.26 KiB) Staženo 97 x

parom
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 26 bře 2010 14:20

Re: win32 rustock

#11 Příspěvek od parom »

2010-03-29 08:42:47 . 2010-03-29 08:42:47 544 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-wintuh32.reg.dat
2010-03-29 08:42:46 . 2010-03-29 08:42:46 544 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-windtl32.reg.dat
2010-03-29 08:42:38 . 2010-03-29 08:42:38 131 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKU-Default-Run-CTFMON.EXE.reg.dat
2010-03-29 08:42:37 . 2010-03-29 08:42:37 158 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-qbknyjgd.reg.dat
2010-03-29 08:36:29 . 2010-03-29 08:36:29 53,766 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_xpdx_.sys.zip
2010-03-29 08:35:59 . 2010-03-29 08:35:59 74 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_xpdx.reg.dat
2010-03-29 08:35:49 . 2010-03-30 10:32:20 5,951 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-03-29 08:27:32 . 2010-03-30 10:28:21 490 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-03-05 10:19:27 . 2001-10-25 12:00:00 179,200 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\qmgr.dll.vir
2007-08-06 11:41:21 . 2008-01-09 05:59:28 54,764 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\xpdx.sys.vir
2007-03-20 16:42:31 . 2010-03-26 08:07:56 29,184 ----a-w- C:\Qoobox\Quarantine\C\Thumbs.db.vir
2006-09-01 16:55:58 . 2006-09-01 16:55:58 122,880 ----a-w- C:\Qoobox\Quarantine\C\PROGRA~1\PICS-F~1\tbhelper.dll.vir
2001-10-25 12:00:00 . 2001-10-25 12:00:00 38,686 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ieuinit.inf.vir

parom
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 26 bře 2010 14:20

Re: win32 rustock

#12 Příspěvek od parom »

CF restartoval comp, ale po 20 min. sa nevypol, sekol sa, - reset.

Dakujem zatial za trpezlivost :) budem tu len do 15,30 potom az zajtra :)

Tu je log z CF :

ComboFix 10-03-29.04 - Vlastník . 03. 2010 14:18:17.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.0.1250.420.1029.18.1023.655 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vlastník\Plocha\abraka.com.exe
Použité ovládací přepínače :: c:\documents and settings\Vlastník\Plocha\CFScript.txt
* Rezidentní štít AV je zapnutý

.
/wow section - STAGE 4


((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\pics-factory Toolbar
c:\program files\pics-factory Toolbar\basis.xml
c:\program files\pics-factory Toolbar\favicon.ico
c:\program files\pics-factory Toolbar\icons.bmp
c:\program files\pics-factory Toolbar\pics-factory.inf
c:\program files\pics-factory Toolbar\version.txt

Nakažená kopie c:\windows\system32\qmgr.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\qmgr.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-28 do 2010-03-30 )))))))))))))))))))))))))))))))
.

2010-03-30 11:01 . 2010-03-30 11:01 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-03-30 05:19 . 2010-03-30 05:19 -------- d-----w- c:\program files\CCleaner
2010-03-26 11:55 . 2010-03-30 12:13 -------- d-----w- c:\program files\trend micro
2010-03-26 11:55 . 2010-03-26 11:56 -------- d-----w- C:\rsit
2010-03-25 10:23 . 2010-03-25 10:23 -------- d-----w- c:\windows\system32\MpEngineStore
2010-03-18 08:13 . 2010-03-18 08:13 291328 ----a-w- c:\windows\system32\hlvdd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-30 11:26 . 2006-04-12 10:16 -------- d-----w- c:\program files\Google
2010-03-29 08:40 . 2001-10-25 12:00 46016 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 08:40 . 2001-10-25 12:00 309716 ----a-w- c:\windows\system32\perfh005.dat
2010-03-26 13:43 . 2006-04-25 10:18 2496 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-26 12:53 . 2007-12-07 10:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-26 12:11 . 2008-05-21 05:47 -------- d-----w- c:\program files\Lavasoft
2010-03-25 08:19 . 2008-09-16 07:57 -------- d-----w- c:\program files\Opera
2010-03-18 08:13 . 2005-05-27 11:11 6656 ----a-w- c:\windows\system32\haspvdd.dll
2010-03-18 08:13 . 2005-05-27 11:11 383 ----a-w- c:\windows\system32\haspdos.sys
2010-03-18 08:13 . 2005-05-27 11:11 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2010-03-15 12:39 . 2005-06-23 06:54 -------- d-----w- c:\program files\OpenOffice.org1.1.4
2010-02-26 09:05 . 2007-08-22 09:04 2608 ----a-w- c:\windows\system32\d3d9caps.dat
2004-03-11 11:27 . 2004-11-17 14:13 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-03-29_08.39.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-30 11:01 . 2010-03-30 11:01 2560 c:\windows\_MSRSTRT.EXE
+ 2009-12-01 06:00 . 2010-03-30 10:28 3506176 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-12-01 06:00 . 2010-03-29 08:28 3506176 c:\windows\system32\config\systemprofile\ntuser.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-04-06 1298542]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Par1284"="c:\program files\HP CP1700PS RIP\Program\1284Inst.exe" [2003-03-10 36864]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe [2003-7-17 217180]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-5-27 110592]
HP CP1700PS RIP.lnk - c:\program files\HP CP1700PS RIP\Program\App2.exe [2004-7-16 2707456]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14. 5. 2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14. 5. 2009 15:49 94360]
R1 NmPar;MosChip Unusable Parallel Port;c:\windows\system32\drivers\NmPar.sys [24. 10. 2007 10:51 76416]
R1 nmserial;MosChip PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [24. 10. 2007 10:51 60032]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14. 5. 2009 15:47 731840]
S2 gupdate1c9ae0ead15d878;Google Update Service (gupdate1c9ae0ead15d878);c:\program files\Google\Update\GoogleUpdate.exe [26. 3. 2009 14:30 133104]
S3 mkusb;Mimaki Plotter USB Port Controller (mkusb.sys);c:\windows\system32\drivers\mkusb.sys [12. 6. 2003 10:36 93824]
S3 NIC2000;USB-USB Network Bridge Adapter;c:\windows\system32\drivers\NIC2000.SYS [22. 10. 2007 13:11 5766]
S3 UtilNT;UtilNT;c:\windows\system32\drivers\utilnt.sys [27. 5. 2005 12:17 5533]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - PAR1284

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'

2010-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 12:30]

2010-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 12:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {3F20FEF9-2338-418C-826E-5D23B820FA5C} = 192.168.1.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-30 14:43
Windows 5.1.2600 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1229272821-1303643608-725345543-1003\Software\Corel\WritingTools\9.1\User Word Lists\í*o]
"Selected UWL"=hex:02,00

[HKEY_USERS\S-1-5-21-1229272821-1303643608-725345543-1003\Software\Corel\WritingTools\9.1\User Word Lists\í*o\Word List 0]
"Name"="c:\\Documents and Settings\\Vlastník\\Dokumenty\\Corel User Files\\WT9_1íů.UWL"
"Enabled"=hex:01,00,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(476)
c:\windows\system32\ODBC32.dll

- - - - - - - > 'lsass.exe'(536)
c:\windows\System32\dssenh.dll
c:\windows\system32\mswsock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\wdfmgr.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\windows\Mixer.exe
c:\windows\System32\WTClient.exe
.
**************************************************************************
.
Celkový čas: 2010-03-30 14:46:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-30 12:46
ComboFix2.txt 2010-03-30 10:40
ComboFix3.txt 2010-03-29 08:44

Před spuštěním: 9 276 493 824
Po spuštění: 9 244 012 544

- - End Of File - - CAFAAD41D5B4BDBF7E6A512A34733636

parom
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 26 bře 2010 14:20

Re: win32 rustock

#13 Příspěvek od parom »

ahoj? CF sa odinstaloval sam ako bolo uvedene :)

log OTL.tex:

OTL logfile created on: 31. 3. 2010 8:50:03 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Vlastník\Plocha
Windows XP Home Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

1 023.00 Mb Total Physical Memory | 675.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.49 Gb Total Space | 11.00 Gb Free Space | 43.14% Space Free | Partition Type: NTFS
Drive D: | 49.03 Gb Total Space | 22.53 Gb Free Space | 45.95% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 149.04 Gb Total Space | 19.31 Gb Free Space | 12.96% Space Free | Partition Type: NTFS
Drive Z: | 35.55 Gb Total Space | 9.73 Gb Free Space | 27.37% Space Free | Partition Type: FAT

Computer Name: PENTIUM5
Current User Name: Vlastník
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.03.31 08:44:40 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vlastník\Plocha\OTL.exe
PRC - [2010.03.18 02:43:38 | 000,835,952 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009.05.14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009.05.14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2007.05.31 15:38:48 | 000,053,248 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\WTSrv.exe
PRC - [2007.04.11 18:27:00 | 000,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\WTClient.exe
PRC - [2006.01.30 11:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
PRC - [2004.04.06 19:36:14 | 001,298,542 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2004.04.06 19:35:10 | 000,929,904 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\incdsrv.exe
PRC - [2003.12.08 17:35:14 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2003.07.17 21:50:42 | 000,217,180 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
PRC - [2003.03.10 18:47:02 | 002,707,456 | ---- | M] () -- C:\Program Files\HP CP1700PS RIP\Program\App2.exe
PRC - [2002.10.15 19:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (http://www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe
PRC - [2001.10.25 14:00:00 | 001,001,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010.03.31 08:44:40 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vlastník\Plocha\OTL.exe
MOD - [2001.10.25 14:00:00 | 000,921,088 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009.05.14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.05.14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007.05.31 15:38:48 | 000,053,248 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\WINDOWS\System32\Drivers\WTSRV.EXE -- (WinTabService)
SRV - [2004.04.06 19:35:10 | 000,929,904 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2010.03.18 10:13:37 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009.05.14 15:49:32 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.05.14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.05.14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007.05.31 19:33:44 | 000,012,800 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2007.04.23 17:28:56 | 000,018,432 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2007.04.23 17:28:56 | 000,017,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Tablet2k.sys -- (Tablet2k)
DRV - [2006.10.12 14:23:02 | 000,060,032 | R--- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NmSerial.sys -- (nmserial)
DRV - [2006.10.11 05:12:14 | 000,076,416 | R--- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2005.05.27 13:24:29 | 000,460,800 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2005.04.21 13:40:36 | 000,010,624 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2005.04.12 10:41:20 | 000,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2004.11.19 13:36:00 | 000,068,222 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2004.04.06 19:40:10 | 000,025,600 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2004.04.06 19:39:20 | 000,089,472 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\incdfs.sys -- (InCDfs)
DRV - [2003.12.05 11:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003.06.12 10:36:16 | 000,093,824 | ---- | M] (Mimaki Engineering Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mkusb.sys -- (mkusb) Mimaki Plotter USB Port Controller (mkusb.sys)
DRV - [2002.11.18 16:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001.11.05 11:43:14 | 000,005,766 | ---- | M] (Prolific Technology Inc.
http://www.prolific.com.tw) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NIC2000.SYS -- (NIC2000)
DRV - [2001.10.25 14:00:00 | 000,062,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2001.10.24 12:56:52 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
DRV - [2001.10.22 12:18:36 | 000,017,600 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hppaufd0.sys -- (dot4ufd)
DRV - [2001.08.17 22:12:42 | 000,023,070 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001.08.17 22:02:32 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001.06.22 05:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2000.04.18 00:32:38 | 000,005,533 | R--- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utilnt.sys -- (UtilNT)
DRV - [1998.10.26 23:45:10 | 000,011,264 | ---- | M] (CADlink Technology) [Kernel | On_Demand | Stopped] -- C:\CADlink\SignLab5\CADlink.sys -- (CADlink)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1229272821-1303643608-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
IE - HKU\S-1-5-21-1229272821-1303643608-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1229272821-1303643608-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.08.07 14:54:10 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010.03.30 14:42:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (&Rádio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O3 - HKU\S-1-5-21-1229272821-1303643608-725345543-1003\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll File not found
O3 - HKU\S-1-5-21-1229272821-1303643608-725345543-1003\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1229272821-1303643608-725345543-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll File not found
O3 - HKU\S-1-5-21-1229272821-1303643608-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (http://www.cmedia.com.tw))
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Par1284] C:\Program Files\HP CP1700PS RIP\Program\1284Inst.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [WTClient] C:\WINDOWS\System32\WTClient.exe (Tablet Driver)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\HP CP1700PS RIP.lnk = C:\Program Files\HP CP1700PS RIP\Program\App2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-1303643608-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1229272821-1303643608-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1229272821-1303643608-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1229272821-1303643608-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O12 - Plugin for: .azetmail[1] - C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll (Apple Computer, Inc.)
O12 - Plugin for: .mp3 - C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll (Apple Computer, Inc.)
O12 - Plugin for: .mpeg - C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-1229272821-1303643608-725345543-1003\..Trusted Domains: ([]msn in Tento počítač)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15026/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://195.28.70.134/kapor2/lib/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15026/CTPID.cab (Creative Software AutoUpdate Support Package)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Vlastník\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 7 Days ==========

[2010.03.31 08:44:29 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vlastník\Plocha\OTL.exe
[2010.03.31 08:40:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.03.30 14:46:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.03.30 07:27:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Vlastník\Recent
[2010.03.30 07:19:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.03.30 07:14:04 | 003,376,656 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Vlastník\Plocha\ccsetup230.exe
[2010.03.29 10:31:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.03.29 10:27:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.03.26 13:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.03.26 13:55:30 | 000,000,000 | ---D | C] -- C:\rsit
[2010.03.26 11:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vlastník\Data aplikací\ScanSpyware
[2010.03.25 12:23:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.03.31 08:44:40 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vlastník\Plocha\OTL.exe
[2010.03.31 08:40:48 | 000,001,145 | ---- | M] () -- C:\Documents and Settings\Vlastník\Plocha\Add-Remove Programs.zip
[2010.03.31 08:29:00 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.31 07:02:25 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.31 06:54:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.31 06:54:33 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Vlastník\ntuser.dat
[2010.03.31 06:54:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.31 06:54:22 | 1073,254,400 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.30 15:39:42 | 000,000,180 | -HS- | M] () -- C:\Documents and Settings\Vlastník\ntuser.ini
[2010.03.30 14:43:20 | 000,000,313 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.30 14:42:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.03.30 13:59:09 | 000,006,163 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2010.03.30 13:01:52 | 000,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010.03.30 12:45:19 | 000,004,849 | ---- | M] () -- C:\WINDOWS\FontMgr.ini
[2010.03.30 12:26:25 | 000,059,900 | ---- | M] () -- C:\Documents and Settings\Vlastník\Plocha\Uhrinova eva MOTYL.cdr
[2010.03.30 07:19:56 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Vlastník\Plocha\CCleaner.lnk
[2010.03.30 07:19:04 | 003,376,656 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Vlastník\Plocha\ccsetup230.exe
[2010.03.29 10:40:11 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.29 10:40:11 | 000,309,716 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.03.29 10:40:11 | 000,046,016 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.03.29 10:40:11 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.29 10:40:09 | 000,714,818 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.29 10:38:26 | 001,255,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.03.29 10:31:49 | 000,000,264 | RHS- | M] () -- C:\boot.ini
[2010.03.29 09:17:05 | 000,001,458 | ---- | M] () -- C:\Documents and Settings\Vlastník\Plocha\Mac Plocha.lnk
[2010.03.29 07:00:17 | 000,012,980 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.26 15:43:49 | 000,002,496 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.03.26 13:54:41 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Vlastník\Plocha\RSIT.exe
[2010.03.26 12:03:29 | 000,000,801 | ---- | M] () -- C:\WINDOWS\ScanSpyware.INI
[2010.03.26 11:04:37 | 000,000,401 | ---- | M] () -- C:\WINDOWS\barcode.ini
[2010.03.26 08:35:44 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.25 10:34:18 | 000,026,112 | -H-- | M] () -- C:\treeinfo.wc
[2010.03.25 10:19:12 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\Opera.lnk
[2010.03.25 09:59:25 | 000,074,128 | ---- | M] () -- C:\Documents and Settings\Vlastník\Plocha\rezanie kop flex.CDL
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.31 08:40:48 | 000,001,145 | ---- | C] () -- C:\Documents and Settings\Vlastník\Plocha\Add-Remove Programs.zip
[2010.03.30 13:01:51 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010.03.30 07:19:56 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Vlastník\Plocha\CCleaner.lnk
[2010.03.29 11:46:31 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Vlastník\Plocha\gmer.exe
[2010.03.29 11:45:30 | 000,059,900 | ---- | C] () -- C:\Documents and Settings\Vlastník\Plocha\Uhrinova eva MOTYL.cdr
[2010.03.29 10:31:49 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2010.03.29 10:31:45 | 000,237,744 | ---- | C] () -- C:\cmldr
[2010.03.26 13:54:41 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Vlastník\Plocha\RSIT.exe
[2010.03.26 12:03:28 | 000,000,801 | ---- | C] () -- C:\WINDOWS\ScanSpyware.INI
[2010.03.25 10:37:16 | 1073,254,400 | -HS- | C] () -- C:\hiberfil.sys
[2010.03.25 09:59:24 | 000,074,128 | ---- | C] () -- C:\Documents and Settings\Vlastník\Plocha\rezanie kop flex.CDL
[2010.03.18 10:07:32 | 000,200,903 | ---- | C] () -- C:\WINDOWS\System32\SignLab6R.ini
[2008.04.11 11:45:32 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\ucinst32.dll
[2008.03.31 10:59:55 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\Fileiocv.sys
[2008.01.23 13:38:59 | 000,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2007.12.19 10:22:09 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007.12.07 14:22:57 | 000,000,382 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007.11.08 14:47:03 | 000,000,401 | ---- | C] () -- C:\WINDOWS\barcode.ini
[2007.10.24 10:51:21 | 000,007,168 | R--- | C] () -- C:\WINDOWS\System32\NmCoInst.dll
[2007.03.14 09:54:09 | 000,000,370 | ---- | C] () -- C:\WINDOWS\capture.ini
[2007.03.14 08:19:20 | 000,000,163 | ---- | C] () -- C:\WINDOWS\spidla.INI
[2007.02.16 09:57:43 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2007.01.04 16:50:06 | 000,000,040 | ---- | C] () -- C:\WINDOWS\AceDVDAudioExtractor.ini
[2006.10.12 13:17:30 | 000,000,229 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2006.04.05 14:56:01 | 000,016,634 | ---- | C] () -- C:\WINDOWS\OCR.Ini
[2006.03.13 13:27:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CorelDrw110.INI
[2005.10.27 14:02:53 | 000,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.08.30 07:57:00 | 000,000,632 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2005.08.25 07:49:04 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005.07.14 10:31:57 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2005.06.23 08:57:53 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\Vlastník\Data aplikací\sversion.ini
[2005.06.14 11:26:35 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2005.05.30 11:24:09 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2005.05.30 09:04:13 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005.05.30 07:56:37 | 000,089,600 | ---- | C] () -- C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.05.30 07:56:37 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.05.30 07:46:53 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\HOTFLDR.DLL
[2005.05.30 07:09:40 | 000,000,088 | ---- | C] () -- C:\WINDOWS\OPHCW.INI
[2005.05.27 15:22:51 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2005.05.27 13:39:22 | 000,031,390 | ---- | C] () -- C:\WINDOWS\System32\APU86.DRV
[2005.05.27 13:39:20 | 000,001,436 | ---- | C] () -- C:\WINDOWS\FBOARD.INI
[2005.05.27 13:22:03 | 000,017,454 | ---- | C] () -- C:\WINDOWS\System32\photomon.dll
[2005.05.27 13:22:03 | 000,008,894 | ---- | C] () -- C:\WINDOWS\System32\photmnui.dll
[2005.05.27 13:19:59 | 000,004,849 | ---- | C] () -- C:\WINDOWS\FontMgr.ini
[2005.05.27 13:11:56 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2005.05.27 13:11:23 | 000,171,520 | ---- | C] () -- C:\WINDOWS\System32\PATCHW32.DLL
[2005.05.27 13:11:23 | 000,084,448 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB.DLL
[2005.05.27 13:11:23 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\XPLOT.DRV
[2005.05.27 13:11:22 | 000,052,474 | ---- | C] () -- C:\WINDOWS\System32\CDLDIB.DRV
[2005.05.27 13:11:22 | 000,000,535 | ---- | C] () -- C:\WINDOWS\FontManager.ini
[2005.05.27 12:06:02 | 000,006,163 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2004.11.17 16:13:01 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2003.08.07 15:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002.03.08 10:49:22 | 000,226,304 | ---- | C] () -- C:\WINDOWS\System32\DBCDBF32.DLL
[2001.11.13 11:19:18 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dbcgeo32.dll
[2001.10.25 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001.07.17 17:05:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\dbcdgn32.dll
[2001.05.24 16:09:20 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dbcmem32.dll
[2001.05.16 15:54:48 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\dbcmdb32.dll
[2000.07.07 15:00:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\dbcjpg32.dll

========== LOP Check ==========

[2009.05.28 09:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\avg7
[2006.04.25 10:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Bitstream Font Navigator
[2007.09.20 09:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\BufferZone
[2009.08.07 14:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ESET
[2008.03.31 10:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
[2007.08.02 12:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\WildTangent
[2006.07.19 07:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Data aplikací\AVG7
[2009.05.28 09:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\AVG7
[2009.07.22 09:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\BSplayer
[2009.07.22 09:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\BSplayer Pro
[2009.03.06 09:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\Cool Record Edit Pro
[2006.02.20 10:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\Elaborate Bytes
[2009.03.05 10:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\Free Sound Recorder
[2007.05.21 10:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\ICQ Toolbar
[2008.01.09 08:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\iMesh
[2005.05.27 15:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\InterTrust
[2008.09.16 09:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\Opera
[2010.03.26 14:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\ScanSpyware
[2006.06.20 09:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\Shareaza
[2005.12.01 15:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\SlySoft
[2006.11.08 12:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\stickies
[2010.03.30 07:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\The Bat!
[2009.11.24 14:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\uTorrent
[2009.02.18 16:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\Web Page Maker

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< c:\windows\*.* /U >
[2 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2001.08.17 23:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2001.08.17 23:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2001.10.25 14:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2001.10.25 14:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2001.10.25 14:00:00 | 000,051,200 | ---- | M] (Microsoft Corporation) MD5=849D84F975D682B333AF158B8ABFD221 -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2001.10.25 14:00:00 | 000,051,200 | ---- | M] (Microsoft Corporation) MD5=849D84F975D682B333AF158B8ABFD221 -- C:\WINDOWS\system32\cryptsvc.dll
[2001.10.25 14:00:00 | 000,051,200 | ---- | M] (Microsoft Corporation) MD5=849D84F975D682B333AF158B8ABFD221 -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2001.10.25 14:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=8DAEFE31BA545A98E07A976F7435CC5B -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2001.10.25 14:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=8DAEFE31BA545A98E07A976F7435CC5B -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2001.10.25 14:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=8DAEFE31BA545A98E07A976F7435CC5B -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2001.10.25 14:00:00 | 001,001,472 | ---- | M] (Microsoft Corporation) MD5=0348A56A9E9A658AE3AD15B42026498E -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2001.10.25 14:00:00 | 001,001,472 | ---- | M] (Microsoft Corporation) MD5=0348A56A9E9A658AE3AD15B42026498E -- C:\WINDOWS\explorer.exe
[2001.10.25 14:00:00 | 001,849,856 | ---- | M] (Microsoft Corporation) MD5=EA7AEE093375D262A140863705C0F3CE -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2001.10.25 14:00:00 | 000,128,768 | ---- | M] (Microsoft Corporation) MD5=AF609C7C513B3857107FF875B26A57F2 -- C:\WINDOWS\system32\hal.dll

< MD5 for: IDECHNDR.SYS >
[2001.11.15 01:00:00 | 000,087,018 | ---- | M] (Intel Corporation) MD5=B5E01B50B08B440018F437AEBED0BCCF -- C:\Program Files\Intel\Intel Application Accelerator\Driver\idechndr.sys

< MD5 for: LSASS.EXE >
[2001.10.25 14:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=F80A83B21434C30A788EB8991E6A61ED -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2001.10.25 14:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=F80A83B21434C30A788EB8991E6A61ED -- C:\WINDOWS\system32\dllcache\lsass.exe
[2001.10.25 14:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=F80A83B21434C30A788EB8991E6A61ED -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2001.10.25 14:00:00 | 000,161,536 | ---- | M] (Microsoft Corporation) MD5=3EFD4F59BA0A340DE0A3AB984001DBF7 -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2001.10.25 14:00:00 | 000,161,536 | ---- | M] (Microsoft Corporation) MD5=3EFD4F59BA0A340DE0A3AB984001DBF7 -- C:\WINDOWS\system32\dllcache\ndis.sys
[2001.10.25 14:00:00 | 000,161,536 | ---- | M] (Microsoft Corporation) MD5=3EFD4F59BA0A340DE0A3AB984001DBF7 -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2001.10.25 14:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=606FAB9689DA902468D0D150B90D93A9 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2001.10.25 14:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=606FAB9689DA902468D0D150B90D93A9 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2001.10.25 14:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=606FAB9689DA902468D0D150B90D93A9 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2001.10.25 14:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=88CA7CD14736FAC776C2F0EAC14CC269 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2001.10.25 14:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=88CA7CD14736FAC776C2F0EAC14CC269 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2001.10.25 14:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=88CA7CD14736FAC776C2F0EAC14CC269 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2001.10.31 10:26:00 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=0B7569ECA93964A39BEDCF763E78E22A -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2001.10.25 14:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=ED12D92A7B26E99E3A5BF4B043F7314E -- C:\WINDOWS\system32\dllcache\smss.exe
[2001.10.25 14:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=ED12D92A7B26E99E3A5BF4B043F7314E -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2001.10.25 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2001.10.25 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2001.10.25 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2001.10.25 14:00:00 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=E7774698BB0D14B0710A9A31E209F9B6 -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2001.10.25 14:00:00 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=E7774698BB0D14B0710A9A31E209F9B6 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2001.10.25 14:00:00 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=E7774698BB0D14B0710A9A31E209F9B6 -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2001.10.25 14:00:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=95C5E6E59DF2B91E8A5CD181B1C96174 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2001.10.25 14:00:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=95C5E6E59DF2B91E8A5CD181B1C96174 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2001.10.25 14:00:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=95C5E6E59DF2B91E8A5CD181B1C96174 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2001.10.25 14:00:00 | 000,430,080 | ---- | M] (Microsoft Corporation) MD5=674D88B0BE536B5FF62F5C3D71A177A4 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2001.10.25 14:00:00 | 000,430,080 | ---- | M] (Microsoft Corporation) MD5=674D88B0BE536B5FF62F5C3D71A177A4 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2001.10.25 14:00:00 | 000,430,080 | ---- | M] (Microsoft Corporation) MD5=674D88B0BE536B5FF62F5C3D71A177A4 -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2001.10.25 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2001.10.25 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2001.10.25 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< End of report >
[2010.03.31 08:44:40 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vlastník\Plocha\OTL.exe
[2010.03.31 08:40:48 | 000,001,145 | ---- | M] () -- C:\Documents and Settings\Vlastník\Plocha\Add-Remove Programs.zip
[2010.03.31 08:29:00 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.31 07:02:25 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.31 06:54:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.31 06:54:33 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Vlastník\ntuser.dat
[2010.03.31 06:54:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.30 15:39:42 | 000,000,180 | -HS- | M] () -- C:\Documents and Settings\Vlastník\ntuser.ini
[2010.03.30 14:43:20 | 000,000,313 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.30 14:42:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.03.30 14:20:57 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010.03.30 14:13:57 | 000,000,000 | ---D | M] -- C:\Program Files\trend micro
[2010.03.30 13:59:09 | 000,006,163 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2010.03.30 13:26:09 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010.03.30 13:01:52 | 000,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010.03.30 12:45:19 | 000,004,849 | ---- | M] () -- C:\WINDOWS\FontMgr.ini
[2010.03.30 12:26:25 | 000,059,900 | ---- | M] () -- C:\Documents and Settings\Vlastník\Plocha\Uhrinova eva MOTYL.cdr
[2010.03.30 09:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\Adobe
[2010.03.30 09:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Adobe
[2010.03.30 07:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\The Bat!
[2010.03.30 07:19:56 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Vlastník\Plocha\CCleaner.lnk
[2010.03.30 07:19:56 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010.03.30 07:19:04 | 003,376,656 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Vlastník\Plocha\ccsetup230.exe
[2010.03.29 10:40:11 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.29 10:40:11 | 000,309,716 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.03.29 10:40:11 | 000,046,016 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.03.29 10:40:11 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.29 10:40:09 | 000,714,818 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.29 10:38:26 | 001,255,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.03.29 09:17:05 | 000,001,458 | ---- | M] () -- C:\Documents and Settings\Vlastník\Plocha\Mac Plocha.lnk
[2010.03.29 07:00:17 | 000,012,980 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.26 15:43:49 | 000,002,496 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.03.26 15:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\Skype
[2010.03.26 14:53:36 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010.03.26 14:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
[2010.03.26 14:11:26 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2010.03.26 14:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\ScanSpyware
[2010.03.26 13:54:41 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Vlastník\Plocha\RSIT.exe
[2010.03.26 12:03:29 | 000,000,801 | ---- | M] () -- C:\WINDOWS\ScanSpyware.INI
[2010.03.26 11:04:37 | 000,000,401 | ---- | M] () -- C:\WINDOWS\barcode.ini
[2010.03.26 08:35:44 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.25 10:19:12 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\Opera.lnk
[2010.03.25 10:19:04 | 000,000,000 | ---D | M] -- C:\Program Files\Opera
[2010.03.25 09:59:25 | 000,074,128 | ---- | M] () -- C:\Documents and Settings\Vlastník\Plocha\rezanie kop flex.CDL
[2010.03.12 14:21:01 | 000,089,600 | ---- | M] () -- C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.09 16:33:29 | 003,180,532 | -H-- | M] () -- C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\IconCache.db
[2009.09.29 12:12:50 | 000,330,896 | ---- | M] () -- C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2005.06.23 08:57:53 | 000,000,083 | ---- | M] () -- C:\Documents and Settings\Vlastník\Data aplikací\sversion.ini
[2005.05.27 12:40:40 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Vlastník\Data aplikací\desktop.ini
[2005.05.27 12:40:40 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\desktop.ini
[2004.03.11 13:27:22 | 000,040,960 | ---- | M] () -- C:\Program Files\Uninstall_CDS.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.03.31 08:55:33 | 000,006,163 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2010.03.31 08:44:40 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vlastník\Plocha\OTL.exe
[2010.03.31 08:40:48 | 000,001,145 | ---- | M] () -- C:\Documents and Settings\Vlastník\Plocha\Add-Remove Programs.zip
[2010.03.31 08:29:00 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.31 07:02:25 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.31 06:54:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.31 06:54:33 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Vlastník\ntuser.dat
[2010.03.31 06:54:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.31 06:54:22 | 1073,254,400 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.30 15:39:42 | 000,000,180 | -HS- | M] () -- C:\Documents and Settings\Vlastník\ntuser.ini
[2010.03.30 14:43:20 | 000,000,313 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.30 14:42:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.03.30 13:01:52 | 000,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010.03.30 12:45:19 | 000,004,849 | ---- | M] () -- C:\WINDOWS\FontMgr.ini
[2010.03.30 12:26:25 | 000,059,900 | ---- | M] () -- C:\Documents and Settings\Vlastník\Plocha\Uhrinova eva MOTYL.cdr
[2010.03.30 07:19:56 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Vlastník\Plocha\CCleaner.lnk
[2010.03.30 07:19:04 | 003,376,656 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Vlastník\Plocha\ccsetup230.exe
[2010.03.29 10:40:11 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.29 10:40:11 | 000,309,716 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.03.29 10:40:11 | 000,046,016 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.03.29 10:40:11 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.29 10:40:09 | 000,714,818 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.29 10:38:26 | 001,255,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.03.29 10:31:49 | 000,000,264 | RHS- | M] () -- C:\boot.ini
[2010.03.29 09:17:05 | 000,001,458 | ---- | M] () -- C:\Documents and Settings\Vlastník\Plocha\Mac Plocha.lnk
[2010.03.29 07:00:17 | 000,012,980 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.26 15:43:49 | 000,002,496 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.03.26 13:54:41 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Vlastník\Plocha\RSIT.exe
[2010.03.26 12:03:29 | 000,000,801 | ---- | M] () -- C:\WINDOWS\ScanSpyware.INI
[2010.03.26 11:04:37 | 000,000,401 | ---- | M] () -- C:\WINDOWS\barcode.ini
[2010.03.26 08:35:44 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.25 10:34:18 | 000,026,112 | -H-- | M] () -- C:\treeinfo.wc
[2010.03.25 10:19:12 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\Opera.lnk
[2010.03.25 09:59:25 | 000,074,128 | ---- | M] () -- C:\Documents and Settings\Vlastník\Plocha\rezanie kop flex.CDL
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== LOP Check ==========

[2009.05.28 09:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\avg7
[2006.04.25 10:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Bitstream Font Navigator
[2007.09.20 09:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\BufferZone
[2009.08.07 14:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ESET
[2008.03.31 10:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
[2007.08.02 12:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\WildTangent
[2006.07.19 07:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Data aplikací\AVG7
[2009.05.28 09:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\AVG7
[2009.07.22 09:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\BSplayer
[2009.07.22 09:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\BSplayer Pro
[2009.03.06 09:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\Cool Record Edit Pro
[2006.02.20 10:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\Elaborate Bytes
[2009.03.05 10:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\Free Sound Recorder
[2007.05.21 10:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\ICQ Toolbar
[2008.01.09 08:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\iMesh
[2005.05.27 15:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\InterTrust
[2008.09.16 09:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\Opera
[2010.03.26 14:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\ScanSpyware
[2006.06.20 09:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\Shareaza
[2005.12.01 15:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\SlySoft
[2006.11.08 12:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\stickies
[2010.03.30 07:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\The Bat!
[2009.11.24 14:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\uTorrent
[2009.02.18 16:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlastník\Data aplikací\Web Page Maker

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< c:\windows\*.* /U >
[2 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2001.08.17 23:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2001.08.17 23:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2001.10.25 14:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2001.10.25 14:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2001.10.25 14:00:00 | 000,051,200 | ---- | M] (Microsoft Corporation) MD5=849D84F975D682B333AF158B8ABFD221 -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2001.10.25 14:00:00 | 000,051,200 | ---- | M] (Microsoft Corporation) MD5=849D84F975D682B333AF158B8ABFD221 -- C:\WINDOWS\system32\cryptsvc.dll
[2001.10.25 14:00:00 | 000,051,200 | ---- | M] (Microsoft Corporation) MD5=849D84F975D682B333AF158B8ABFD221 -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2001.10.25 14:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=8DAEFE31BA545A98E07A976F7435CC5B -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2001.10.25 14:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=8DAEFE31BA545A98E07A976F7435CC5B -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2001.10.25 14:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=8DAEFE31BA545A98E07A976F7435CC5B -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2001.10.25 14:00:00 | 001,001,472 | ---- | M] (Microsoft Corporation) MD5=0348A56A9E9A658AE3AD15B42026498E -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2001.10.25 14:00:00 | 001,001,472 | ---- | M] (Microsoft Corporation) MD5=0348A56A9E9A658AE3AD15B42026498E -- C:\WINDOWS\explorer.exe
[2001.10.25 14:00:00 | 001,849,856 | ---- | M] (Microsoft Corporation) MD5=EA7AEE093375D262A140863705C0F3CE -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2001.10.25 14:00:00 | 000,128,768 | ---- | M] (Microsoft Corporation) MD5=AF609C7C513B3857107FF875B26A57F2 -- C:\WINDOWS\system32\hal.dll

< MD5 for: IDECHNDR.SYS >
[2001.11.15 01:00:00 | 000,087,018 | ---- | M] (Intel Corporation) MD5=B5E01B50B08B440018F437AEBED0BCCF -- C:\Program Files\Intel\Intel Application Accelerator\Driver\idechndr.sys

< MD5 for: LSASS.EXE >
[2001.10.25 14:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=F80A83B21434C30A788EB8991E6A61ED -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2001.10.25 14:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=F80A83B21434C30A788EB8991E6A61ED -- C:\WINDOWS\system32\dllcache\lsass.exe
[2001.10.25 14:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=F80A83B21434C30A788EB8991E6A61ED -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2001.10.25 14:00:00 | 000,161,536 | ---- | M] (Microsoft Corporation) MD5=3EFD4F59BA0A340DE0A3AB984001DBF7 -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2001.10.25 14:00:00 | 000,161,536 | ---- | M] (Microsoft Corporation) MD5=3EFD4F59BA0A340DE0A3AB984001DBF7 -- C:\WINDOWS\system32\dllcache\ndis.sys
[2001.10.25 14:00:00 | 000,161,536 | ---- | M] (Microsoft Corporation) MD5=3EFD4F59BA0A340DE0A3AB984001DBF7 -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2001.10.25 14:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=606FAB9689DA902468D0D150B90D93A9 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2001.10.25 14:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=606FAB9689DA902468D0D150B90D93A9 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2001.10.25 14:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=606FAB9689DA902468D0D150B90D93A9 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2001.10.25 14:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=88CA7CD14736FAC776C2F0EAC14CC269 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2001.10.25 14:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=88CA7CD14736FAC776C2F0EAC14CC269 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2001.10.25 14:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=88CA7CD14736FAC776C2F0EAC14CC269 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2001.10.31 10:26:00 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=0B7569ECA93964A39BEDCF763E78E22A -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2001.10.25 14:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=ED12D92A7B26E99E3A5BF4B043F7314E -- C:\WINDOWS\system32\dllcache\smss.exe
[2001.10.25 14:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=ED12D92A7B26E99E3A5BF4B043F7314E -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2001.10.25 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2001.10.25 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2001.10.25 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2001.10.25 14:00:00 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=E7774698BB0D14B0710A9A31E209F9B6 -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2001.10.25 14:00:00 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=E7774698BB0D14B0710A9A31E209F9B6 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2001.10.25 14:00:00 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=E7774698BB0D14B0710A9A31E209F9B6 -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2001.10.25 14:00:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=95C5E6E59DF2B91E8A5CD181B1C96174 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2001.10.25 14:00:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=95C5E6E59DF2B91E8A5CD181B1C96174 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2001.10.25 14:00:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=95C5E6E59DF2B91E8A5CD181B1C96174 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2001.10.25 14:00:00 | 000,430,080 | ---- | M] (Microsoft Corporation) MD5=674D88B0BE536B5FF62F5C3D71A177A4 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2001.10.25 14:00:00 | 000,430,080 | ---- | M] (Microsoft Corporation) MD5=674D88B0BE536B5FF62F5C3D71A177A4 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2001.10.25 14:00:00 | 000,430,080 | ---- | M] (Microsoft Corporation) MD5=674D88B0BE536B5FF62F5C3D71A177A4 -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2001.10.25 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2001.10.25 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2001.10.25 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< End of report >


loc Extras.txt je priloha :)

Este spravim ten scan s MBAM log sem hned dam :)
Přílohy
Extras.zip
(5.51 KiB) Staženo 54 x

parom
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 26 bře 2010 14:20

Re: win32 rustock

#14 Příspěvek od parom »

tu je log z MBAM: cisto :worship:

parom
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 26 bře 2010 14:20

Re: win32 rustock

#15 Příspěvek od parom »

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3936

Windows 5.1.2600
Internet Explorer 6.0.2600.0000

31. 3. 2010 9:32:13
mbam-log-2010-03-31 (09-32-13).txt

Typ skenu: Rychlý sken
Skenované objekty: 151283
Uplynulý čas: 5 minuta(y), 59 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Odpovědět