Po restartu, vše jak před dvěma dny... pls. Help

[Spo.On]

Ten soubor neznám.. s tím CF je problém v tom že restartuje PC a po něm je vše jako před tím.... a žádný log se neuloží

[Spo.On]

Ano je ton tak jak píšete, ty dva programy se můžou smazat...

scan z odlazim:
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 14:20 on 10/04/2010 by Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "odlazim.exe"
No files found.

Searching for "odlazim.*"
No files found.

========== regfind ==========

Searching for "odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"

Searching for "odlazim"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"

-=End Of File=-

malý log z gmer:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-10 14:26:34
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

[Spo.On]

Tak asi smůla po dokončení logu se restartuje PC.... zkusím to ještě jednou... tenhle program nejde odstranit: C:\Program Files\Faronics a ani nevím kde jsem k němu přišel...

[Spo.On]

Tak to nevím jestli bylo neco ve smyslu file suspecion ci device..


OTL logfile created on: 4/10/2010 5:40:14 PM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 179.54 Gb Free Space | 38.55% Space Free | Partition Type: NTFS
Drive D: | 1.90 Gb Total Space | 1.43 Gb Free Space | 75.37% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2009/08/05 12:38:58 | 001,056,256 | ---- | M] (Faronics Corporation) [Auto] -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe -- (DFServ)
SRV - [2009/02/10 12:01:49 | 000,116,104 | ---- | M] () [Auto] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/07/11 14:00:06 | 000,080,392 | ---- | M] () [Auto] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2007/12/31 19:17:50 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2007/12/31 19:17:35 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (cpuz130)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/04/04 03:37:13 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/04/02 03:20:43 | 000,024,944 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2010/03/20 15:00:55 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\etdrv.sys -- (etdrv)
DRV - [2010/01/25 13:51:18 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010/01/25 13:51:18 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/12/19 09:42:37 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/08/05 12:48:02 | 000,152,472 | ---- | M] (Faronics Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DeepFrz.sys -- (DeepFrz)
DRV - [2009/05/24 19:00:00 | 000,026,736 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt -- (EverestDriver)
DRV - [2009/02/22 19:16:22 | 000,007,168 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys -- (AODDriver)
DRV - [2008/12/12 10:27:46 | 000,018,432 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2008/12/12 10:27:46 | 000,014,336 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)
DRV - [2008/08/02 00:20:00 | 006,121,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/06/16 03:08:42 | 000,109,184 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/04/13 17:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/31 19:18:01 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2007/12/31 19:17:57 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2007/12/31 19:17:33 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2006/11/03 03:32:30 | 004,394,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2001/08/17 15:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\Administrator_ON_C\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://seznam.cz/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/01/04 16:26:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/01/25 11:12:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/13 13:35:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 03:29:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 03:29:53 | 000,000,000 | ---D | M]

[2009/12/19 15:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\mozilla\Extensions
[2009/12/19 15:23:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/04/04 03:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\mozilla\Firefox\Profiles\devn4wnd.default\extensions
[2010/01/25 13:42:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Data aplikací\mozilla\Firefox\Profiles\devn4wnd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/04 03:48:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/02 13:46:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/01/04 16:39:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010/01/04 16:26:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/03/24 11:03:49 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/03/24 11:03:50 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/01/04 16:26:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010/02/11 09:19:23 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/03/24 11:04:03 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008/09/10 15:56:44 | 000,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2010/02/10 16:09:17 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/02/10 16:09:17 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/02/10 16:09:17 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/02/10 16:09:17 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/02/10 16:09:17 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/02/10 16:09:17 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/02/10 16:09:17 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2008/09/10 15:37:54 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2010/03/11 16:15:05 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/03/11 16:15:05 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010/03/11 16:15:05 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010/03/11 16:15:05 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010/03/11 16:15:05 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010/03/11 16:15:05 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2001/10/25 09:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe File not found
O4 - HKLM..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\Run: [GEST] File not found
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESMART.EXE (ITE Tech. Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKU\Administrator_ON_C..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe File not found
O4 - HKU\Administrator_ON_C..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKU\LocalService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\GIGABYTE Gamer HUD.lnk = File not found
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\MemSet.exe.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\forteManager.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\DfLogon: DllName - LogonDll.dll - C:\WINDOWS\System32\LogonDll.dll ()
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/19 14:19:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/27 15:15:34 | 000,000,220 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\AutoRun\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\explore\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\open\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\AutoRun\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\explore\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\open\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\AutoRun\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\explore\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\open\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{51a8d543-ecd2-11de-acc2-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{51a8d543-ecd2-11de-acc2-806d6172696f}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- File not found
O33 - MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\AutoRun\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\explore\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\open\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\AutoRun\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\explore\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\open\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk /k:C *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/04 11:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Faronics
[2010/04/04 05:20:34 | 001,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscomctl.ocx
[2010/04/04 05:20:34 | 000,118,784 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msstdfmt.dll
[2010/04/04 05:20:34 | 000,102,912 | R--- | C] (Zeal SoftStudio) -- C:\WINDOWS\System32\Ntport.dll
[2010/04/04 05:20:34 | 000,006,080 | ---- | C] (Zeal SoftStudio) -- C:\WINDOWS\System32\drivers\zntport.sys
[2010/04/04 05:20:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64
[2010/04/04 05:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\ITE
[2010/04/04 04:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\4A Games
[2010/04/04 04:53:49 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2010/04/04 04:53:49 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2010/04/04 04:53:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2010/04/04 04:53:48 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2010/04/04 04:53:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/04/04 04:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\METRO 2033
[2010/04/04 03:23:56 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/04/03 11:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/04/03 05:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dokumenty\4A Games
[2010/04/03 04:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools Lite
[2010/04/03 03:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/04/02 16:30:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Plocha\Games
[2010/04/02 16:12:25 | 000,069,632 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe
[2010/04/02 16:07:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV3676340.TMP
[2010/04/02 15:43:20 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2010/04/02 15:43:20 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2010/04/02 15:43:20 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2010/04/02 15:43:20 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2010/04/02 15:43:20 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2010/04/02 15:43:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2010/04/02 15:43:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2010/04/02 15:42:01 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irsir.sys
[2010/04/02 15:42:01 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2010/04/02 06:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\I96PD205
[2010/04/02 06:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\Awd890
[2010/03/30 11:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\DCIM
[2010/03/30 08:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\metro
[2010/03/28 04:21:39 | 000,000,000 | ---D | C] -- C:\RAR
[2010/03/19 14:47:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\Skály
[2010/03/16 11:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dokumenty\BFBC2
[2010/03/15 21:37:50 | 013,570,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2010/03/15 21:37:50 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccs.dll
[2010/03/15 21:37:50 | 000,143,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2010/03/15 21:37:50 | 000,086,016 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2010/03/15 21:37:44 | 000,081,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2010/03/15 14:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\vlc
[2010/03/15 14:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\BRS
[2010/03/15 14:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Codemasters
[2010/03/14 13:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Mikrotik
[2010/03/12 09:32:40 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010/03/12 09:32:39 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/03/12 09:32:39 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010/03/12 09:32:38 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010/03/12 09:32:38 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010/02/10 18:19:22 | 000,346,296 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\IconCache.db
[2010/02/10 18:19:22 | 000,346,296 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\IconCache.db
[2010/01/25 11:38:09 | 000,607,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2009/12/23 14:01:41 | 000,082,944 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/23 14:01:41 | 000,082,944 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/19 16:07:46 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\PnkBstrK.sys
[2009/12/19 14:27:13 | 000,020,704 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2009/12/19 14:27:13 | 000,020,704 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2009/12/19 14:26:46 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
[2006/06/29 09:58:52 | 000,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 09:53:56 | 000,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 10:39:28 | 000,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 10:39:28 | 000,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[Spo.On]

========== Files - Modified Within 30 Days ==========

[2010/04/10 11:07:42 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/04/04 11:07:52 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2010/04/04 11:07:52 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/04 11:07:44 | 000,607,848 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010/04/04 11:07:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/04 11:07:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/04/04 11:07:16 | 016,336,546 | ---- | M] () -- C:\Persi0.sys
[2010/04/04 11:06:02 | 005,382,270 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\4thApril Passes.zip
[2010/04/04 11:04:17 | 058,530,994 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/04 10:26:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/04 03:37:15 | 000,263,851 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/04/04 03:37:13 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010/04/04 03:32:11 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/04 03:32:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/04 03:32:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstet.dat
[2010/04/04 03:18:23 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/04 03:18:23 | 000,428,750 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010/04/04 03:18:23 | 000,077,872 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010/04/04 03:18:23 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/03 07:19:23 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/03 03:49:18 | 000,008,410 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010/04/02 16:04:46 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/02 03:20:43 | 000,024,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2010/04/02 03:20:42 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\GVTunner.ref
[2010/03/30 11:03:22 | 000,082,944 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/29 12:48:21 | 000,138,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/03/25 14:36:06 | 000,012,783 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\vtip.odt
[2010/03/20 15:00:55 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\etdrv.sys
[2010/03/16 02:51:59 | 002,183,470 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2010/03/16 02:51:59 | 000,025,695 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/03/16 02:51:59 | 000,009,046 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/03/15 21:37:34 | 000,066,714 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2010/03/15 11:34:18 | 001,020,388 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/12 10:05:08 | 000,393,733 | ---- | M] () -- C:\AnalysisLog.sr0
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/04 11:07:11 | 016,336,546 | ---- | C] () -- C:\Persi0.sys
[2010/04/04 11:07:09 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\LogonDll.dll
[2010/04/04 11:04:22 | 005,382,270 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\4thApril Passes.zip
[2010/04/04 05:20:34 | 000,046,080 | R--- | C] () -- C:\WINDOWS\System32\itevio.dll
[2010/04/04 05:20:34 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\drivers\a.bat
[2010/04/03 03:49:18 | 000,008,410 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010/04/02 16:08:01 | 000,198,941 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2010/04/02 11:42:13 | 004,194,304 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/04/02 11:42:13 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2010/03/25 14:36:06 | 000,012,783 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\vtip.odt
[2010/03/21 04:06:22 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\GVTunner.ref
[2010/03/15 21:37:34 | 000,263,851 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/15 21:37:34 | 000,066,714 | ---- | C] () -- C:\WINDOWS\System32\NvwsApps.xml
[2010/03/12 10:04:59 | 000,393,733 | ---- | C] () -- C:\AnalysisLog.sr0
[2009/12/23 14:38:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/23 14:38:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/22 17:06:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bench32.INI
[2009/12/20 09:42:41 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\NxExtensions.dll
[2009/12/19 16:07:46 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/12/19 16:07:27 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/12/19 14:55:28 | 000,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2009/12/19 14:45:00 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/19 14:45:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/11/06 05:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/05/21 00:24:48 | 000,001,683 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/08/02 00:20:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/08/02 00:20:00 | 001,499,136 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/08/02 00:20:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/08/02 00:20:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/08/02 00:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/06/27 16:49:42 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2004/06/27 14:15:12 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/02/07 08:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Ashampoo
[2009/12/23 14:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\avidemux
[2010/02/06 16:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Canon
[2010/04/04 03:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools Lite
[2010/02/11 17:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\DassaultSystemes
[2010/02/11 09:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Foxit
[2010/01/23 11:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\GHISLER
[2010/02/21 05:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\gtk-2.0
[2009/12/30 12:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ICQ
[2010/01/24 11:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Leadertech
[2010/03/14 13:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mikrotik
[2009/12/20 09:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\OpenOffice.org
[2010/01/04 17:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Opera
[2009/12/28 14:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\QIP
[2010/02/10 07:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ViGlance
[2010/02/10 07:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ViSplore
[2010/02/10 07:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ViStart

========== Purity Check ==========



========== Custom Scans ==========



<

Kód: Vybrat vše

 >[/color]
 
[color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >[/color]
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008/04/14 03:52:18 | 000,040,448 | ---- | M] (Microsoft Corporation)
"EA Core" = "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent -- File not found
"ICQ" = "C:\Program Files\ICQ6.5\ICQ.exe" silent -- File not found
"RGSC" = C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent -- [2010/01/24 06:32:19 | 000,306,088 | ---- | M] (Take-Two Interactive Software, Inc.)
 
[color=#A23BEC]< c:\windows\*.* /U >[/color]
[5 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe
 
Invalid Environment Variable: %APPDATA%\*.
 
Invalid Environment Variable: %APPDATA%\*.exe
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2004/08/17 08:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2004/08/17 08:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
[color=#A23BEC]< MD5 for: CHANGER.SYS  >[/color]
[2004/08/17 08:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008/04/13 19:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
 
[color=#A23BEC]< MD5 for: CRYPTSVC.DLL  >[/color]
[2004/08/17 08:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008/04/14 03:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008/04/14 03:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
 
[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2008/04/14 03:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004/08/17 08:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2008/04/14 03:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\NiwradSoft Shell Pack\Backup\explorer.exe
[2004/08/17 08:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 03:52:24 | 001,541,120 | ---- | M] (Microsoft Corporation) MD5=D63C59BB0CA2F83B62D003FD52863090 -- C:\WINDOWS\explorer.exe
[2008/04/14 03:52:24 | 001,541,120 | ---- | M] (Microsoft Corporation) MD5=D63C59BB0CA2F83B62D003FD52863090 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
[color=#A23BEC]< MD5 for: HAL.DLL  >[/color]
[2004/08/17 08:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008/04/13 19:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008/04/13 19:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004/08/03 15:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
 
[color=#A23BEC]< MD5 for: IASTOR.SYS  >[/color]
[2009/12/19 09:42:37 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\WINDOWS\NLDRV\001\iastor.sys
[2009/12/19 09:42:37 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\WINDOWS\system32\drivers\iaStor.sys
 
[color=#A23BEC]< MD5 for: ISAPNP.SYS  >[/color]
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001/10/24 06:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2001/10/25 09:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\isapnp.sys
[2008/04/14 02:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008/04/14 01:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008/04/14 01:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008/04/14 02:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\ReinstallBackups\0019\DriverFiles\i386\isapnp.sys
 
[color=#A23BEC]< MD5 for: LSASS.EXE  >[/color]
[2004/08/17 08:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008/04/14 03:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008/04/14 03:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2008/04/13 19:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 19:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/03 16:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2004/08/17 08:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 03:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2004/08/17 08:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 03:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
 
[color=#A23BEC]< MD5 for: SMSS.EXE  >[/color]
[2004/08/17 08:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008/04/14 03:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008/04/14 03:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2008/04/14 03:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 03:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004/08/17 08:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2008/04/13 19:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 19:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004/08/03 16:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2008/04/14 03:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 03:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004/08/17 08:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2004/08/17 08:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 03:52:54 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=471341D353962A35DA3C6324D59D09C4 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 03:52:54 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=471341D353962A35DA3C6324D59D09C4 -- C:\WINDOWS\system32\winlogon.exe
[2008/04/14 03:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\NiwradSoft Shell Pack\Backup\winlogon.exe
 
[color=#A23BEC]< MD5 for: WS2_32.DLL  >[/color]
[2004/08/17 08:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008/04/14 03:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/14 03:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2008/06/20 13:49:25 | 000,147,968 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dnsapi.dll
[2008/04/14 03:51:50 | 000,378,880 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\mstask.dll
[2008/04/14 03:51:52 | 000,067,072 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ntdsapi.dll
[2010/03/10 00:43:10 | 001,510,400 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shdocvw.dll
[2008/06/17 15:02:56 | 015,063,040 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shell32.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2009/12/19 15:10:51 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/12/19 15:10:51 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/12/19 15:10:51 | 000,479,232 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2008/06/20 13:49:25 | 000,147,968 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dnsapi.dll
[2008/04/14 03:51:50 | 000,378,880 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\mstask.dll
[2008/04/14 03:51:52 | 000,067,072 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ntdsapi.dll
[2010/03/10 00:43:10 | 001,510,400 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shdocvw.dll
[2008/06/17 15:02:56 | 015,063,040 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shell32.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >[/color]
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< End of report >
 
[color=#A23BEC]< MD5 for: [2001/10/24 06:44:12 | 000,035,840 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2001/10/24 06:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
 
[color=#A23BEC]< MD5 for: [2001/10/25 09:00:00 | 000,035,840 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2001/10/25 09:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\isapnp.sys
 
[color=#A23BEC]< MD5 for: [2004/08/03 15:59:14 | 000,134,400 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/03 15:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
 
[color=#A23BEC]< MD5 for: [2004/08/03 16:14:30 | 000,182,912 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/03 16:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
 
[color=#A23BEC]< MD5 for: [2004/08/03 16:14:42 | 000,359,040 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/03 16:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2004/08/03 17:59:44 | 000,095,360 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:04 | 000,060,416 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:08 | 000,055,808 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:14 | 000,407,040 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:18 | 000,184,832 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:22 | 000,082,944 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:24 | 000,013,312 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:24 | 001,032,704 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:28 | 000,014,336 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:28 | 000,024,576 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:28 | 000,050,688 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:28 | 000,502,272 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
 
[color=#A23BEC]< MD5 for: [2008/04/13 18:10:32 | 000,096,512 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/13 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
 
[color=#A23BEC]< MD5 for: [2008/04/13 19:01:30 | 000,134,400 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/13 19:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\HAL.DLL
 
[color=#A23BEC]< MD5 for: [2008/04/13 19:01:34 | 000,105,344 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/13 19:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
 
[color=#A23BEC]< MD5 for: [2008/04/13 19:06:40 | 000,042,368 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/13 19:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agp440.sys
 
[color=#A23BEC]< MD5 for: [2008/04/13 19:10:32 | 000,096,512 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/13 19:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
 
[color=#A23BEC]< MD5 for: [2008/04/13 19:11:00 | 000,008,192 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/13 19:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
 
[color=#A23BEC]< MD5 for: [2008/04/13 19:50:18 | 000,361,344 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/13 19:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 19:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2008/04/13 19:50:38 | 000,182,656 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/13 19:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 19:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndis.sys
 
[color=#A23BEC]< MD5 for: [2008/04/14 01:57:54 | 000,037,248 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 01:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008/04/14 01:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\isapnp.sys
 
[color=#A23BEC]< MD5 for: [2008/04/14 02:57:54 | 000,037,248 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 02:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008/04/14 02:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ReinstallBackups\0019\DriverFiles\i386\isapnp.sys
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:51:40 | 000,062,464 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008/04/14 03:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptsvc.dll
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:51:42 | 000,056,320 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:51:52 | 000,407,040 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netlogon.dll
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:51:56 | 000,185,856 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:52:08 | 000,082,432 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/14 03:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:52:24 | 001,034,240 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NiwradSoft Shell Pack\Backup\explorer.exe
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:52:24 | 001,541,120 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:52:24 | 001,541,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2008/04/14 03:52:24 | 001,541,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:52:30 | 000,013,312 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008/04/14 03:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:52:48 | 000,050,688 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008/04/14 03:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:52:50 | 000,014,336 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 03:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:52:52 | 000,026,112 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 03:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userinit.exe
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:52:54 | 000,507,904 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NiwradSoft Shell Pack\Backup\winlogon.exe
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:52:54 | 000,547,328 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:52:54 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 03:52:54 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
 
[color=#A23BEC]< MD5 for: [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2008/06/20 07:59:02 | 000,361,600 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/12/19 09:42:37 | 000,330,264 | ---- | M] (INTEL CORPORATION)  >[/color]
[2009/12/19 09:42:37 | 000,330,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\NLDRV\001\iastor.sys
[2009/12/19 09:42:37 | 000,330,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys

[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2004/08/17 08:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2004/08/17 08:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
 
[color=#A23BEC]< MD5 for: CHANGER.SYS  >[/color]
[2004/08/17 08:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
 
[color=#A23BEC]< MD5 for: HAL.DLL  >[/color]
[2004/08/17 08:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
 
[color=#A23BEC]< MD5 for: ISAPNP.SYS  >[/color]
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2006/10/18 16:47:08 | 000,311,808 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\Audiodev.dll
[2010/03/10 00:43:04 | 001,025,024 | ---- | M] (Společnost Microsoft)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\browseui.dll
[2008/04/14 03:51:40 | 000,336,384 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\cscdll.dll
[2008/04/14 03:51:40 | 006,630,912 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\cscui.dll
[2008/04/14 03:51:40 | 000,025,600 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\davclnt.dll
[2008/06/20 13:49:25 | 000,147,968 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dnsapi.dll
[2008/04/14 03:51:40 | 000,014,336 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\drprov.dll
[2008/04/14 03:51:50 | 000,378,880 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\mstask.dll
[2008/04/14 03:51:52 | 000,011,776 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\netrap.dll
[2008/04/14 03:51:52 | 000,080,384 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\netui0.dll
[2008/04/14 03:51:52 | 000,245,760 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\netui1.dll
[2008/04/14 03:51:52 | 000,067,072 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ntdsapi.dll
[2008/04/14 03:51:52 | 000,044,032 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ntlanman.dll
[2006/10/18 16:47:18 | 000,284,160 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\PortableDeviceApi.dll
[2008/04/14 03:51:56 | 000,064,000 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\samlib.dll
[2009/06/25 04:27:37 | 000,056,832 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\secur32.dll
[2010/03/10 00:43:10 | 001,510,400 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shdocvw.dll
[2008/06/17 15:02:56 | 015,063,040 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shell32.dll
[2008/04/14 03:51:56 | 000,068,096 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shgina.dll
[2010/02/26 01:43:59 | 000,627,200 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\urlmon.dll
[2007/10/25 04:28:30 | 000,222,720 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\wmasf.dll
[2009/05/19 23:56:52 | 002,458,112 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\WMVCore.dll
[2006/10/18 16:47:22 | 002,605,056 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\WpdShext.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2009/12/19 15:10:51 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/12/19 15:10:51 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/12/19 15:10:51 | 000,479,232 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2006/10/18 16:47:08 | 000,311,808 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\Audiodev.dll
[2010/03/10 00:43:04 | 001,025,024 | ---- | M] (Společnost Microsoft)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\browseui.dll
[2008/04/14 03:51:40 | 000,336,384 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\cscdll.dll
[2008/04/14 03:51:40 | 006,630,912 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\cscui.dll
[2008/04/14 03:51:40 | 000,025,600 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\davclnt.dll
[2008/06/20 13:49:25 | 000,147,968 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dnsapi.dll
[2008/04/14 03:51:40 | 000,014,336 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\drprov.dll
[2008/04/14 03:51:50 | 000,378,880 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\mstask.dll
[2008/04/14 03:51:52 | 000,011,776 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\netrap.dll
[2008/04/14 03:51:52 | 000,080,384 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\netui0.dll
[2008/04/14 03:51:52 | 000,245,760 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\netui1.dll
[2008/04/14 03:51:52 | 000,067,072 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ntdsapi.dll
[2008/04/14 03:51:52 | 000,044,032 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ntlanman.dll
[2006/10/18 16:47:18 | 000,284,160 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\PortableDeviceApi.dll
[2008/04/14 03:51:56 | 000,064,000 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\samlib.dll
[2009/06/25 04:27:37 | 000,056,832 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\secur32.dll
[2010/03/10 00:43:10 | 001,510,400 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shdocvw.dll
[2008/06/17 15:02:56 | 015,063,040 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shell32.dll
[2008/04/14 03:51:56 | 000,068,096 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shgina.dll
[2010/02/26 01:43:59 | 000,627,200 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\urlmon.dll
[2007/10/25 04:28:30 | 000,222,720 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\wmasf.dll
[2009/05/19 23:56:52 | 002,458,112 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\WMVCore.dll
[2006/10/18 16:47:22 | 002,605,056 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\WpdShext.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >[/color]
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< End of report >

[Spo.On]

tak jsem taky trochu googlil a nakonec sem na youtube našel návod jak ho odstranit.... opravdu nevím odkud se mi dostal do PC, ale jsem rád že se to vyřešilo... už funguje normálně
Děkuji Vám za vaši ochotu a čas... pro příště už sem poučen...

[Spo.On]

Mohl bych potom poprosit o zkontrolování sestřinýho PC prý ho má strašně pomalý...
tak tady je ten log z CF:
ComboFix 10-04-09.06 - Administrator 10.04.2010 19:21:33.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1513 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-10 do 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-10 21:45 . 2010-04-10 21:45 -------- d-----w- C:\_OTL
2010-04-04 15:07 . 2010-04-04 15:07 -------- d-----w- c:\program files\Faronics
2010-04-04 09:20 . 2005-01-26 17:19 97 ----a-w- c:\windows\system32\drivers\a.bat
2010-04-04 09:20 . 2004-10-07 04:59 102912 ----a-r- c:\windows\system32\Ntport.dll
2010-04-04 09:20 . 2003-10-22 18:04 46080 ----a-r- c:\windows\system32\itevio.dll
2010-04-04 09:20 . 2001-01-22 12:23 6080 ----a-w- c:\windows\system32\drivers\zntport.sys
2010-04-04 09:20 . 2000-07-16 06:00 118784 ----a-r- c:\windows\system32\Msstdfmt.dll
2010-04-04 09:20 . 2010-04-04 09:20 -------- d-----w- c:\windows\SysWow64
2010-04-04 08:53 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-04-04 08:53 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-04-04 08:53 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-04-04 08:53 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-04-04 08:38 . 2010-04-04 08:59 -------- d-----w- c:\program files\METRO 2033
2010-04-04 07:30 . 2010-04-04 07:30 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-03 15:45 . 2010-04-03 15:45 -------- d-----w- c:\program files\Sophos
2010-04-03 07:17 . 2010-04-04 07:28 -------- d-----w- c:\program files\Steam
2010-04-02 20:12 . 2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe
2010-04-02 20:07 . 2010-04-02 20:15 -------- d-----w- c:\windows\NV3676340.TMP
2010-04-02 19:43 . 2008-04-14 06:52 152064 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-04-02 19:43 . 2008-04-14 06:52 152064 ----a-w- c:\windows\system32\irftp.exe
2010-04-02 19:43 . 2008-04-14 06:52 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-04-02 19:43 . 2008-04-14 06:52 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-04-02 19:43 . 2008-04-14 06:51 27648 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-04-02 19:43 . 2008-04-14 06:51 27648 ----a-w- c:\windows\system32\irmon.dll
2010-04-02 19:43 . 2008-04-13 22:24 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2010-04-02 19:43 . 2008-04-13 22:24 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2010-04-02 19:43 . 2001-08-17 19:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2010-04-02 19:43 . 2001-08-17 19:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2010-04-02 19:42 . 2001-08-17 19:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2010-04-02 19:42 . 2001-08-17 19:51 18688 ----a-w- c:\windows\system32\drivers\irsir.sys
2010-03-28 08:21 . 2010-03-28 08:21 -------- d-----w- C:\RAR
2010-03-16 01:37 . 2008-08-02 04:20 86016 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 01:37 . 2008-08-02 04:20 229376 ----a-w- c:\windows\system32\nvmccs.dll
2010-03-16 01:37 . 2008-08-02 04:20 163908 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-16 01:37 . 2008-08-02 04:20 143360 ----a-w- c:\windows\system32\nvcolor.exe
2010-03-16 01:37 . 2008-08-02 04:20 13570048 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 01:37 . 2008-08-02 04:20 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-15 18:56 . 2010-03-17 20:59 -------- d-----w- c:\program files\BRS
2010-03-15 18:51 . 2010-03-15 18:51 -------- d-----w- c:\program files\Codemasters
2010-03-12 13:32 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-12 13:32 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-12 13:32 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-12 13:32 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-12 13:32 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-11 19:39 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 17:13 . 2009-12-19 18:28 17488 ----a-w- c:\windows\gdrv.sys
2010-04-04 09:20 . 2009-12-19 18:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-04 08:55 . 2009-12-20 13:39 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-04 08:55 . 2009-12-20 14:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-04 07:18 . 2001-10-25 13:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-04-04 07:18 . 2001-10-25 13:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-04-02 20:12 . 2009-12-19 18:34 -------- d-----w- c:\program files\Realtek
2010-04-02 20:04 . 2010-01-24 11:30 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-02 07:20 . 2009-12-19 18:55 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2010-03-29 16:48 . 2009-12-19 20:07 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-29 16:47 . 2009-12-19 20:07 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-20 19:00 . 2009-12-22 20:24 17488 ----a-w- c:\windows\etdrv.sys
2010-03-16 06:51 . 2009-12-20 13:59 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-03-12 14:25 . 2009-12-20 09:46 -------- d-----w- c:\program files\Electronic Arts
2010-02-26 05:43 . 2004-08-17 12:49 668160 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-17 12:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-23 20:26 . 2009-12-19 20:07 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-21 09:06 . 2010-02-21 09:06 -------- d-----w- c:\program files\Paint.NET
2010-02-16 14:34 . 2010-02-16 14:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-16 14:31 . 2010-02-16 14:31 -------- d-----w- c:\program files\LG Soft India
2010-02-16 14:31 . 2009-12-19 18:29 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-13 10:56 . 2010-02-12 19:10 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-02-13 05:59 . 2010-02-13 05:47 -------- d-----w- c:\program files\FlatOut2
2010-02-12 20:09 . 2010-02-12 17:46 533 ----a-w- c:\windows\eReg.dat
2010-02-12 20:03 . 2010-01-24 15:00 -------- d-----w- c:\program files\EA Games
2010-02-12 19:13 . 2010-01-08 12:23 -------- d-----w- c:\program files\Valve
2010-02-12 18:23 . 2010-02-12 18:23 -------- d-----w- c:\program files\GameSpy Arcade
2010-02-11 22:19 . 2010-02-11 21:36 -------- d-----w- c:\program files\Dassault Systemes
2010-02-11 16:05 . 2010-02-11 16:05 -------- d-----w- c:\program files\GIMP-2.0
2010-02-11 13:19 . 2010-02-11 13:19 -------- d-----w- c:\program files\Foxit Software
2010-02-11 13:16 . 2010-02-11 13:16 -------- d-----w- c:\program files\GameTop.com
2010-02-10 11:43 . 2004-08-17 12:49 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-02-10 11:37 . 2010-02-10 11:05 -------- d-----w- c:\program files\TrueTransparency
2010-01-25 17:51 . 2010-01-25 17:51 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-01-25 17:51 . 2010-01-25 17:51 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-01-25 17:51 . 2010-01-25 17:51 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-01-24 01:54 . 2010-01-24 01:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.

------- Sigcheck -------

[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[7] 2008-04-14 . 4F993463DC5F3F80D77A3D34D7BFBFED . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2004-08-17 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2004-08-17 . 1B4CCC59980DA34E75F20E42B283B027 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2010-01-24 306088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="m‘|\ü" [X]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"nwiz"="nwiz.exe" [2008-08-02 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13570048]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-04 149280]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-02 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
GIGABYTE Gamer HUD.lnk - c:\program files\GIGABYTE\Gamer HUD\HUD.exe [2008-6-26 1940992]
MemSet.exe.lnk - c:\windows\MemSave\MemSet.exe [2010-2-26 949248]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2010-2-16 1687552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2007-12-31 23:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\GIGABYTE\\ET6\\UpdExe.exe"=
"c:\\Program Files\\GIGABYTE\\EnergySaver\\run.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\GIGABYTE\\ET6\\GBTUpd.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\EA Games\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30.1.2010 17:24 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30.1.2010 17:24 242696]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1.1.2008 1:17 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1.1.2008 1:17 308064]
S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [19.12.2009 20:30 80392]
S2 gupdate1ca9471cce7c6bc;Služba Google Update (gupdate1ca9471cce7c6bc);c:\program files\Google\Update\GoogleUpdate.exe [13.1.2010 18:59 133104]
S3 AODDriver;AODDriver;c:\program files\GIGABYTE\ET6\i386\AODDriver.sys [23.2.2009 1:16 7168]
S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 etdrv;etdrv;c:\windows\etdrv.sys [22.12.2009 22:24 17488]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [26.12.2009 12:17 26736]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [25.1.2010 19:51 13224]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [19.12.2009 20:55 24944]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [16.2.2010 16:31 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [16.2.2010 16:31 18432]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-13 16:59]

2010-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-13 16:59]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://hawxgame.com/demo
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\devn4wnd.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
HKLM-Run-DrvIcon - c:\program files\Vista Drive Icon\DrvIcon.exe
HKLM-Run-SmartGuardian - c:\program files\ITE\Smart Guardian\ITESMART.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 19:25
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:0f,91,3b,21,bc,19,be,c9,dd,31,9c,4c,6d,8d,7d,8b,8b,c5,bc,97,9a,
c8,f3,23,47,b3,f7,ce,f4,56,3f,96,a9,a7,7a,ad,df,35,21,1c,59,f4,94,46,59,e8,\
"rkeysecu"=hex:b1,b2,47,6c,3f,2f,97,6a,be,87,4d,49,5c,40,ab,d7
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(856)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(2844)
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Celkový čas: 2010-04-10 19:27:16
ComboFix-quarantined-files.txt 2010-04-10 17:27

Před spuštěním: Volných bajtů: 196 500 160 512
Po spuštění: Volných bajtů: 196 470 894 592

- - End Of File - - 74572818D04346B9F3F10AE6338EDA7A

[motji]

Určitě můžete

Dejte soubor otestovat na http://www.virustotal.com


c:\windows\etdrv.sys
c:\windows\system32\ctfmon.exe
c:\windows\explorer.exe
c:\windows\system32\user32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\winlogon.exe
c:\windows\system32\drivers\zntport.sys

-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače

Ten soubor, co předtím otestovat nešel, máte ještě v počítači?

Budu tu zas až kolem 10 hodiny večer, dočistíme to a poku dnebudou problémy, hotovo

[Spo.On]

Všechny jsou čisté.... a tamten soubor už není k nalezení...

tady je log z druhého PC: (nejspíše to bude pěkná sbírka)


Logfile of random's system information tool 1.06 (written by random/random)
Run by Petr at 2010-04-10 18:51:04
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 289 MB (2%) free of 15 GB
Total RAM: 511 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:39, on 10.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\Petr.KADLECOVI\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Petr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wmrecorderpro.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Martin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - *{95289393-33EA-4F8D-B952-483415B9C955} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.6.0.4470\NPIEAddOn.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Martin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.3.840\ssd.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stb0.dll (file missing)
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

--
End of file - 8528 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ParetoLogic Registration.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
NP Helper Class - C:\Program Files\Internet Saving Optimizer\3.6.0.4470\NPIEAddOn.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-12 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Martin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-01-19 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
System Search Dispatcher - C:\Program Files\System Search Dispatcher\1.3.3.840\ssd.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]
{5617ECA9-488D-4BA2-8562-9710B9AB78D2} - GamingHarbor Toolbar - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stb0.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-03-20 2046816]
"WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"Jet Detection"=C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]
"CTStartup"=C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE [2001-12-20 28672]
"AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2002-07-25 290816]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-07-27 1983816]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2009-03-18 767312]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe /systray /nologon []

C:\Documents and Settings\Petr.KADLECOVI\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-22 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"D:\Program Files\ICQ6\ICQ.exe"="D:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Garena\Garena.exe"="D:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"D:\Valve\hl.exe"="D:\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\Mozilla Firefox\firefox.exe"="D:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Program Files\ICQ6.5\ICQ.exe"="D:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\VideoLAN\VLC\vlc.exe"="D:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"D:\Office12\ONENOTE.EXE"="D:\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Program Files\TmNationsForever\TmForever.exe"="D:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"F:\EasySetupAssistant\EasySetupAssistant.exe"="F:\EasySetupAssistant\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c785237-c93a-11dd-b529-000c76926c0e}]
shell\AutoRun\command - RECYCLER\usbv.exe
shell\open\command - RECYCLER\usbv.exe


======List of files/folders created in the last 1 months======

2010-04-10 18:51:09 ----D---- C:\Program Files\trend micro
2010-04-10 18:51:04 ----D---- C:\rsit
2010-04-05 09:45:45 ----D---- C:\Documents and Settings\Petr.KADLECOVI\Data aplikací\InfoTurist
2010-04-05 09:45:25 ----D---- C:\Program Files\Common Files\SWF Studio
2010-03-31 03:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$

======List of files/folders modified in the last 1 months======

2010-04-10 18:51:11 ----D---- C:\WINDOWS\Prefetch
2010-04-10 18:51:09 ----RD---- C:\Program Files
2010-04-10 16:12:19 ----D---- C:\WINDOWS\Temp
2010-04-10 16:07:54 ----A---- C:\WINDOWS\{00000000-00000000-00000008-00001102-00000002-80651102}.BAK
2010-04-09 21:31:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-09 14:55:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2010-04-06 19:18:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJ
2010-04-05 09:59:19 ----A---- C:\WINDOWS\win.ini
2010-04-05 09:45:25 ----D---- C:\Program Files\Common Files
2010-04-01 12:34:10 ----D---- C:\WINDOWS
2010-03-31 03:06:49 ----D---- C:\WINDOWS\system32
2010-03-31 03:02:09 ----HD---- C:\WINDOWS\inf
2010-03-31 03:01:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-31 03:00:59 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-30 19:55:40 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-28 10:02:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-26 15:40:15 ----D---- C:\Program Files\Windows Media Player
2010-03-20 21:04:10 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-17 14:39:46 ----HD---- C:\$AVG8.VAULT$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-22 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-22 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-06 108552]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Martin\LOCALS~1\Temp\OSV1E.tmp []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0017bus.sys [2008-05-27 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys [2008-05-27 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0017mdm.sys [2008-05-27 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys [2008-05-27 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\WINDOWS\system32\DRIVERS\s0017nd5.sys [2008-05-27 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0017obex.sys [2008-05-27 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\WINDOWS\system32\DRIVERS\s0017unic.sys [2008-05-27 117672]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-22 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-22 297752]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2009-02-10 116104]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[motji]

Když dovolíte, nejdřív dokončíme ten první, at se to neplete .

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Folder::
c:\program files\Faronics
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"=-
Restore::
c:\windows\system32\ctfmon.exe
c:\windows\explorer.exe
c:\windows\system32\user32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\winlogon.exe

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci


--------------------
tuto stránku znáte?
uInternet Connection Wizard,ShellNext = hxxp://hawxgame.com/demo

---------------------

Zapojte do pc všechny usb klíče, flashky...co používáte


Stáhněte na plochu UsbFix
-spusťte, zvolte jazyk E - potvrdťe enter
-klikněte na volbu 2 - enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt


------------------------

vložte nový log ze Rsitu . Pokud bude vše v pořádku, už jen uklidím po použitých programech

[Spo.On]

samozřejmě jen jsem myslel že už je konec...
ta stránka je pozůstatek po jednom benchmarku..

ComboFix 10-04-09.06 - Administrator 10.04.2010 20:48:27.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1364 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Faronics

Nakažená kopie c:\windows\explorer.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

Nakažená kopie c:\windows\system32\comctl32.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll

Nakažená kopie c:\windows\system32\ctfmon.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe

Nakažená kopie c:\windows\system32\user32.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\NiwradSoft Shell Pack\Backup\user32.dll

Nakažená kopie c:\windows\system32\winlogon.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-10 do 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-10 21:45 . 2010-04-10 21:45 -------- d-----w- C:\_OTL
2010-04-10 18:27 . 2010-04-10 18:27 -------- d-----w- c:\program files\ESET
2010-04-04 09:20 . 2005-01-26 17:19 97 ----a-w- c:\windows\system32\drivers\a.bat
2010-04-04 09:20 . 2004-10-07 04:59 102912 ----a-r- c:\windows\system32\Ntport.dll
2010-04-04 09:20 . 2003-10-22 18:04 46080 ----a-r- c:\windows\system32\itevio.dll
2010-04-04 09:20 . 2001-01-22 12:23 6080 ----a-w- c:\windows\system32\drivers\zntport.sys
2010-04-04 09:20 . 2000-07-16 06:00 118784 ----a-r- c:\windows\system32\Msstdfmt.dll
2010-04-04 09:20 . 2010-04-04 09:20 -------- d-----w- c:\windows\SysWow64
2010-04-04 08:53 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-04-04 08:53 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-04-04 08:53 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-04-04 08:53 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-04-04 08:38 . 2010-04-04 08:59 -------- d-----w- c:\program files\METRO 2033
2010-04-04 07:30 . 2010-04-04 07:30 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-03 15:45 . 2010-04-03 15:45 -------- d-----w- c:\program files\Sophos
2010-04-03 07:17 . 2010-04-04 07:28 -------- d-----w- c:\program files\Steam
2010-04-02 20:12 . 2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe
2010-04-02 20:07 . 2010-04-02 20:15 -------- d-----w- c:\windows\NV3676340.TMP
2010-04-02 19:43 . 2008-04-14 06:52 152064 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-04-02 19:43 . 2008-04-14 06:52 152064 ----a-w- c:\windows\system32\irftp.exe
2010-04-02 19:43 . 2008-04-14 06:52 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-04-02 19:43 . 2008-04-14 06:52 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-04-02 19:43 . 2008-04-14 06:51 27648 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-04-02 19:43 . 2008-04-14 06:51 27648 ----a-w- c:\windows\system32\irmon.dll
2010-04-02 19:43 . 2008-04-13 22:24 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2010-04-02 19:43 . 2008-04-13 22:24 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2010-04-02 19:43 . 2001-08-17 19:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2010-04-02 19:43 . 2001-08-17 19:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2010-04-02 19:42 . 2001-08-17 19:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2010-04-02 19:42 . 2001-08-17 19:51 18688 ----a-w- c:\windows\system32\drivers\irsir.sys
2010-03-31 06:23 . 2010-03-31 06:23 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-03-31 06:22 . 2010-03-31 06:22 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-31 06:17 . 2010-03-31 06:17 140216 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-03-28 08:21 . 2010-03-28 08:21 -------- d-----w- C:\RAR
2010-03-16 01:37 . 2008-08-02 04:20 86016 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 01:37 . 2008-08-02 04:20 229376 ----a-w- c:\windows\system32\nvmccs.dll
2010-03-16 01:37 . 2008-08-02 04:20 163908 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-16 01:37 . 2008-08-02 04:20 143360 ----a-w- c:\windows\system32\nvcolor.exe
2010-03-16 01:37 . 2008-08-02 04:20 13570048 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 01:37 . 2008-08-02 04:20 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-15 18:56 . 2010-03-17 20:59 -------- d-----w- c:\program files\BRS
2010-03-15 18:51 . 2010-03-15 18:51 -------- d-----w- c:\program files\Codemasters
2010-03-12 13:32 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-12 13:32 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-12 13:32 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-12 13:32 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-12 13:32 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-11 19:39 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 18:51 . 2009-12-19 18:28 17488 ----a-w- c:\windows\gdrv.sys
2010-04-04 09:20 . 2009-12-19 18:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-04 08:55 . 2009-12-20 13:39 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-04 08:55 . 2009-12-20 14:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-04 07:18 . 2001-10-25 13:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-04-04 07:18 . 2001-10-25 13:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-04-02 20:12 . 2009-12-19 18:34 -------- d-----w- c:\program files\Realtek
2010-04-02 20:04 . 2010-01-24 11:30 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-02 07:20 . 2009-12-19 18:55 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2010-03-29 16:48 . 2009-12-19 20:07 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-29 16:47 . 2009-12-19 20:07 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-20 19:00 . 2009-12-22 20:24 17488 ----a-w- c:\windows\etdrv.sys
2010-03-16 06:51 . 2009-12-20 13:59 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-03-12 14:25 . 2009-12-20 09:46 -------- d-----w- c:\program files\Electronic Arts
2010-02-26 05:43 . 2004-08-17 12:49 668160 ------w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-17 12:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-23 20:26 . 2009-12-19 20:07 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-21 09:06 . 2010-02-21 09:06 -------- d-----w- c:\program files\Paint.NET
2010-02-16 14:34 . 2010-02-16 14:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-16 14:31 . 2010-02-16 14:31 -------- d-----w- c:\program files\LG Soft India
2010-02-16 14:31 . 2009-12-19 18:29 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-13 10:56 . 2010-02-12 19:10 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-02-13 05:59 . 2010-02-13 05:47 -------- d-----w- c:\program files\FlatOut2
2010-02-12 20:09 . 2010-02-12 17:46 533 ----a-w- c:\windows\eReg.dat
2010-02-12 20:03 . 2010-01-24 15:00 -------- d-----w- c:\program files\EA Games
2010-02-12 19:13 . 2010-01-08 12:23 -------- d-----w- c:\program files\Valve
2010-02-12 18:23 . 2010-02-12 18:23 -------- d-----w- c:\program files\GameSpy Arcade
2010-02-11 22:19 . 2010-02-11 21:36 -------- d-----w- c:\program files\Dassault Systemes
2010-02-11 16:05 . 2010-02-11 16:05 -------- d-----w- c:\program files\GIMP-2.0
2010-02-11 13:19 . 2010-02-11 13:19 -------- d-----w- c:\program files\Foxit Software
2010-02-11 13:16 . 2010-02-11 13:16 -------- d-----w- c:\program files\GameTop.com
2010-02-10 11:43 . 2004-08-17 12:49 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-02-10 11:37 . 2010-02-10 11:05 -------- d-----w- c:\program files\TrueTransparency
2010-01-25 17:51 . 2010-01-25 17:51 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-01-25 17:51 . 2010-01-25 17:51 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-01-25 17:51 . 2010-01-25 17:51 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-01-24 01:54 . 2010-01-24 01:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2010-01-24 306088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"nwiz"="nwiz.exe" [2008-08-02 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13570048]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-04 149280]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-02 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
GIGABYTE Gamer HUD.lnk - c:\program files\GIGABYTE\Gamer HUD\HUD.exe [2008-6-26 1940992]
MemSet.exe.lnk - c:\windows\MemSave\MemSet.exe [2010-2-26 949248]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2010-2-16 1687552]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\GIGABYTE\\ET6\\UpdExe.exe"=
"c:\\Program Files\\GIGABYTE\\EnergySaver\\run.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\GIGABYTE\\ET6\\GBTUpd.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\EA Games\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [31.3.2010 8:23 810120]
S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [19.12.2009 20:30 80392]
S2 gupdate1ca9471cce7c6bc;Služba Google Update (gupdate1ca9471cce7c6bc);c:\program files\Google\Update\GoogleUpdate.exe [13.1.2010 18:59 133104]
S3 AODDriver;AODDriver;c:\program files\GIGABYTE\ET6\i386\AODDriver.sys [23.2.2009 1:16 7168]
S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 etdrv;etdrv;c:\windows\etdrv.sys [22.12.2009 22:24 17488]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [26.12.2009 12:17 26736]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [25.1.2010 19:51 13224]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [19.12.2009 20:55 24944]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [16.2.2010 16:31 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [16.2.2010 16:31 18432]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-13 16:59]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-13 16:59]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://hawxgame.com/demo
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\devn4wnd.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 20:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:0f,91,3b,21,bc,19,be,c9,dd,31,9c,4c,6d,8d,7d,8b,8b,c5,bc,97,9a,
c8,f3,23,47,b3,f7,ce,f4,56,3f,96,a9,a7,7a,ad,df,35,21,1c,59,f4,94,46,59,e8,\
"rkeysecu"=hex:b1,b2,47,6c,3f,2f,97,6a,be,87,4d,49,5c,40,ab,d7
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(3392)
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Celkový čas: 2010-04-10 20:58:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-10 18:58
ComboFix2.txt 2010-04-10 17:27

Před spuštěním: Volných bajtů: 196 419 440 640
Po spuštění: Volných bajtů: 196 446 642 176

- - End Of File - - 3F2AF5A4AD998AE138DDC3271B43E663



############################## | UsbFix V6.102 |

User : Administrator (Administrators) # MARTIN
Update on 10/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 21:05:48 | 10.4.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz
Systém Microsoft Windows XP Professional (5.1.2600 64-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Enabled
AV : ESET NOD32 Antivirus 4.2 4.2 [ Enabled | Updated ]

C:\ -> Místní pevný disk # 465,75 Go (182,94 Go free) # NTFS
D:\ -> Disk CD-ROM # 276,8 Mo (0 Mo free) [ReatogoPE] # CDFS
E:\ -> Vyměnitelný disk # 1,9 Go (1,9 Go free) # FAT32

################## | Files # Infected Folders |

(!) Not deleted ! D:\autorun.inf

################## | Registry |

Deleted ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
Deleted ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |


################## | Listing of the present files |

[12.03.2010 16:05|--a------|393733] C:\AnalysisLog.sr0
[19.12.2009 20:19|--a------|0] C:\AUTOEXEC.BAT
[10.04.2010 19:04|-rahs----|281] C:\boot.ini
[25.10.2001 15:00|-rahs----|4952] C:\Bootfont.bin
[10.04.2010 20:58|--a------|21905] C:\ComboFix.txt
[19.12.2009 20:19|--a------|0] C:\CONFIG.SYS
[19.12.2009 20:36|--a------|86] C:\csb.log
[19.12.2009 20:19|-rahs----|0] C:\IO.SYS
[19.12.2009 20:19|-rahs----|0] C:\MSDOS.SYS
[03.08.2004 21:38|-rahs----|47564] C:\NTDETECT.COM
[19.12.2009 20:56|-rahs----|250576] C:\ntldr
[10.04.2010 23:44|--a------|171572] C:\OTL.Txt
[?|?|?] C:\pagefile.sys
[20.02.2010 22:43|--a------|1786837] C:\Plintfingburg Transport, 28. lis 1960.sav
[19.12.2009 20:34|--a------|429] C:\RHDSetup.log
[10.04.2010 21:05|--a------|73] C:\service.log
[12.02.2010 16:13|--a------|2150] C:\SessionInfoFile_Administrator_d043_h15m13_0.txt
[10.04.2010 21:11|--a------|2012] C:\UsbFix.txt
[24.03.2006 13:06|-r-------|53] D:\AUTORUN.INF
[15.03.2010 18:15|-r-------|0] D:\WIN51IP
[15.03.2010 18:15|-r-------|0] D:\WIN51IP.SP2
[16.07.2005 23:36|-r-------|240128] D:\reatogoMenu.exe
[15.03.2010 18:19|-r-------|1177] D:\reatogoMenu.ini
[27.02.2008 15:15|--a------|220] E:\AUTOEXEC.BAT
[09.04.2010 16:29|--a------|71] E:\setfsb.txt

################## | Vaccination |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# E:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_MARTIN.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.102 ! |

[Spo.On]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-04-10 21:21:44
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 187 GB (39%) free of 477 GB
Total RAM: 2046 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:55, on 10.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Plocha\RSIT(2).exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://hawxgame.com/demo
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: GIGABYTE Gamer HUD.lnk = C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe
O4 - Startup: MemSet.exe.lnk = C:\WINDOWS\MemSave\MemSet.exe
O4 - Global Startup: forteManager.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Služba Google Update (gupdate1ca9471cce7c6bc) (gupdate1ca9471cce7c6bc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5349 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-04 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-08-02 13570048]
"EasyTuneVI"=C:\Program Files\GIGABYTE\ET6\ETcall.exe [2007-07-26 20480]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-04 149280]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-07-27 1983816]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2009-03-18 767312]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-08-02 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-31 2145000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2010-01-24 306088]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
forteManager.lnk - C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe

C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
GIGABYTE Gamer HUD.lnk - C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe
MemSet.exe.lnk - C:\WINDOWS\MemSave\MemSet.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=255
"HonorAutoRunSetting"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\GIGABYTE\ET6\UpdExe.exe"="C:\Program Files\GIGABYTE\ET6\UpdExe.exe:*:Enabled:Exe File"
"C:\Program Files\GIGABYTE\EnergySaver\run.exe"="C:\Program Files\GIGABYTE\EnergySaver\run.exe:*:Enabled:update"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\GIGABYTE\ET6\GBTUpd.exe"="C:\Program Files\GIGABYTE\ET6\GBTUpd.exe:*:Enabled:GBTUpd.exe"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe"="C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"C:\Program Files\GIGABYTE\@BIOS\gwflash.exe"="C:\Program Files\GIGABYTE\@BIOS\gwflash.exe:*:Enabled:@BIOS Application"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\EA Games\Battlefield 1942\BF1942.exe"="C:\Program Files\EA Games\Battlefield 1942\BF1942.exe:*:Enabled:BF1942"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-04-10 23:45:07 ----D---- C:\_OTL
2010-04-10 21:21:45 ----D---- C:\Program Files\trend micro
2010-04-10 21:21:44 ----D---- C:\rsit
2010-04-10 21:11:09 ----RASHD---- C:\autorun.inf
2010-04-10 21:11:07 ----SHD---- C:\RECYCLER
2010-04-10 21:05:41 ----A---- C:\UsbFix.txt
2010-04-10 21:03:05 ----D---- C:\UsbFix
2010-04-10 20:58:42 ----A---- C:\ComboFix.txt
2010-04-10 20:47:32 ----D---- C:\ComboFix
2010-04-10 20:27:12 ----D---- C:\Program Files\ESET
2010-04-10 20:27:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-04-10 19:20:38 ----D---- C:\Qoobox
2010-04-10 19:04:23 ----RASHD---- C:\cmdcons
2010-04-10 19:03:13 ----A---- C:\WINDOWS\zip.exe
2010-04-10 19:03:13 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-10 19:03:13 ----A---- C:\WINDOWS\SWSC.exe
2010-04-10 19:03:13 ----A---- C:\WINDOWS\SWREG.exe
2010-04-10 19:03:13 ----A---- C:\WINDOWS\sed.exe
2010-04-10 19:03:13 ----A---- C:\WINDOWS\PEV.exe
2010-04-10 19:03:13 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-10 19:03:13 ----A---- C:\WINDOWS\MBR.exe
2010-04-10 19:03:13 ----A---- C:\WINDOWS\grep.exe
2010-04-10 18:59:52 ----D---- C:\WINDOWS\ERDNT
2010-04-10 16:47:55 ----A---- C:\OTL.Txt
2010-04-04 11:20:34 ----RA---- C:\WINDOWS\system32\Ntport.dll
2010-04-04 11:20:34 ----RA---- C:\WINDOWS\system32\Msstdfmt.dll
2010-04-04 11:20:34 ----RA---- C:\WINDOWS\system32\itevio.dll
2010-04-04 11:20:33 ----D---- C:\WINDOWS\SysWow64
2010-04-04 10:53:49 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2010-04-04 10:53:49 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2010-04-04 10:53:48 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2010-04-04 10:53:48 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2010-04-04 10:38:33 ----D---- C:\Program Files\METRO 2033
2010-04-04 09:23:56 ----D---- C:\Config.Msi
2010-04-04 09:13:59 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-03 17:45:05 ----D---- C:\Program Files\Sophos
2010-04-03 10:00:05 ----D---- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools Lite
2010-04-03 10:00:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-04-03 09:17:13 ----D---- C:\Program Files\Steam
2010-04-02 22:12:25 ----A---- C:\WINDOWS\Alcmtr.exe
2010-04-02 22:07:33 ----D---- C:\WINDOWS\NV3676340.TMP
2010-04-02 21:43:20 ----A---- C:\WINDOWS\system32\wshirda.dll
2010-04-02 21:43:20 ----A---- C:\WINDOWS\system32\irmon.dll
2010-04-02 21:43:20 ----A---- C:\WINDOWS\system32\irftp.exe
2010-03-31 19:25:29 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$
2010-03-28 10:21:39 ----D---- C:\RAR
2010-03-16 03:37:50 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2010-03-16 03:37:50 ----A---- C:\WINDOWS\system32\nvmctray.dll
2010-03-16 03:37:50 ----A---- C:\WINDOWS\system32\nvmccs.dll
2010-03-16 03:37:50 ----A---- C:\WINDOWS\system32\nvcpl.dll
2010-03-16 03:37:50 ----A---- C:\WINDOWS\system32\nvcolor.exe
2010-03-16 03:37:44 ----A---- C:\WINDOWS\system32\nvwddi.dll
2010-03-15 20:59:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Codemasters
2010-03-15 20:56:41 ----D---- C:\Documents and Settings\Administrator\Data aplikací\vlc
2010-03-15 20:56:00 ----D---- C:\Program Files\BRS
2010-03-15 20:55:50 ----RA---- C:\WINDOWS\system32\tmp22D.tmp
2010-03-15 20:55:50 ----RA---- C:\WINDOWS\system32\tmp22C.tmp
2010-03-15 20:51:19 ----D---- C:\Program Files\Codemasters
2010-03-14 19:54:06 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mikrotik
2010-03-12 15:32:40 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2010-03-12 15:32:39 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2010-03-12 15:32:39 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2010-03-12 15:32:38 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2010-03-12 15:32:38 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2010-03-11 21:39:35 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-11 00:57:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$

======List of files/folders modified in the last 1 months======

2010-04-10 21:21:45 ----RD---- C:\Program Files
2010-04-10 21:21:45 ----D---- C:\WINDOWS\Temp
2010-04-10 21:05:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-10 20:58:44 ----D---- C:\WINDOWS\system32\drivers
2010-04-10 20:57:33 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-10 20:52:00 ----D---- C:\WINDOWS
2010-04-10 20:51:47 ----A---- C:\WINDOWS\system.ini
2010-04-10 20:51:15 ----D---- C:\WINDOWS\system32
2010-04-10 20:49:19 ----D---- C:\WINDOWS\AppPatch
2010-04-10 20:49:10 ----D---- C:\Program Files\Common Files
2010-04-10 20:27:41 ----SHD---- C:\WINDOWS\Installer
2010-04-10 20:27:35 ----HD---- C:\WINDOWS\inf
2010-04-10 20:08:45 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2010-04-10 19:35:51 ----D---- C:\Program Files\Mozilla Firefox
2010-04-10 19:33:36 ----D---- C:\WINDOWS\Minidump
2010-04-10 19:04:29 ----RASH---- C:\boot.ini
2010-04-10 18:59:38 ----D---- C:\WINDOWS\Prefetch
2010-04-04 11:20:33 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-04 10:55:49 ----D---- C:\Program Files\NVIDIA Corporation
2010-04-04 10:55:48 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-04 10:53:51 ----D---- C:\WINDOWS\system32\DirectX
2010-04-04 10:53:20 ----RSD---- C:\WINDOWS\assembly
2010-04-04 10:53:09 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-04 09:31:05 ----D---- C:\WINDOWS\system32\config
2010-04-04 09:30:30 ----D---- C:\WINDOWS\system32\wbem
2010-04-04 09:30:23 ----D---- C:\WINDOWS\Registration
2010-04-04 09:27:28 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Real
2010-04-04 09:25:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-04 09:24:52 ----D---- C:\WINDOWS\Help
2010-04-03 09:16:56 ----D---- C:\WINDOWS\WinSxS
2010-04-02 22:12:54 ----D---- C:\WINDOWS\system32\RTCOM
2010-04-02 22:12:25 ----D---- C:\Program Files\Realtek
2010-04-02 22:07:34 ----D---- C:\WINDOWS\nview
2010-04-02 21:43:20 ----D---- C:\WINDOWS\Media
2010-03-31 15:42:16 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-29 18:47:45 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-03-15 17:34:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-14 22:34:29 ----D---- C:\Documents and Settings\Administrator\Data aplikací\dvdcss
2010-03-13 11:37:04 ----D---- C:\Fraps
2010-03-12 16:25:54 ----D---- C:\Program Files\Electronic Arts
2010-03-12 16:25:04 ----D---- C:\WINDOWS\Logs
2010-03-11 00:57:58 ----A---- C:\WINDOWS\imsins.BAK
2010-03-11 00:57:54 ----D---- C:\Program Files\Movie Maker

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-03-31 95872]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-03-31 140216]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-08-02 6121856]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-06-16 109184]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 AODDriver;AODDriver; \??\C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 etdrv;etdrv; \??\C:\WINDOWS\etdrv.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2010-01-25 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2010-01-25 25512]
S3 GVTDrv;GVTDrv; \??\C:\WINDOWS\system32\Drivers\GVTDrv.sys []
S3 LGDDCDevice;LGDDCDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys []
S3 LGII2CDevice;LGII2CDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-31 810120]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2009-02-10 116104]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-04 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-08-02 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-02-23 75064]
S2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-07-11 80392]
S2 gupdate1ca9471cce7c6bc;Služba Google Update (gupdate1ca9471cce7c6bc); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-13 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-31 33560]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[motji]

:arrow:Stáhněte OTM http://oldtimer.geekstogo.com/OTM.exe
Stáhněte na plochu Otm, 2krát klikněte na Otm,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru zkopírujete skript

Kód: Vybrat vše

:processes
explorer.exe
 
:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\WINDOWS\system32\tmp22D.tmp
C:\WINDOWS\system32\tmp22C.tmp
C:\UsbFix
C:\Program Files\AVG

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

:Services
catchme

:commands
[Reboot]

-klikněte na červené tlačítko Moveit!
-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTM\MovedFiles. Log vložte sem




***********
Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

***********

Nemáte firewall,k čemu je užitečný se dozvíte zde http://www.viry.cz/forum/viewtopic.php?f=41&t=20980

Pokud už s tímto počítačem nejsou problémy, máme hotovo .
Ten program nám dal ale zabrat , omlouvám se, že jsem na to nepřišla dřív , tohle by mě ale vůbec nenapadlo.

*******************************************
*******************************************

Druhý pc

používáte Garenu?

Zapojte do pc všechny usb klíče, flashky...co používáte

Stáhněte na plochu UsbFix
-spusťte, zvolte jazyk E - potvrdťe enter
-klikněte na volbu 2 - enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[Spo.On]

========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\WINDOWS\system32\tmp22D.tmp not found.
File/Folder C:\WINDOWS\system32\tmp22C.tmp not found.
File/Folder C:\UsbFix not found.
File/Folder C:\Program Files\AVG not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
========== SERVICES/DRIVERS ==========
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.10.1 log created on 04112010_091824

[motji]

To jste spouštěl na prvním nebo druhém počítači? To byl skript pro Otm na první počítač.