AntiMalware hlasi zablokovani pristupu na IP adresu

Zpráva

msm · #1 Příspěvek od **msm** » 12 dub 2010 12:53

MalwareBytes Antimalware neustale zobrazuje hlasky o zablokovani pristupu na asi 3 stejne IP adresy. Hledal jsem na netu a jedna je snad vysledkem viru. Malware naslo nejaky rootkit v temp a zlikvidovalo. Ale vic nenajde. AVG9 nenajde jako vzdy vubec nic.

Blokovane IP jsou:
217.23.13.101
174.37.231.4
213.163.89.104
asi tak v rozmezi 10 minut vzdy dochazi k pokusu kontaktovat jednu z techto adres.

Prikladam vypis logu z RSIT:

Kód: Vybrat vše

Logfile of random's system information tool 1.06 (written by random/random)
Run by MS at 2010-04-12 13:18:20
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 225 GB (81%) free of 277 GB
Total RAM: 3071 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:33, on 12.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetSetMan Pro\netsetman.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Altap Salamander 2.5\salamand.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\avir\RSIT.exe
C:\Program Files\trend micro\MS.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NetSetMan] C:\Program Files\NetSetMan Pro\netsetman.exe -h
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{918C38A8-E609-4168-9293-AC313E7C13A4}: NameServer = 192.168.1.1
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WEP key recovery service (WZCOOK) - Unknown owner - C:\testy\Nová složk\aircrack_2.1_win32\wzcook.exe (file missing)

--
End of file - 11290 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Driver Fetch.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2010-03-21 798771]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-04-11 1602912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-02-23 1664256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-21 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-21 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-02-23 1664256]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2010-03-21 798771]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-12-10 133016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-10 16861184]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 849280]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2009-07-22 83336]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-30 437584]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-04-11 2064224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"NetSetMan"=C:\Program Files\NetSetMan Pro\netsetman.exe [2010-01-07 3512000]
"Nektra OEAPI"= []
"OEXPRESS"=C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE [2010-03-21 26624]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-03-20 1312256]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Documents and Settings\MS\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Spamihilator.lnk - C:\Program Files\Spamihilator\spamihilator.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-04-11 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Altap Salamander 2.5\salamand.exe"="C:\Program Files\Altap Salamander 2.5\salamand.exe:*:Enabled:Altap Salamander, File Manager"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Generals Zero Hour\game.dat"="C:\Program Files\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Generals Zero Hour\game.dat:*:Enabled:game"
"C:\Program Files\Spamihilator\spamihilator.exe"="C:\Program Files\Spamihilator\spamihilator.exe:*:Enabled:Spamihilator"
"C:\Program Files\Spamihilator\cdcc.exe"="C:\Program Files\Spamihilator\cdcc.exe:*:Enabled:Spamihilator DCC Filter Configuration"
"C:\Program Files\Spamihilator\dccproc.exe"="C:\Program Files\Spamihilator\dccproc.exe:*:Enabled:Spamihilator DCC Filter"
"D:\setup\HPZNET01.EXE"="D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"D:\setup\hppapd.exe"="D:\setup\hppapd.exe:*:Enabled:hppapd.exe"
"D:\setup\HPNTWKEXE.EXE"="D:\setup\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe"
"C:\Program Files\Psiloc\WirelessPresenter\PsilocWirelessPresenterDesktop.exe"="C:\Program Files\Psiloc\WirelessPresenter\PsilocWirelessPresenterDesktop.exe:*:Enabled:PSILOC Wireless Presenter Desktop"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acd95c7b-2f91-11df-b50f-40618613e3df}]
shell\AutoRun\command - NgWUCp.EXe
shell\opEn\command - nGWUCP.EXe


======List of files/folders created in the last 1 months======

2010-04-12 13:18:20 ----D---- C:\rsit
2010-04-12 13:18:20 ----D---- C:\Program Files\trend micro
2010-04-12 13:08:23 ----A---- C:\WINDOWS\WININIT.INI
2010-04-12 12:52:54 ----D---- C:\Program Files\Ultimate Process Manager
2010-04-12 12:44:52 ----D---- C:\avir
2010-04-12 08:47:16 ----D---- C:\Program Files\ESET
2010-04-11 19:16:52 ----A---- C:\wepkeys.txt
2010-04-11 13:30:01 ----HD---- C:\$AVG
2010-04-11 13:26:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-04-10 13:14:28 ----A---- C:\WINDOWS\system32\msxml4a.dll
2010-04-10 13:14:23 ----D---- C:\Program Files\SourceTec
2010-04-10 12:46:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2010-04-10 12:16:08 ----D---- C:\Program Files\Common Files\Macrovision Shared
2010-04-08 23:03:39 ----D---- C:\Program Files\Openworld
2010-04-08 20:50:47 ----D---- C:\Program Files\Common Files\SourceTec
2010-04-06 19:01:43 ----D---- C:\ut
2010-04-05 13:02:27 ----D---- C:\foto
2010-04-04 20:17:35 ----D---- C:\Documents and Settings\MS\Data aplikací\skypePM
2010-04-04 20:16:59 ----D---- C:\Documents and Settings\MS\Data aplikací\Skype
2010-04-04 20:16:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-04-04 10:30:47 ----D---- C:\Program Files\Psiloc
2010-04-01 23:50:10 ----D---- C:\Ikony
2010-04-01 16:50:00 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2010-04-01 16:47:48 ----D---- C:\Program Files\Photoshop 8 Portable CZ
2010-04-01 12:36:15 ----D---- C:\testy
2010-04-01 10:24:01 ----D---- C:\Program Files\siscontents
2010-04-01 09:13:52 ----D---- C:\drevo
2010-03-30 19:32:46 ----D---- C:\Documents and Settings\MS\Data aplikací\OpenOffice.org
2010-03-30 19:30:40 ----D---- C:\Program Files\OpenOffice.org 3
2010-03-30 14:41:12 ----D---- C:\Program Files\Epocware
2010-03-29 21:01:02 ----D---- C:\Program Files\Intel
2010-03-29 21:00:57 ----D---- C:\Documents and Settings\MS\Data aplikací\InstallShield
2010-03-29 20:59:20 ----D---- C:\INTEL
2010-03-28 17:02:28 ----D---- C:\WINDOWS\Freedom Universal Keyboard
2010-03-28 17:02:28 ----D---- C:\Program Files\Freedom Universal Keyboard
2010-03-28 17:02:15 ----A---- C:\WINDOWS\Freedom Universal Keyboard Setup Log.txt
2010-03-28 04:25:00 ----D---- C:\Documents and Settings\MS\Data aplikací\Blitware
2010-03-27 17:03:34 ----D---- C:\Program Files\Toshiba
2010-03-27 15:37:41 ----D---- C:\WINDOWS\system32\appmgmt
2010-03-27 15:26:43 ----D---- C:\tosh
2010-03-27 15:14:42 ----D---- C:\Program Files\Driver Fetch
2010-03-27 15:08:49 ----D---- C:\Program Files\Microsoft IntelliPoint
2010-03-27 11:32:25 ----N---- C:\WINDOWS\system32\spmsg2.dll
2010-03-27 11:32:24 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2010-03-27 11:12:29 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-27 11:12:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-03-27 10:29:34 ----D---- C:\Program Files\MSXML 4.0
2010-03-26 21:23:16 ----D---- C:\WMSDK
2010-03-26 21:14:38 ----A---- C:\WINDOWS\ModemLog_Standardní modem 33 600 bitů za sekundu.txt
2010-03-25 15:01:39 ----D---- C:\Program Files\Common Files\PCSuite
2010-03-25 15:01:02 ----D---- C:\Program Files\PC Connectivity Solution
2010-03-25 14:56:08 ----A---- C:\WINDOWS\WINCMD.INI
2010-03-25 14:54:56 ----D---- C:\WC
2010-03-25 01:32:13 ----D---- C:\e52
2010-03-25 00:05:59 ----D---- C:\Documents and Settings\MS\Data aplikací\Help
2010-03-24 23:18:18 ----D---- C:\WINDOWS\Downloaded Installations
2010-03-24 23:17:48 ----D---- C:\WINDOWS\SxsCaPendDel
2010-03-24 22:30:30 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2010-03-24 22:16:11 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2010-03-24 22:16:11 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2010-03-24 22:16:10 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2010-03-24 22:15:04 ----RA---- C:\WINDOWS\system32\RtsUStor.dll
2010-03-24 20:55:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nokia
2010-03-24 20:35:54 ----D---- C:\Documents and Settings\MS\Data aplikací\PC Suite
2010-03-24 20:35:54 ----D---- C:\Documents and Settings\MS\Data aplikací\Nokia
2010-03-24 20:35:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2010-03-24 20:23:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2010-03-24 20:22:15 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2010-03-24 20:08:52 ----D---- C:\Program Files\MSXML 6.0
2010-03-24 19:55:30 ----D---- C:\Program Files\Common Files\Nokia
2010-03-24 19:50:35 ----D---- C:\Program Files\Nokia
2010-03-24 17:05:36 ----D---- C:\Zaloha
2010-03-22 22:50:08 ----D---- C:\Program Files\Hewlett-Packard
2010-03-22 22:48:59 ----A---- C:\WINDOWS\system32\HPPDEVX.DLL.log
2010-03-22 22:48:38 ----A---- C:\WINDOWS\system32\AddPort.ini
2010-03-22 22:48:07 ----A---- C:\WINDOWS\hpntwksetup.ini
2010-03-22 22:45:30 ----D---- C:\Program Files\HP
2010-03-22 22:43:34 ----D---- C:\Program Files\Common Files\SWF Studio
2010-03-22 22:26:51 ----A---- C:\WINDOWS\hpbvspst.ini
2010-03-22 22:26:18 ----D---- C:\HP LJP2015 PCL6
2010-03-22 20:48:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spamihilator
2010-03-22 20:47:45 ----D---- C:\Documents and Settings\MS\Data aplikací\Spamihilator
2010-03-22 20:47:35 ----D---- C:\Program Files\Spamihilator
2010-03-22 19:50:28 ----A---- C:\LOGFILE.TXT
2010-03-22 17:43:42 ----D---- C:\_notebook
2010-03-21 11:23:49 ----D---- C:\Program Files\IDM Computer Solutions
2010-03-21 11:15:57 ----D---- C:\Documents and Settings\MS\Data aplikací\Malwarebytes
2010-03-21 11:15:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-21 11:15:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-03-21 11:12:16 ----D---- C:\Documents and Settings\MS\Data aplikací\IDMComp
2010-03-21 10:51:29 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-21 10:51:29 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-21 10:51:29 ----A---- C:\WINDOWS\system32\java.exe
2010-03-21 10:51:29 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-03-21 10:07:52 ----D---- C:\Program Files\uTorrent
2010-03-21 01:04:08 ----A---- C:\WINDOWS\WTRDCTM.INI
2010-03-21 00:54:35 ----D---- C:\Documents and Settings\MS\Data aplikací\LangSoft
2010-03-21 00:54:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\LangSoft
2010-03-20 21:50:35 ----A---- C:\WINDOWS\system32\ChCfg.exe
2010-03-20 21:50:07 ----A---- C:\WINDOWS\Alcmtr.exe
2010-03-20 21:50:01 ----A---- C:\WINDOWS\HideWin.exe
2010-03-20 21:47:12 ----D---- C:\Program Files\Setup Files
2010-03-20 21:44:22 ----D---- C:\Program Files\MSI
2010-03-20 21:11:18 ----D---- C:\Program Files\BreakPoint Software
2010-03-20 21:11:05 ----A---- C:\WINDOWS\IsUninst.exe
2010-03-20 20:43:36 ----A---- C:\WINDOWS\system32\psisdecd.dll
2010-03-20 20:43:32 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2010-03-20 20:38:17 ----D---- C:\Program Files\EA Games
2010-03-20 20:30:41 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-20 20:14:45 ----D---- C:\Program Files\Common Files\EasyInfo
2010-03-20 20:01:14 ----D---- C:\Config.Msi
2010-03-20 19:58:19 ----D---- C:\WINDOWS\pss
2010-03-20 13:31:16 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-03-20 13:30:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-03-20 13:27:31 ----D---- C:\Program Files\WinRAR
2010-03-20 13:18:00 ----SHD---- C:\RECYCLER
2010-03-20 12:43:51 ----D---- C:\Program Files\JDownloader
2010-03-20 12:06:33 ----D---- C:\Documents and Settings\MS\Data aplikací\uTorrent
2010-03-20 10:53:01 ----D---- C:\TRANSLAT
2010-03-20 10:08:00 ----D---- C:\WINDOWS\RegisteredPackages
2010-03-20 09:24:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-03-20 09:24:44 ----D---- C:\Program Files\Common Files\Java
2010-03-20 09:24:10 ----D---- C:\Program Files\Java
2010-03-20 08:57:30 ----D---- C:\Documents and Settings\MS\Data aplikací\Sun
2010-03-20 08:46:08 ----D---- C:\Program Files\NetSetMan Pro
2010-03-20 08:41:04 ----D---- C:\WINDOWS\Logs
2010-03-20 08:32:28 ----D---- C:\Program Files\DAEMON Tools
2010-03-17 16:51:17 ----D---- C:\WINDOWS\ie8updates
2010-03-17 16:50:56 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-03-17 16:50:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
2010-03-17 16:50:31 ----D---- C:\WINDOWS\WBEM
2010-03-17 16:50:28 ----D---- C:\Program Files\AVG
2010-03-17 16:49:19 ----HDC---- C:\WINDOWS\ie8
2010-03-17 16:44:49 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-16 08:32:36 ----D---- C:\Program Files\RealVNC
2010-03-15 22:54:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-03-15 22:54:42 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-03-15 22:54:25 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-03-15 22:54:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-03-15 22:54:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-03-15 22:54:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-03-15 22:53:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-03-15 22:53:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-03-14 21:00:56 ----D---- C:\WINDOWS\system32\XPSViewer
2010-03-14 21:00:53 ----D---- C:\Program Files\MSBuild
2010-03-14 21:00:52 ----D---- C:\WINDOWS\system32\en-US
2010-03-14 21:00:48 ----D---- C:\Program Files\Reference Assemblies
2010-03-14 21:00:30 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-03-14 21:00:30 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-03-14 21:00:30 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-03-14 21:00:30 ----D---- C:\a871f9ae12ee4092e6
2010-03-14 20:57:40 ----D---- C:\Documents and Settings\MS\Data aplikací\vlc
2010-03-14 20:57:12 ----D---- C:\Program Files\VideoLAN
2010-03-14 20:44:42 ----N---- C:\WINDOWS\system32\TwnLib4.dll
2010-03-14 20:44:42 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2010-03-14 20:44:41 ----N---- C:\WINDOWS\system32\ImagXRA7.dll
2010-03-14 20:44:41 ----N---- C:\WINDOWS\system32\ImagXR7.dll
2010-03-14 20:44:41 ----N---- C:\WINDOWS\system32\ImagXpr7.dll
2010-03-14 20:44:41 ----N---- C:\WINDOWS\system32\ImagX7.dll
2010-03-14 20:44:41 ----D---- C:\Program Files\Common Files\Ahead
2010-03-14 20:44:41 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2010-03-14 20:44:40 ----D---- C:\Program Files\Ahead
2010-03-14 20:41:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-03-14 20:40:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-03-14 20:40:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-03-14 20:40:50 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-03-14 20:40:46 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-03-14 20:40:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-03-14 20:40:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-03-14 20:40:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-03-14 20:40:28 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-03-14 20:40:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-03-14 20:40:20 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-03-14 20:40:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-03-14 20:40:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-03-14 20:40:08 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-03-14 20:40:04 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-03-14 20:40:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-03-14 20:39:56 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-03-14 20:39:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-03-14 20:39:48 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-14 20:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-03-14 20:39:40 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-03-14 20:39:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-03-14 20:39:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-03-14 20:39:23 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-03-14 20:39:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-14 20:39:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-03-14 20:39:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-03-14 20:39:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-03-14 20:39:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-03-14 20:38:59 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-03-14 20:38:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-03-14 20:38:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-03-14 20:38:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-03-14 20:38:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-03-14 20:38:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-03-14 20:38:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-03-14 20:38:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-03-14 20:38:24 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-03-14 20:38:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2010-03-14 20:38:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-03-14 20:38:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-03-14 20:38:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-03-14 20:38:04 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-03-14 20:37:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-03-14 20:37:52 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-03-14 20:37:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-03-14 20:37:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-03-14 20:37:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-03-14 20:04:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-03-14 20:04:29 ----D---- C:\Program Files\Common Files\Adobe
2010-03-14 20:04:28 ----D---- C:\Program Files\Adobe
2010-03-14 20:00:57 ----D---- C:\Program Files\Altap Salamander 2.5
2010-03-14 19:54:30 ----D---- C:\Documents and Settings\MS\Data aplikací\Macromedia
2010-03-14 19:54:30 ----D---- C:\Documents and Settings\MS\Data aplikací\Adobe
2010-03-14 19:53:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\NOS
2010-03-14 19:47:01 ----D---- C:\WINDOWS\Prefetch
2010-03-14 19:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-03-14 19:33:52 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-03-14 19:33:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-03-14 19:33:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-03-14 19:33:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-03-14 19:33:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-03-14 19:33:27 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-03-14 19:30:36 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-14 19:30:35 ----D---- C:\WINDOWS\system32\cs
2010-03-14 19:30:35 ----D---- C:\WINDOWS\system32\bits
2010-03-14 19:30:35 ----D---- C:\WINDOWS\l2schemas
2010-03-14 19:29:36 ----D---- C:\WINDOWS\ServicePackFiles
2010-03-14 19:28:02 ----D---- C:\WINDOWS\network diagnostic
2010-03-14 19:26:56 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-14 19:25:24 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-03-14 19:20:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2010-03-14 19:10:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-03-14 19:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2010-03-14 19:10:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2010-03-14 19:10:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2010-03-14 19:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-03-14 19:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-03-14 19:10:14 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2010-03-14 19:10:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2010-03-14 19:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2010-03-14 19:10:00 ----HDC---- C:\WINDOWS\$NtUninstallKB969947_0$
2010-03-14 18:32:32 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-03-14 18:30:48 ----D---- C:\WINDOWS\system32\PreInstall
2010-03-14 18:30:47 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-03-14 18:30:46 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-03-14 18:30:46 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-14 18:27:57 ----D---- C:\WINDOWS\system32\SoftwareDistribution

======List of files/folders modified in the last 1 months======

2010-04-12 13:18:20 ----RD---- C:\Program Files
2010-04-12 13:17:57 ----D---- C:\WINDOWS\Temp
2010-04-12 13:10:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-12 13:10:20 ----D---- C:\WINDOWS\system32
2010-04-12 13:10:14 ----SHD---- C:\WINDOWS\Installer
2010-04-12 13:10:14 ----HD---- C:\WINDOWS\inf
2010-04-12 13:09:25 ----RSD---- C:\WINDOWS\assembly
2010-04-12 13:09:24 ----D---- C:\WINDOWS\WinSxS
2010-04-12 13:08:30 ----D---- C:\WINDOWS\system32\drivers
2010-04-12 13:08:23 ----D---- C:\WINDOWS
2010-04-12 13:07:59 ----D---- C:\Program Files\Common Files
2010-04-12 08:47:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-12 08:47:18 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-12 08:45:26 ----D---- C:\Download
2010-04-12 07:18:02 ----D---- C:\WINDOWS\mui
2010-04-12 07:17:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-08 23:41:00 ----D---- C:\WINDOWS\system32\config
2010-04-08 23:40:42 ----D---- C:\WINDOWS\system32\wbem
2010-04-08 23:40:41 ----D---- C:\WINDOWS\Registration
2010-04-08 22:21:06 ----A---- C:\WINDOWS\win.ini
2010-04-06 22:56:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-02 09:28:28 ----D---- C:\Program Files\Mozilla Firefox
2010-04-01 18:35:10 ----D---- C:\Program Files\Internet Explorer
2010-03-30 19:30:53 ----RSD---- C:\WINDOWS\Fonts
2010-03-30 09:00:30 ----SD---- C:\WINDOWS\Tasks
2010-03-29 21:01:02 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-27 17:09:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\TOSHIBA
2010-03-27 17:03:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-27 11:32:30 ----A---- C:\WINDOWS\imsins.BAK
2010-03-27 11:31:44 ----D---- C:\WINDOWS\system32\mui
2010-03-25 20:41:17 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-03-25 15:01:10 ----D---- C:\Program Files\DIFX
2010-03-24 23:18:00 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-24 22:15:02 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-21 13:22:57 ----SD---- C:\Documents and Settings\MS\Data aplikací\Microsoft
2010-03-21 12:46:18 ----D---- C:\Program Files\System Control Manager
2010-03-21 11:32:20 ----A---- C:\WINDOWS\system.ini
2010-03-20 22:14:04 ----D---- C:\WINDOWS\security
2010-03-20 22:14:03 ----D---- C:\WINDOWS\system32\inetsrv
2010-03-20 22:07:48 ----SHD---- C:\System Volume Information
2010-03-20 22:07:48 ----D---- C:\WINDOWS\system32\Restore
2010-03-20 21:50:35 ----D---- C:\WINDOWS\system32\RTCOM
2010-03-20 20:43:26 ----D---- C:\WINDOWS\system32\DirectX
2010-03-17 17:28:52 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-17 16:57:53 ----D---- C:\WINDOWS\Help
2010-03-17 16:50:23 ----D---- C:\WINDOWS\Media
2010-03-14 21:00:37 ----D---- C:\WINDOWS\system32\spool
2010-03-14 20:42:46 ----D---- C:\WINDOWS\AppPatch
2010-03-14 20:40:48 ----D---- C:\Program Files\Messenger
2010-03-14 20:39:21 ----D---- C:\Program Files\Movie Maker
2010-03-14 20:38:35 ----D---- C:\Program Files\Outlook Express
2010-03-14 19:47:38 ----A---- C:\WINDOWS\OEWABLog.txt
2010-03-14 19:47:23 ----A---- C:\WINDOWS\setuplog.txt
2010-03-14 19:46:41 ----D---- C:\WINDOWS\system32\Setup
2010-03-14 19:30:47 ----D---- C:\Program Files\Windows Media Player
2010-03-14 19:30:42 ----D---- C:\WINDOWS\ehome
2010-03-14 19:30:41 ----D---- C:\WINDOWS\ime
2010-03-14 19:30:36 ----D---- C:\WINDOWS\system32\usmt
2010-03-14 19:30:35 ----D---- C:\WINDOWS\PeerNet
2010-03-14 19:29:30 ----D---- C:\WINDOWS\system32\npp
2010-03-14 19:29:30 ----D---- C:\WINDOWS\msagent
2010-03-14 19:29:29 ----D---- C:\WINDOWS\srchasst
2010-03-14 19:29:28 ----D---- C:\WINDOWS\system32\Com
2010-03-14 19:29:28 ----D---- C:\Program Files\NetMeeting
2010-03-14 19:29:26 ----D---- C:\Program Files\Windows NT
2010-03-14 19:29:23 ----D---- C:\Program Files\Common Files\System
2010-03-14 19:29:09 ----D---- C:\WINDOWS\system32\oobe
2010-03-14 19:29:08 ----D---- C:\WINDOWS\system
2010-03-14 19:19:48 ----D---- C:\WINDOWS\SoftwareDistribution
2010-03-14 18:38:11 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-04-11 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-04-11 29512]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-04-11 242696]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2009-07-28 69480]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 PARLDR2K;ParLdr2k; \??\C:\WINDOWS\system32\drivers\parldr2k.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2010-03-20 223128]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 21760]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-09-23 5888]
R3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys [2009-08-03 1042176]
R3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver; C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys [2007-05-16 42368]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2009-06-17 46984]
R3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2009-09-24 169320]
R3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2009-06-19 79872]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2010-02-03 50808]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R4 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-03-12 3565568]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2010-03-12 1684736]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2010-03-12 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-10-06 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-10-06 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RtsUStor.sys [2009-04-02 164864]
S3 RtsUIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2009-06-19 42472]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2009-07-24 21608]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\RtsUCcid.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-04-11 916760]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-04-11 308064]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-21 153376]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-03-30 303952]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2010-02-25 148848]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-04-01 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-02-23 369920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-04-10 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WZCOOK;WEP key recovery service; C:\testy\Nová složk\aircrack_2.1_win32\wzcook.exe  []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 12 dub 2010 17:33

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

msm · #3 Příspěvek od **msm** » 12 dub 2010 18:59

Kód: Vybrat vše

ComboFix 10-04-12.01 - MS 12.04.2010  19:32:33.1.2 - x86
Systém Microsoft Windows XP Professional  5.1.2600.3.1250.420.1029.18.3071.2612 [GMT 2:00]
Spuštěný z: c:\download\ComboFix.exe
AV: AVG Anti-Virus Network Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000110_.tmp.dll

.
(((((((((((((((((((((((((   Soubory vytvořené od 2010-03-12 do 2010-04-12  )))))))))))))))))))))))))))))))
.

2010-04-12 11:18 . 2010-04-12 11:18	--------	d-----w-	C:\rsit
2010-04-12 11:18 . 2010-04-12 11:18	--------	d-----w-	c:\program files\trend micro
2010-04-12 10:52 . 2010-04-12 10:53	--------	d-----w-	c:\program files\Ultimate Process Manager
2010-04-12 10:44 . 2010-04-12 11:17	--------	d-----w-	C:\avir
2010-04-11 11:30 . 2010-04-11 11:30	--------	d-----w-	C:\$AVG
2010-04-10 11:14 . 2009-06-04 13:28	44544	----a-w-	c:\windows\system32\msxml4a.dll
2010-04-10 11:14 . 2010-04-10 11:14	--------	d-----w-	c:\program files\SourceTec
2010-04-10 10:16 . 2010-04-10 10:16	--------	d-----w-	c:\program files\Common Files\Macrovision Shared
2010-04-08 21:40 . 2010-04-08 21:40	--------	d-----w-	c:\windows\system32\wbem\Repository
2010-04-08 21:17 . 2010-04-08 21:17	--------	d-sh--w-	c:\documents and settings\NetworkService\IETldCache
2010-04-08 21:03 . 2010-04-08 21:03	--------	d-----w-	c:\program files\Openworld
2010-04-08 18:50 . 2010-04-10 11:14	--------	d-----w-	c:\program files\Common Files\SourceTec
2010-04-06 17:01 . 2010-04-06 17:02	--------	d-----w-	C:\ut
2010-04-05 11:02 . 2010-04-11 08:01	--------	d-----w-	C:\foto
2010-04-04 18:17 . 2010-04-04 18:17	48	---ha-w-	c:\windows\system32\ezsidmv.dat
2010-04-04 08:30 . 2010-04-04 08:30	--------	d-----w-	c:\program files\Psiloc
2010-04-01 21:50 . 2010-04-01 21:54	--------	d-----w-	C:\Ikony
2010-04-01 14:50 . 2010-04-01 14:50	--------	d-----w-	c:\program files\Common Files\Adobe Systems Shared
2010-04-01 14:47 . 2010-04-01 14:48	--------	d-----w-	c:\program files\Photoshop 8 Portable CZ
2010-04-01 10:36 . 2010-04-01 14:54	--------	d-----w-	C:\testy
2010-04-01 08:24 . 2010-04-01 08:56	--------	d-----w-	c:\program files\siscontents
2010-04-01 07:13 . 2010-04-12 13:12	--------	d-----w-	C:\drevo
2010-03-30 17:30 . 2010-03-30 17:30	--------	d-----w-	c:\program files\OpenOffice.org 3
2010-03-30 12:41 . 2010-03-30 12:41	--------	d-----w-	c:\program files\Epocware
2010-03-29 19:01 . 2010-03-29 19:01	--------	d-----w-	c:\program files\Intel
2010-03-29 18:59 . 2010-03-29 19:01	--------	d-----w-	C:\INTEL
2010-03-28 15:02 . 2010-03-28 15:02	--------	d-----w-	c:\windows\Freedom Universal Keyboard
2010-03-28 15:02 . 2010-03-28 15:02	--------	d-----w-	c:\program files\Freedom Universal Keyboard
2010-03-27 15:03 . 2010-02-03 10:04	50808	----a-w-	c:\windows\system32\drivers\tosrfusb.sys
2010-03-27 15:03 . 2009-09-24 16:54	169320	----a-w-	c:\windows\system32\drivers\tosrfbd.sys
2010-03-27 15:03 . 2009-06-19 08:57	79872	----a-w-	c:\windows\system32\drivers\Tosrfhid.sys
2010-03-27 15:03 . 2009-06-19 08:56	42472	----a-w-	c:\windows\system32\drivers\tosrfbnp.sys
2010-03-27 15:03 . 2009-07-28 19:01	69480	----a-w-	c:\windows\system32\drivers\tosrfcom.sys
2010-03-27 15:03 . 2009-07-24 10:31	21608	----a-w-	c:\windows\system32\drivers\tosrfnds.sys
2010-03-27 15:03 . 2009-06-17 10:59	46984	----a-w-	c:\windows\system32\drivers\tosporte.sys
2010-03-27 15:03 . 2010-03-27 15:03	--------	d-----w-	c:\program files\Toshiba
2010-03-27 13:26 . 2010-03-27 14:28	--------	d-----w-	C:\tosh
2010-03-27 13:14 . 2010-03-27 13:14	--------	d-----w-	c:\program files\Driver Fetch
2010-03-27 13:08 . 2010-03-27 13:08	--------	d-----w-	c:\program files\Microsoft IntelliPoint
2010-03-27 09:32 . 2006-06-29 12:07	14048	------w-	c:\windows\system32\spmsg2.dll
2010-03-27 09:12 . 2010-04-12 06:31	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-03-27 08:29 . 2010-03-27 08:29	--------	d-----w-	c:\program files\MSXML 4.0
2010-03-26 19:23 . 2010-03-26 19:23	--------	d-----w-	C:\WMSDK
2010-03-26 16:32 . 2010-03-26 16:32	--------	d-sh--w-	c:\documents and settings\Default User\IETldCache
2010-03-25 13:01 . 2010-03-25 13:01	--------	d-----w-	c:\program files\Common Files\PCSuite
2010-03-25 13:01 . 2008-08-26 09:26	18816	----a-w-	c:\windows\system32\drivers\pccsmcfd.sys
2010-03-25 13:01 . 2010-03-25 13:01	--------	d-----w-	c:\program files\PC Connectivity Solution
2010-03-25 12:54 . 2010-03-25 12:55	--------	d-----w-	C:\WC
2010-03-24 23:32 . 2010-04-01 11:31	--------	d-----w-	C:\e52
2010-03-24 21:18 . 2010-03-24 21:18	--------	d-----w-	c:\windows\Downloaded Installations
2010-03-24 21:17 . 2010-03-24 21:31	--------	d-----w-	c:\windows\SxsCaPendDel
2010-03-24 20:39 . 2008-04-13 18:45	26112	-c--a-w-	c:\windows\system32\dllcache\usbser.sys
2010-03-24 20:39 . 2008-04-13 18:45	26112	----a-w-	c:\windows\system32\drivers\usbser.sys
2010-03-24 20:30 . 2008-03-21 12:57	14640	------w-	c:\windows\system32\spmsgXP_2k3.dll
2010-03-24 20:18 . 2010-03-24 20:18	10454	----a-w-	c:\windows\system32\drivers\parldr2k.sys
2010-03-24 20:16 . 2009-10-06 10:56	136704	----a-w-	c:\windows\system32\drivers\nmwcdnsu.sys
2010-03-24 20:16 . 2009-10-06 10:56	8320	----a-w-	c:\windows\system32\drivers\nmwcdnsuc.sys
2010-03-24 20:16 . 2009-10-06 10:52	7936	----a-w-	c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-03-24 20:16 . 2009-10-06 10:52	7936	----a-w-	c:\windows\system32\drivers\usbser_lowerflt.sys
2010-03-24 20:16 . 2009-10-06 10:52	22016	----a-w-	c:\windows\system32\drivers\ccdcmbo.sys
2010-03-24 20:16 . 2009-10-06 10:55	1112288	----a-w-	c:\windows\system32\wdfcoinstaller01007.dll
2010-03-24 20:16 . 2009-10-06 10:52	660480	----a-w-	c:\windows\system32\nmwcdcocls.dll
2010-03-24 20:16 . 2009-10-06 10:52	17664	----a-w-	c:\windows\system32\drivers\ccdcmb.sys
2010-03-24 20:16 . 2009-10-06 10:52	91136	----a-w-	c:\windows\system32\nmwcdcls.dll
2010-03-24 20:15 . 2009-03-02 02:30	266240	----a-r-	c:\windows\system32\RtsUStor.dll
2010-03-24 20:15 . 2009-04-02 06:01	164864	----a-r-	c:\windows\system32\drivers\RtsUStor.sys
2010-03-24 18:08 . 2010-03-24 18:08	--------	d-----w-	c:\program files\MSXML 6.0
2010-03-24 17:55 . 2010-03-25 13:01	--------	d-----w-	c:\program files\Common Files\Nokia
2010-03-24 17:50 . 2010-04-04 18:49	--------	d-----w-	c:\program files\Nokia
2010-03-24 15:05 . 2010-04-03 07:13	--------	d-----w-	C:\Zaloha
2010-03-22 20:50 . 2010-03-22 20:50	--------	d-----w-	c:\program files\Hewlett-Packard
2010-03-22 20:46 . 2008-04-13 18:47	25856	-c--a-w-	c:\windows\system32\dllcache\usbprint.sys
2010-03-22 20:46 . 2008-04-13 18:47	25856	----a-w-	c:\windows\system32\drivers\usbprint.sys
2010-03-22 20:45 . 2010-03-22 20:50	--------	d-----w-	c:\program files\HP
2010-03-22 20:44 . 2010-03-22 23:00	93749	----a-w-	c:\windows\hppins05.dat
2010-03-22 20:44 . 2006-04-24 21:57	1016	------w-	c:\windows\hppmdl05.dat
2010-03-22 20:43 . 2010-03-22 20:43	--------	d-----w-	c:\program files\Common Files\SWF Studio
2010-03-22 20:31 . 2010-03-22 20:31	--------	d-sh--w-	c:\documents and settings\LocalService\IETldCache
2010-03-22 20:26 . 2010-03-22 20:26	--------	d-----w-	C:\HP LJP2015 PCL6
2010-03-22 18:47 . 2010-03-22 20:48	--------	d-----w-	c:\program files\Spamihilator
2010-03-22 15:43 . 2010-03-22 15:47	--------	d-----w-	C:\_notebook
2010-03-21 09:23 . 2010-03-21 09:23	--------	d-----w-	c:\program files\IDM Computer Solutions
2010-03-21 09:15 . 2010-03-29 22:46	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-21 09:15 . 2010-03-31 17:31	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-03-21 09:15 . 2010-03-29 22:45	20824	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-03-21 08:51 . 2010-03-21 08:51	411368	----a-w-	c:\windows\system32\deploytk.dll
2010-03-21 08:07 . 2010-03-21 08:07	--------	d-----w-	c:\program files\uTorrent
2010-03-20 20:29 . 2002-09-23 12:00	5632	-c--a-w-	c:\windows\system32\dllcache\smimsgif.dll
2010-03-20 20:29 . 2002-09-23 12:00	5632	-c--a-w-	c:\windows\system32\dllcache\smierrsy.dll
2010-03-20 20:29 . 2002-09-23 12:00	15872	-c--a-w-	c:\windows\system32\dllcache\smierrsm.dll
2010-03-20 20:29 . 2002-09-23 12:00	10240	-c--a-w-	c:\windows\system32\dllcache\snmpstup.dll
2010-03-20 20:29 . 2002-09-23 12:00	10240	----a-w-	c:\windows\system32\wbem\snmpstup.dll
2010-03-20 19:50 . 2006-08-01 14:02	49152	----a-w-	c:\windows\system32\ChCfg.exe
2010-03-20 19:50 . 2005-05-03 17:43	69632	----a-w-	c:\windows\Alcmtr.exe
2010-03-20 19:50 . 2010-03-20 19:50	319488	----a-w-	c:\windows\HideWin.exe
2010-03-20 19:47 . 2010-03-20 19:53	--------	d-----w-	c:\program files\Setup Files
2010-03-20 19:44 . 2010-03-20 19:44	--------	d-----w-	c:\program files\MSI
2010-03-20 19:11 . 2010-03-20 19:11	--------	d-----w-	c:\program files\BreakPoint Software
2010-03-20 19:11 . 1998-10-29 15:45	306688	----a-w-	c:\windows\IsUninst.exe
2010-03-20 18:38 . 2010-03-20 18:38	--------	d-----w-	c:\program files\EA Games
2010-03-20 18:14 . 2010-03-20 18:14	--------	d-----w-	c:\program files\Common Files\EasyInfo
2010-03-20 15:53 . 2010-03-30 06:12	664	----a-w-	c:\windows\system32\d3d9caps.dat
2010-03-20 11:31 . 2010-03-20 18:23	--------	d-----w-	c:\program files\DAEMON Tools Toolbar
2010-03-20 10:43 . 2010-03-20 18:23	--------	d-----w-	c:\program files\JDownloader
2010-03-20 08:53 . 2010-04-06 17:32	--------	d-----w-	C:\TRANSLAT
2010-03-20 07:24 . 2010-03-20 07:24	--------	d-----w-	c:\program files\Common Files\Java
2010-03-20 07:24 . 2010-03-20 07:24	--------	d-----w-	c:\program files\Java
2010-03-20 06:46 . 2010-03-20 18:58	--------	d-----w-	c:\program files\NetSetMan Pro
2010-03-20 06:41 . 2010-03-20 06:41	--------	d-----w-	c:\windows\Logs
2010-03-20 06:32 . 2010-03-20 06:32	223128	----a-w-	c:\windows\system32\drivers\dtscsi.sys
2010-03-20 06:32 . 2010-03-27 09:22	--------	d-----w-	c:\program files\DAEMON Tools
2010-03-20 06:30 . 2010-03-20 06:30	96384	----a-w-	c:\windows\system32\drivers\sptd4573.sys
2010-03-20 06:30 . 2010-03-20 06:30	642560	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-03-17 15:02 . 2010-03-17 15:02	--------	d-sh--w-	c:\documents and settings\MS\IECompatCache
2010-03-17 15:00 . 2010-03-17 15:00	--------	d-sh--w-	c:\documents and settings\MS\PrivacIE
2010-03-17 14:58 . 2010-03-17 14:58	--------	d-sh--w-	c:\documents and settings\MS\IETldCache
2010-03-17 14:51 . 2009-12-11 08:38	69120	-c----w-	c:\windows\system32\dllcache\iecompat.dll
2010-03-17 14:51 . 2010-03-17 14:51	--------	d-----w-	c:\windows\ie8updates
2010-03-16 06:32 . 2010-03-16 06:32	--------	d-----w-	c:\program files\RealVNC
2010-03-15 20:40 . 2009-12-09 05:55	726528	-c--a-w-	c:\windows\system32\dllcache\jscript.dll
2010-03-14 18:57 . 2010-03-14 18:57	--------	d-----w-	c:\program files\VideoLAN
2010-03-14 18:44 . 2005-09-01 10:03	5888	------w-	c:\windows\system32\drivers\imagedrv.sys
2010-03-14 18:44 . 2005-09-01 10:03	127488	------w-	c:\windows\system32\drivers\imagesrv.sys
2010-03-14 18:44 . 2004-07-09 07:43	364544	------w-	c:\windows\system32\TwnLib4.dll
2010-03-14 18:44 . 2000-06-26 09:45	106496	----a-w-	c:\windows\system32\TwnLib20.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 11:29 . 2010-03-17 14:50	--------	d-----w-	c:\program files\AVG
2010-04-11 11:29 . 2010-03-17 14:50	242696	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-04-11 11:29 . 2010-03-17 14:50	216200	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-04-11 11:29 . 2010-03-17 14:50	29512	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-04-11 11:29 . 2010-03-17 14:50	12464	----a-w-	c:\windows\system32\avgrsstx.dll
2010-04-11 11:29 . 2010-03-17 14:50	52872	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2010-04-11 06:51 . 2010-03-12 15:07	58496	----a-w-	c:\windows\system32\drivers\redbook.sys
2010-04-06 20:56 . 2002-09-23 12:00	77872	----a-w-	c:\windows\system32\perfc005.dat
2010-04-06 20:56 . 2002-09-23 12:00	428750	----a-w-	c:\windows\system32\perfh005.dat
2010-03-29 19:01 . 2010-03-12 16:21	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-03-25 13:01 . 2010-03-12 16:27	--------	d-----w-	c:\program files\DIFX
2010-03-24 18:22 . 2010-03-24 18:22	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-03-24 18:22 . 2010-03-24 18:22	0	---ha-w-	c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-03-24 18:11 . 2010-03-24 18:11	38393	----a-w-	c:\windows\system32\drivers\FLS8500.LDR
2010-03-24 18:11 . 2010-03-24 18:11	23216	----a-w-	c:\windows\system32\drivers\FPGA8501.rd4
2010-03-24 18:11 . 2010-03-24 18:11	20388	----a-w-	c:\windows\system32\drivers\fls8200.ldr
2010-03-24 18:11 . 2010-03-24 18:11	20320	----a-w-	c:\windows\system32\drivers\fls8000.ldr
2010-03-24 18:11 . 2010-03-24 18:11	19277	----a-w-	c:\windows\system32\drivers\fls8100.ldr
2010-03-24 18:11 . 2010-03-24 18:11	19157	----a-w-	c:\windows\system32\drivers\fls8400.ldr
2010-03-21 10:46 . 2010-03-12 16:33	--------	d-----w-	c:\program files\System Control Manager
2010-03-14 19:00 . 2010-03-14 19:00	--------	d-----w-	c:\program files\MSBuild
2010-03-14 19:00 . 2010-03-14 19:00	--------	d-----w-	c:\program files\Reference Assemblies
2010-03-14 17:32 . 2010-03-12 14:19	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-14 17:32 . 2010-03-12 14:19	2740	----a-w-	c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-14 16:48 . 2010-03-12 14:19	8972	----a-w-	c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-03-12 18:16 . 2010-03-12 18:16	0	----a-w-	c:\windows\nsreg.dat
2010-03-12 18:12 . 2010-03-12 16:26	--------	d-----w-	c:\program files\Realtek
2010-03-12 18:11 . 2010-03-12 18:12	290816	----a-w-	c:\windows\vncutil.exe
2010-03-12 18:11 . 2010-03-12 18:12	39424	----a-w-	c:\windows\system32\RtkCoInstXP.dll
2010-03-12 18:11 . 2010-03-12 18:12	104992	----a-w-	c:\windows\RtkAudioService.exe
2010-03-12 18:11 . 2010-03-12 18:12	1389056	----a-w-	c:\windows\system32\drivers\Monfilt.sys
2010-03-12 18:11 . 2010-03-12 18:12	1684736	----a-w-	c:\windows\system32\drivers\Ambfilt.sys
2010-03-12 18:11 . 2010-03-12 18:11	528384	----a-w-	c:\windows\RtlExUpd.dll
2010-03-12 17:00 . 2010-03-12 17:00	0	----a-w-	c:\windows\ativpsrm.bin
2010-03-12 16:35 . 2010-03-12 16:35	--------	d-----w-	c:\program files\CameraRecoder
2010-03-12 16:24 . 2010-03-12 16:21	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-03-12 14:20 . 2010-03-12 14:20	--------	d-----w-	c:\program files\microsoft frontpage
2010-03-12 14:16 . 2010-03-12 14:16	21812	----a-w-	c:\windows\system32\emptyregdb.dat
2010-02-25 06:18 . 2004-08-17 14:49	916480	----a-w-	c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 12:04	1664256	----a-w-	c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetSetMan"="c:\program files\NetSetMan Pro\netsetman.exe" [2010-01-07 3512000]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2010-03-20 26624]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\MS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2010-3-22 1512448]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-2-24 2721120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-11 11:29	12464	----a-w-	c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Altap Salamander 2.5\\salamand.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer The First Decade\\Command & Conquer(tm) Generals Zero Hour\\game.dat"=
"c:\\Program Files\\Spamihilator\\spamihilator.exe"=
"c:\\Program Files\\Spamihilator\\cdcc.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\Psiloc\\WirelessPresenter\\PsilocWirelessPresenterDesktop.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:VNC
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [17.3.2010 16:50 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17.3.2010 16:50 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17.3.2010 16:50 242696]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11.4.2010 13:28 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11.4.2010 13:27 308064]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21.3.2010 11:15 303952]
R2 PARLDR2K;ParLdr2k;c:\windows\system32\drivers\parldr2k.sys [24.3.2010 22:18 10454]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21.3.2010 11:15 20824]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [12.3.2010 18:27 1042176]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.3.2010 8:30 642560]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.3.2010 20:12 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [11.4.2010 13:29 369920]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [24.3.2010 22:16 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [24.3.2010 22:16 8320]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [24.3.2010 22:15 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 WZCOOK;WEP key recovery service;"c:\testy\Nová složk\aircrack_2.1_win32\wzcook.exe"  --> c:\testy\Nová složk\aircrack_2.1_win32\wzcook.exe [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-28 c:\windows\Tasks\Driver Fetch.job
- c:\program files\Driver Fetch\2.3.0.5\DriverFetch.exe [2010-03-27 09:51]

2010-03-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 14:52]
.
.
------- Doplňkový sken -------
.
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
TCP: {918C38A8-E609-4168-9293-AC313E7C13A4} = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\MS\Data aplikací\Mozilla\Firefox\Profiles\vmcw1za1.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Nektra OEAPI - (no file)
Notify-AtiExtEvent - (no file)
AddRemove-PC Translator - c:\docume~1\MS\LOCALS~1\Temp\UN32.EXE
AddRemove-Wireless Presenter - c:\program files\Psiloc\WirelessPresenter\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-12 19:39
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...  

skenování skrytých položek 'Po spuštění' ... 

skenování skrytých souborů ...  

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A360AC8]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0fcf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f11852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
 SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
 SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: SiS191 Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9e1dbb0
 PacketIndicateHandler -> NDIS.sys @ 0xb9e0ca0d
 SendHandler -> NDIS.sys @ 0xb9e20b40
user & kernel MBR OK 

**************************************************************************
.
Celkový čas: 2010-04-12  19:43:05
ComboFix-quarantined-files.txt  2010-04-12 17:42

Před spuštěním: Volných bajtů: 235 569 250 304
Po spuštění: Volných bajtů: 235 562 582 016

- - End Of File - - 4A92726A7F7D43D3C1C004333C278A71

#4 Příspěvek od **Rudy** » 12 dub 2010 19:30

1 položku CF smazal. Ještě zkontrolujte MBR: http://www2.gmer.net/mbr/mbr.exe a dejte log.

msm · #5 Příspěvek od **msm** » 12 dub 2010 20:00

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

#6 Příspěvek od **Rudy** » 12 dub 2010 20:01

MBR je OK a log též. Nastala nějaká změna?

msm · #7 Příspěvek od **msm** » 12 dub 2010 20:31

cast logu z MalwareBytes

21:04:08 MS IP-BLOCK 174.37.231.4
21:04:11 MS IP-BLOCK 174.37.231.4
21:04:17 MS IP-BLOCK 174.37.231.4
21:09:29 MS IP-BLOCK 174.37.231.4
21:09:32 MS IP-BLOCK 174.37.231.4
21:09:38 MS IP-BLOCK 174.37.231.4
21:14:50 MS IP-BLOCK 174.37.231.4
21:14:53 MS IP-BLOCK 174.37.231.4
21:14:59 MS IP-BLOCK 174.37.231.4
21:17:54 MS IP-BLOCK 213.163.89.104
21:17:57 MS IP-BLOCK 213.163.89.104
21:18:03 MS IP-BLOCK 213.163.89.104
21:20:11 MS IP-BLOCK 174.37.231.4
21:20:14 MS IP-BLOCK 174.37.231.4
21:20:20 MS IP-BLOCK 174.37.231.4
21:25:32 MS IP-BLOCK 174.37.231.4
21:25:35 MS IP-BLOCK 174.37.231.4
21:25:41 MS IP-BLOCK 174.37.231.4
atd...

#8 Příspěvek od **Rudy** » 12 dub 2010 21:06

IP patří i104.panamamails.com a United States Dallas Softlayer Technologies Inc. Otázka zní, zda tyto adresy znáte a zda je blokace oprávněná.

msm · #9 Příspěvek od **msm** » 12 dub 2010 21:33

Ale ja jsem si je nenastavil k blokovani. Udelal to sam Malwarebytes Anti-Malware.
Kdyz jsem hledal na inetu, nasel jsem info:

Kód: Vybrat vše

http://www.liveipmap.com/213.163.89.104.html

a druhou jsem nasel zde

Kód: Vybrat vše

http://support.clean-mx.de/clean-mx/viruses.php?sub=sub8&sort=first%20desc

#10 Příspěvek od **Rudy** » 12 dub 2010 21:36

Udělejte obnovu systému k datu, kdy adresy blokovány nebyly.

msm · #11 Příspěvek od **msm** » 12 dub 2010 22:06

jeste jsem nasel neco

Kód: Vybrat vše

http://forums.malwarebytes.org/index.php?s=721987ebba781ff42dfb7467e39bc3fc&showtopic=46278&pid=231290&st=0&#entry231290

zkusil jsem Gmer, ale po jeho spusteni vzdy nefunguje trojhmat, notas skoro nebezi a pomuze vzdy jen vyp/zap

msm · #12 Příspěvek od **msm** » 13 dub 2010 05:53

Rudy píše:Udělejte obnovu systému k datu, kdy adresy blokovány nebyly.

udelal o den drive, nic se nezmenilo...

msm · #13 Příspěvek od **msm** » 13 dub 2010 11:19

tak jsem na to pustil CureIT a nasel mi BackDoor.Tdss.2459 v redbook.sys a BackDoor.Tdss.565 Tak uvidim...

no, po restartu modra smrt na dwshd.sys

Tak jsem redbook.sys nahradil z cisteho pc a dwshd.sys prejmenoval a vse ok. Dle internetu je dwshd.sys virus, ale podle vseho to je knihovna od CureIT. Tak nevim... Kazdopadne je asi s IP pokoj.

#14 Příspěvek od **Rudy** » 13 dub 2010 18:29

Dwshd jsem nikde v žádném logu nenašel. Vím o tom, že je považoiván za vir, ale dosud jsem na žádné fóru neviděl, že by ho někdo mazal. CureIt můžete odinstalovat.

VIRY.CZ

AntiMalware hlasi zablokovani pristupu na IP adresu

AntiMalware hlasi zablokovani pristupu na IP adresu

Re: AntiMalware hlasi zablokovani pristupu na IP adresu

Re: AntiMalware hlasi zablokovani pristupu na IP adresu

Re: AntiMalware hlasi zablokovani pristupu na IP adresu

Re: AntiMalware hlasi zablokovani pristupu na IP adresu

Re: AntiMalware hlasi zablokovani pristupu na IP adresu

Re: AntiMalware hlasi zablokovani pristupu na IP adresu

Re: AntiMalware hlasi zablokovani pristupu na IP adresu

Re: AntiMalware hlasi zablokovani pristupu na IP adresu

Re: AntiMalware hlasi zablokovani pristupu na IP adresu

Re: AntiMalware hlasi zablokovani pristupu na IP adresu

Re: AntiMalware hlasi zablokovani pristupu na IP adresu

Re: AntiMalware hlasi zablokovani pristupu na IP adresu

Re: AntiMalware hlasi zablokovani pristupu na IP adresu