Druhé PC pro Motji

Zpráva

csw* · #1 Příspěvek od csw* » 18 kvě 2010 20:52

RSIT

Logfile of random's system information tool 1.07 (written by random/random)
Run by magdalena at 2010-05-18 21:47:38
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (14%) free of 16 GB
Total RAM: 446 MB (24% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-08-31 1312040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2009-05-10 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2010-04-19 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2009-05-10 491520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-12-05 159744]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY []
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2005-04-07 544768]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-11-01 163840]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-04-19 2046816]
"lcfep"=C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe [2005-11-15 270336]
"Microsoft Driver Setup"=C:\WINDOWS\wndrive32.exe [2010-05-18 94208]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Microsoft Driver Setup"=C:\WINDOWS\wndrive32.exe [2010-05-18 94208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"12CFG214-K641-12SF-N85P"=C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe [2010-05-18 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-05-17 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-04-14 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
TivoliAP

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"consentpromptbehavioradmin"=0
"enableinstallerdetection"=0
"enablelua"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe"="C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe:*:Enabled:lcfd"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Kooperativa\KalkZiv\Kalk_ziv.exe"="C:\Program Files\Kooperativa\KalkZiv\Kalk_ziv.exe:*:Enabled:Kalk_ziv"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Program Files\ICQ6\ICQ.exe"="D:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe"="C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe:*:Enabled:lcfd"
"C:\Program Files\Kooperativa\KalkZiv\Kalk_ziv.exe"="C:\Program Files\Kooperativa\KalkZiv\Kalk_ziv.exe:*:Enabled:Kalk_ziv"
"C:\Tivoli\lcf\inv\SCAN\wepmcoll.exe"="C:\Tivoli\lcf\inv\SCAN\wepmcoll.exe:*:Disabled:wepmcoll"

======List of files/folders created in the last 1 months======

2010-05-18 21:47:40 ----D---- C:\Program Files\trend micro
2010-05-18 21:47:38 ----D---- C:\rsit
2010-05-18 21:46:21 ----RSH---- C:\WINDOWS\wndrive32.exe
2010-05-18 19:35:29 ----D---- C:\Program Files\SpeedFan
2010-05-18 18:46:36 ----D---- C:\WINDOWS\pss
2010-05-18 18:23:41 ----D---- C:\Program Files\CCleaner
2010-05-18 18:08:04 ----D---- C:\Program Files\Common Files\CANON
2010-05-18 18:06:10 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
2010-05-18 18:05:51 ----A---- C:\WINDOWS\system32\CNMLM94.DLL
2010-05-18 18:05:46 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2010-05-18 18:05:34 ----A---- C:\WINDOWS\system32\CNC520O.DLL
2010-05-18 18:05:34 ----A---- C:\WINDOWS\system32\CNC520L.DLL
2010-05-18 18:05:34 ----A---- C:\WINDOWS\system32\CNC520I.DLL
2010-05-18 18:05:33 ----A---- C:\WINDOWS\system32\CNC520C.DLL
2010-05-18 18:05:19 ----HD---- C:\Program Files\CanonBJ
2010-04-20 22:16:21 ----D---- C:\Documents and Settings\magdalena\Data aplikací\Mozilla
2010-04-20 12:20:25 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-20 12:19:30 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-20 12:12:43 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-04-20 12:10:23 ----SHD---- C:\Config.Msi
2010-04-20 12:08:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-20 12:08:28 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-20 12:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-20 12:05:16 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-20 10:20:23 ----D---- C:\Documents and Settings\magdalena\Data aplikací\Macromedia
2010-04-20 10:20:21 ----D---- C:\Documents and Settings\magdalena\Data aplikací\Adobe

======List of files/folders modified in the last 1 months======

2010-05-18 21:47:40 ----RD---- C:\Program Files
2010-05-18 21:46:52 ----D---- C:\WINDOWS\Prefetch
2010-05-18 21:46:36 ----D---- C:\Program Files\Mozilla Firefox
2010-05-18 21:46:21 ----RSHD---- C:\RECYCLER
2010-05-18 21:46:21 ----D---- C:\WINDOWS
2010-05-18 20:25:01 ----D---- C:\WINDOWS\TEMP
2010-05-18 20:00:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-18 19:38:55 ----SHD---- C:\WINDOWS\CSC
2010-05-18 19:35:28 ----D---- C:\WINDOWS\system32
2010-05-18 19:16:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-18 18:48:06 ----ASH---- C:\boot.ini
2010-05-18 18:48:06 ----A---- C:\WINDOWS\win.ini
2010-05-18 18:48:06 ----A---- C:\WINDOWS\system.ini
2010-05-18 18:40:46 ----D---- C:\WINDOWS\Debug
2010-05-18 18:40:40 ----D---- C:\WINDOWS\Minidump
2010-05-18 18:10:36 ----D---- C:\Program Files\Canon
2010-05-18 18:09:14 ----D---- C:\WINDOWS\Media
2010-05-18 18:09:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-18 18:09:05 ----D---- C:\WINDOWS\system32\drivers
2010-05-18 18:08:56 ----HD---- C:\WINDOWS\inf
2010-05-18 18:08:04 ----D---- C:\Program Files\Common Files
2010-05-18 13:25:01 ----A---- C:\fftrlog.txt
2010-05-18 12:01:06 ----D---- C:\WINDOWS\security
2010-05-13 10:08:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-04 08:59:05 ----D---- C:\Program Files\Kooperativa
2010-04-20 21:52:16 ----SD---- C:\Documents and Settings\magdalena\Data aplikací\Microsoft
2010-04-20 12:26:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-04-20 12:26:12 ----SHD---- C:\WINDOWS\Installer
2010-04-20 12:24:11 ----HD---- C:\$AVG8.VAULT$
2010-04-20 12:20:12 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-04-14 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-04-14 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-27 108552]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 TGrab;Tivoli Remote Control Text Grabber; C:\WINDOWS\system32\drivers\TGrab.sys [2009-04-22 8288]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-03-05 17801]
R2 CITMDRV;CITMDRV; \??\C:\WINDOWS\System32\drivers\CITMDRV.SYS []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-05-18 2319680]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-10-25 95970]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BCM43XX;Broadcom 802.11 ovladač síťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 Eqnmirdd;Eqnmirdd; C:\WINDOWS\system32\DRIVERS\Eqnmirdd.sys [2009-04-22 6107]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-03-18 42496]
R3 KeyEx2;Tivoli Remote Control Keyboard Filter; C:\WINDOWS\system32\drivers\KeyEx2.sys [2009-04-22 5837]
R3 MouEx2;Tivoli Remote Control Pointer Filter; C:\WINDOWS\system32\drivers\MouEx2.sys [2009-04-22 4638]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-04-07 923826]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-12-27 247040]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2010-04-14 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2010-04-19 297752]
R2 InvokerUpdateService;InvokerUpdateService; c:\ais\Tahiti4\bin\InvokerService.exe [2009-03-05 176128]
R2 KoopPdfService;KoopPdfService; C:\Program Files\Kooperativa\Services\KoopPDFServer.exe [2010-05-10 447488]
R2 lcfd;Tivoli Endpoint; C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe [2005-11-15 172032]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 TME10RC;Tivoli Remote Control Service; C:\WINDOWS\RCSERV.EXE [2009-04-22 77824]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2005-02-17 65536]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

csw* · #2 Příspěvek od csw* » 18 kvě 2010 20:53

info.txt logfile of random's system information tool 1.06 2010-05-18 21:47:43

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A91000000001}
Adresní modul UIR-ADR-->"C:\Program Files\Kooperativa\UIR-ADR\unins000.exe"
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
Aktualizace systému Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Aktualizace systému Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Aktualizace systému Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
ATF-->C:\WINDOWS\UIA200.exe "C:\Program Files\All Ten Fingers\DelList.lst"
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Broadcom 802.11 Network Adapter-->C:\WINDOWS\system32\BCMWLU00.exe verbose
Canon iP90 Setup Utility-->"C:\Program Files\Canon\Canon iP90 Setup Utility\Maint.exe" /Uninstall C:\Program Files\Canon\Canon iP90 Setup Utility\uninst.ini
Canon iP90-->C:\WINDOWS\system32\CNMCP71.exe "-PRINTERNAMECanon iP90" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon iP90 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon iP90 Installer\Inst2\cnmi0405.dll"
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP520 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series /L0x0005
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Digitalizace Koop 4.2.4.15-->"c:\ais\unins000.exe"
EASEUS Partition Manager Personal 1.6.4-->"C:\Program Files\EASEUS\EASEUS Partition Manager Personal 1.6.4\unins000.exe"
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Fonty-->MsiExec.exe /I{3315057B-09E8-4410-B61C-CECEACFE4620}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ6-->C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
InterBase 6 Client Open Edition - 6.0.2.0-->C:\PROGRA~1\Borland\INTERB~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\Borland\INTERB~1\UNINST~1\INSTALL_INTERBASE_CLIENT.LOG
ISOS 3.2.4 (Určeno pro interní síť Kooperativy - XP/Vista)-->"C:\Program Files\Kooperativa\unins000.exe"
KOOP Sporice-->MsiExec.exe /I{7A012424-3D7D-4CC7-A5BC-8AD55747CFAD}
KOOP Sporice-->MsiExec.exe /I{C961382A-9AED-49FF-83FC-590EAF3D054E}
KOOP Tapety-->MsiExec.exe /I{EE8DEA52-C1AC-4319-B44C-0CA1D04B72DB}
Microsoft .NET Framework 2.0 Language Pack - CSY-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - CSY\install.exe
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY-->MsiExec.exe /I{A2C9CD1B-2551-3AED-B244-6698FB929FA6}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Czech Language Pack-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 Czech Language Pack\setup.exe
Microsoft .NET Framework 3.0 Czech Language Pack-->MsiExec.exe /X{FB09515C-8E3E-4E0F-A1F2-032F38DEC185}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY-->MsiExec.exe /I{546C143E-68DC-314D-97BC-1E454E3BA429}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motorola SM56 Data Fax Modem-->C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
ObsVerze v 3.01-->"C:\Program Files\Kooperativa\ObsVerze\unins000.exe"
Oprava Hotfix systému Windows XP (KB969084)-->"C:\WINDOWS\$NtUninstallKB969084$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
PC Translator-->C:\WINDOWS\UN32.EXE -UP
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x5 REMOVE -removeonly
Registrace uživatele zařízení Canon MP520 series-->C:\Program Files\Canon\IJEREG\MP520 series\UNINST.EXE
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB980470)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {34573F17-DADE-4D0D-835F-A54A1DE8AC1F}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Outlook 2007 Junk Email Filter (kb981433)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5A6859A6-042D-4DF7-84E2-79F8DEFB5D48}
VIA Platforma Ovladače zařízení-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver-->C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
Windows Management Framework Core-->"C:\WINDOWS\$968930Uinstall_KB968930$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation Language Pack (CSY)-->MsiExec.exe /X{AAB6D0F8-02B3-4E89-B24C-0BB153C21445}
Windows Workflow Foundation CS Language Pack-->MsiExec.exe /I{6EF72FC6-842E-4FE6-BF88-BFBF03C9DA74}

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: MCHVASTEKOVA-OB
Event Code: 15007
Message: Rezervace pro obor názvů identifikovaný prefixem adresy URL http://*:2869/ byla úspěšně přidána.

Record Number: 5
Source Name: HTTP
Time Written: 20090305122622.000000+060
Event Type: Informace
User:

Computer Name: MCHVASTEKOVA-OB
Event Code: 3260
Message: Tento počítač byl úspěšně připojen k workgroup SKUPINA.

Record Number: 4
Source Name: Workstation
Time Written: 20090305122210.000000+060
Event Type: Informace
User:

Computer Name: MCHVASTEKOVA-OB
Event Code: 6011
Message: Název tohoto počítače v systémech DNS a NetBIOS byl změněn z MACHINENAME na MCHVASTEKOVA-OB.

Record Number: 3
Source Name: EventLog
Time Written: 20090305122057.000000+060
Event Type: Informace
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: Služba Event Log byla spuštěna.

Record Number: 2
Source Name: EventLog
Time Written: 20090305130843.000000+060
Event Type: Informace
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090305130843.000000+060
Event Type: Informace
User:

=====Application event log=====

Computer Name: MCHVASTEKOVA-OB
Event Code: 1000
Message: Čítače výkonu pro službu MSDTC (MSDTC) byly úspěšně načteny.
Data záznamu obsahují nové indexové hodnoty přiřazené
této službě.

Record Number: 5
Source Name: LoadPerf
Time Written: 20090305122323.000000+060
Event Type: Informace
User:

Computer Name: MCHVASTEKOVA-OB
Event Code: 1000
Message: Čítače výkonu pro službu TermService (Terminálová služba) byly úspěšně načteny.
Data záznamu obsahují nové indexové hodnoty přiřazené
této službě.

Record Number: 4
Source Name: LoadPerf
Time Written: 20090305122317.000000+060
Event Type: Informace
User:

Computer Name: MCHVASTEKOVA-OB
Event Code: 1000
Message: Čítače výkonu pro službu RemoteAccess (Směrování a vzdálený přístup) byly úspěšně načteny.
Data záznamu obsahují nové indexové hodnoty přiřazené
této službě.

Record Number: 3
Source Name: LoadPerf
Time Written: 20090305122201.000000+060
Event Type: Informace
User:

Computer Name: MCHVASTEKOVA-OB
Event Code: 1000
Message: Čítače výkonu pro službu PSched (PSched) byly úspěšně načteny.
Data záznamu obsahují nové indexové hodnoty přiřazené
této službě.

Record Number: 2
Source Name: LoadPerf
Time Written: 20090305122115.000000+060
Event Type: Informace
User:

Computer Name: MCHVASTEKOVA-OB
Event Code: 1000
Message: Čítače výkonu pro službu RSVP (QoS RSVP) byly úspěšně načteny.
Data záznamu obsahují nové indexové hodnoty přiřazené
této službě.

Record Number: 1
Source Name: LoadPerf
Time Written: 20090305122114.000000+060
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\WINDOWS\system32\WindowsPowerShell\v1.0
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"LANGUAGE"=cs
"PSModulePath"=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------

#3 Příspěvek od **motji** » 18 kvě 2010 21:20

Je tam skutečně stejná infekce jako z toho druhého počítače, jdeme na to

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

csw* · #4 Příspěvek od csw* » 18 kvě 2010 23:31

OTL logfile created on: 19.5.2010 0:23:13 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\magdalena\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

446,00 Mb Total Physical Memory | 292,00 Mb Available Physical Memory | 65,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15,65 Gb Total Space | 2,22 Gb Free Space | 14,21% Space Free | Partition Type: NTFS
Drive D: | 21,59 Gb Total Space | 13,79 Gb Free Space | 63,84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCHVASTEKOVA-OB
Current User Name: magdalena
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.18 20:42:22 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\magdalena\Plocha\OTL.exe
PRC - [2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010.05.18 20:42:22 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\magdalena\Plocha\OTL.exe
MOD - [2008.04.14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010.05.18 21:56:24 | 000,046,592 | ---- | M] () [Auto | Stopped] -- C:\Program Files\svchost.exe -- (AdbUpd)
SRV - [2010.05.10 15:03:16 | 000,447,488 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Kooperativa\Services\KoopPDFServer.exe -- (KoopPdfService)
SRV - [2010.04.19 22:51:34 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2010.04.14 21:05:24 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009.04.22 14:54:47 | 000,077,824 | ---- | M] (IBM Corporation) [Auto | Stopped] -- C:\WINDOWS\RCSERV.EXE -- (TME10RC)
SRV - [2009.03.05 14:48:21 | 000,176,128 | ---- | M] (LightComp v.o.s.) [Auto | Stopped] -- c:\ais\Tahiti4\bin\InvokerService.exe -- (InvokerUpdateService)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2005.11.15 19:17:08 | 000,172,032 | ---- | M] () [Auto | Stopped] -- C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe -- (lcfd)

========== Driver Services (SafeList) ==========

DRV - [2010.05.18 21:55:53 | 000,081,408 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\zxiwwbpdk7.sys -- (zxiwwbpdk7)
DRV - [2010.05.18 21:55:19 | 000,210,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2010.04.14 21:05:59 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.04.14 21:05:59 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009.05.27 21:56:39 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009.04.22 14:55:25 | 000,008,288 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TGRAB.SYS -- (TGrab)
DRV - [2009.04.22 14:55:24 | 000,006,107 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Eqnmirdd.sys -- (Eqnmirdd)
DRV - [2009.04.22 14:55:23 | 000,005,837 | ---- | M] (International Business Machines, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KEYEX2.SYS -- (KeyEx2)
DRV - [2009.04.22 14:55:23 | 000,004,638 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MOUEX2.SYS -- (MouEx2)
DRV - [2008.12.16 16:48:40 | 000,021,144 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2008.12.16 16:47:00 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2008.02.18 23:14:26 | 000,010,752 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CITMDRV.SYS -- (CITMDRV)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005.05.18 11:50:30 | 002,319,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005.04.07 13:34:30 | 000,923,826 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005.02.11 15:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2003.10.25 00:27:32 | 000,095,970 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intra2rs.ph.koop.cz
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.20 22:16:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.04.29 22:03:23 | 000,000,000 | ---D | M]

[2010.04.20 22:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\magdalena\Data aplikací\Mozilla\Extensions
[2010.05.18 18:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\magdalena\Data aplikací\Mozilla\Firefox\Profiles\pwgf7qja.default\extensions
[2010.04.20 22:47:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\magdalena\Data aplikací\Mozilla\Firefox\Profiles\pwgf7qja.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.04.02 16:34:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008.03.31 21:06:24 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2008.03.31 21:06:24 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2008.01.27 11:57:20 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2008.01.27 11:57:20 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2008.03.31 21:06:24 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.05.18 21:55:17 | 000,000,826 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.ghura.pl
O1 - Hosts: 127.0.0.1 ircgalaxy.pl
O1 - Hosts: 127.0.0.1 ru.brans.pl
O1 - Hosts: 127.0.0.1 zief.pl
O2 - BHO: (ADC PlugIn) - {149256D5-E103-4523-BB43-2CFB066839D6} - C:\Program Files\adc_w32.dll (ADC - AntiSpyware)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll ()
O4 - HKLM..\Run: [31779] C:\Documents and Settings\magdalena\Local Settings\Temp\nrktcvy.exe ()
O4 - Startup: C:\Documents and Settings\magdalena\Nabídka Start\Programy\Po spuštění\algeki32.exe (eSXi)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Microsoft Driver Setup = C:\WINDOWS\wndrive32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: rtw9ws = C:\DOCUME~1\MAGDAL~1\LOCALS~1\Temp\jo2lej.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: consentpromptbehavioradmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: enableinstallerdetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: enablelua = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zam.koop.int
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-1981917028-6495068474-523282379-4824\mgrls32.exe) - C:\RECYCLER\S-1-5-21-1981917028-6495068474-523282379-4824\mgrls32.exe ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O21 - SSODL: GootkitSSO - {1237A933-7692-47F7-8FF6-61673696BAFA} - C:\WINDOWS\system32\msxsltsso.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (TivoliAP) - C:\WINDOWS\System32\TivoliAP.dll (IBM Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.05 13:28:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.11.10 14:48:08 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1c324a1e-62a1-11df-bca2-0014a546bc17}\Shell\AutoRun\command - "" = F:\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{1c324a1e-62a1-11df-bca2-0014a546bc17}\Shell\open\command - "" = F:\RECYCLER\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- C:\Program Files\alggui.exe "%1" %* ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- C:\Program Files\alggui.exe "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2010.05.19 00:17:52 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\magdalena\Plocha\OTL.exe
[2010.05.18 22:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\scdata
[2010.05.18 21:56:26 | 000,238,592 | ---- | C] (ADC - AntiSpyware) -- C:\Program Files\adc_w32.dll
[2010.05.18 21:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\AKM Antivirus 2010 Pro
[2010.05.18 21:54:39 | 000,039,424 | ---- | C] (eSXi) -- C:\WINDOWS\System32\jpwrtryt.exe
[2010.05.18 21:54:39 | 000,039,424 | ---- | C] (eSXi) -- C:\Documents and Settings\magdalena\jpwrtryt.exe
[2010.05.18 21:54:37 | 000,182,784 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\regedit.exe
[2010.05.18 21:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.05.18 21:47:38 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.18 19:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2010.05.18 18:46:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.05.18 18:41:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\magdalena\Recent
[2010.05.18 18:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.05.18 18:09:04 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010.05.18 18:08:59 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2010.05.18 18:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2010.05.18 18:06:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2010.05.18 18:05:51 | 000,215,040 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM94.DLL
[2010.05.18 18:05:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2010.05.18 18:05:34 | 000,200,704 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC520L.DLL
[2010.05.18 18:05:34 | 000,188,416 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNC520O.DLL
[2010.05.18 18:05:34 | 000,098,304 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC520I.DLL
[2010.05.18 18:05:33 | 001,400,832 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC520C.DLL
[2010.05.18 18:05:19 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2010.04.20 22:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\magdalena\Local Settings\Data aplikací\Mozilla
[2010.04.20 22:16:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\magdalena\Data aplikací\Mozilla
[2010.04.20 21:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\magdalena\Local Settings\Data aplikací\Adobe
[2010.04.20 12:10:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.04.20 10:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\magdalena\Data aplikací\Macromedia
[2010.04.20 10:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\magdalena\Data aplikací\Adobe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.19 00:25:30 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\alhaooeg.sys
[2010.05.19 00:22:48 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.19 00:21:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.19 00:20:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.19 00:20:12 | 001,572,864 | ---- | M] () -- C:\Documents and Settings\magdalena\NTUSER.DAT
[2010.05.19 00:20:12 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\magdalena\ntuser.ini
[2010.05.18 22:07:51 | 000,000,003 | ---- | M] () -- C:\Program Files\wp3.dat
[2010.05.18 22:07:49 | 000,000,066 | ---- | M] () -- C:\Program Files\wp4.dat
[2010.05.18 21:59:59 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\magdalena\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010.05.18 21:56:30 | 000,032,768 | ---- | M] () -- C:\WINDOWS\System32\hgtd.ruy
[2010.05.18 21:56:29 | 000,065,024 | ---- | M] () -- C:\WINDOWS\System32\h7t.wt
[2010.05.18 21:56:29 | 000,054,784 | ---- | M] () -- C:\Program Files\alggui.exe
[2010.05.18 21:56:28 | 000,000,036 | ---- | M] () -- C:\Program Files\skynet.dat
[2010.05.18 21:56:28 | 000,000,009 | ---- | M] () -- C:\Program Files\nuar.old
[2010.05.18 21:56:27 | 000,238,592 | ---- | M] (ADC - AntiSpyware) -- C:\Program Files\adc_w32.dll
[2010.05.18 21:56:24 | 000,046,592 | ---- | M] () -- C:\Program Files\svchost.exe
[2010.05.18 21:56:20 | 000,001,726 | ---- | M] () -- C:\Documents and Settings\magdalena\Plocha\AKM Antivirus 2010 Pro.lnk
[2010.05.18 21:56:19 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010.05.18 21:56:19 | 000,098,304 | ---- | M] () -- C:\WINDOWS\System32\nmklo.dll
[2010.05.18 21:55:53 | 000,081,408 | ---- | M] () -- C:\WINDOWS\System32\drivers\zxiwwbpdk7.sys
[2010.05.18 21:55:49 | 000,228,352 | ---- | M] () -- C:\WINDOWS\System32\cooper.mine
[2010.05.18 21:55:40 | 000,000,038 | ---- | M] () -- C:\Documents and Settings\magdalena\online_{49c3c335-6a58-41c8-8034-3855ee78b887}
[2010.05.18 21:55:38 | 000,000,038 | ---- | M] () -- C:\Documents and Settings\magdalena\{49c3c335-6a58-41c8-8034-3855ee78b887}
[2010.05.18 21:55:33 | 000,042,496 | ---- | M] () -- C:\WINDOWS\System32\msxsltsso.dll
[2010.05.18 21:55:32 | 000,000,148 | ---- | M] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010.05.18 21:55:19 | 000,210,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys
[2010.05.18 21:55:19 | 000,210,816 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ndis.sys
[2010.05.18 21:55:18 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\magdalena\Data aplikací\avdrn.dat
[2010.05.18 21:54:40 | 000,039,424 | ---- | M] (eSXi) -- C:\Documents and Settings\magdalena\jpwrtryt.exe
[2010.05.18 21:54:39 | 000,039,424 | ---- | M] (eSXi) -- C:\WINDOWS\System32\jpwrtryt.exe
[2010.05.18 21:54:35 | 000,182,784 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\regedit.exe
[2010.05.18 21:54:27 | 000,025,088 | ---- | M] () -- C:\lsass.exe
[2010.05.18 21:46:14 | 000,094,208 | RHS- | M] () -- C:\WINDOWS\wndrive32.exe
[2010.05.18 20:42:22 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\magdalena\Plocha\OTL.exe
[2010.05.18 19:35:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\magdalena\Plocha\SpeedFan.lnk
[2010.05.18 19:35:29 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2010.05.18 18:48:06 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.05.18 18:48:06 | 000,000,320 | -HS- | M] () -- C:\boot.ini
[2010.05.18 18:48:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.18 18:44:17 | 000,087,886 | ---- | M] () -- C:\Documents and Settings\magdalena\Dokumenty\cc_20100518_184407.reg
[2010.05.18 18:24:15 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\magdalena\Plocha\CCleaner.lnk
[2010.05.18 18:02:05 | 060,116,395 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.05.17 10:28:00 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\magdalena\Plocha\RSIT.exe
[2010.05.17 07:37:16 | 005,361,386 | -H-- | M] () -- C:\Documents and Settings\magdalena\Local Settings\Data aplikací\IconCache.db
[2010.05.13 10:08:55 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.05.13 10:08:55 | 000,432,516 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.05.13 10:08:55 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.05.13 10:08:54 | 000,079,440 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.05.13 10:08:53 | 001,028,848 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.20 21:52:00 | 000,148,480 | ---- | M] () -- C:\Documents and Settings\magdalena\Plocha\Spolupráce IMPOL TRADE_Slovensko.xls
[2010.04.20 21:35:15 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\magdalena\Plocha\Spolupráce s IMPOL TRADE_Slovensko.doc
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.18 21:59:58 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\magdalena\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010.05.18 21:56:30 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\hgtd.ruy
[2010.05.18 21:56:29 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\h7t.wt
[2010.05.18 21:56:29 | 000,054,784 | ---- | C] () -- C:\Program Files\alggui.exe
[2010.05.18 21:56:28 | 000,000,009 | ---- | C] () -- C:\Program Files\nuar.old
[2010.05.18 21:56:24 | 000,046,592 | ---- | C] () -- C:\Program Files\svchost.exe
[2010.05.18 21:56:24 | 000,000,066 | ---- | C] () -- C:\Program Files\wp4.dat
[2010.05.18 21:56:24 | 000,000,036 | ---- | C] () -- C:\Program Files\skynet.dat
[2010.05.18 21:56:24 | 000,000,003 | ---- | C] () -- C:\Program Files\wp3.dat
[2010.05.18 21:56:20 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\magdalena\Plocha\AKM Antivirus 2010 Pro.lnk
[2010.05.18 21:56:19 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nmklo.dll
[2010.05.18 21:56:16 | 000,228,352 | ---- | C] () -- C:\WINDOWS\System32\cooper.mine
[2010.05.18 21:55:40 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\magdalena\online_{49c3c335-6a58-41c8-8034-3855ee78b887}
[2010.05.18 21:55:38 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\magdalena\{49c3c335-6a58-41c8-8034-3855ee78b887}
[2010.05.18 21:55:33 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\msxsltsso.dll
[2010.05.18 21:55:32 | 000,000,148 | ---- | C] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010.05.18 21:55:18 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\magdalena\Data aplikací\avdrn.dat
[2010.05.18 21:55:12 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\alhaooeg.sys
[2010.05.18 21:54:35 | 000,081,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\zxiwwbpdk7.sys
[2010.05.18 21:54:27 | 000,025,088 | ---- | C] () -- C:\lsass.exe
[2010.05.18 21:47:32 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\magdalena\Plocha\RSIT.exe
[2010.05.18 21:46:21 | 000,094,208 | RHS- | C] () -- C:\WINDOWS\wndrive32.exe
[2010.05.18 19:35:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\magdalena\Plocha\SpeedFan.lnk
[2010.05.18 19:35:26 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2010.05.18 18:44:12 | 000,087,886 | ---- | C] () -- C:\Documents and Settings\magdalena\Dokumenty\cc_20100518_184407.reg
[2010.05.18 18:24:13 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\magdalena\Plocha\CCleaner.lnk
[2010.04.20 21:52:00 | 000,148,480 | ---- | C] () -- C:\Documents and Settings\magdalena\Plocha\Spolupráce IMPOL TRADE_Slovensko.xls
[2010.04.20 10:26:44 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\magdalena\Plocha\Spolupráce s IMPOL TRADE_Slovensko.doc
[2009.05.10 19:20:56 | 000,491,520 | ---- | C] () -- C:\WINDOWS\WebIE.dll
[2009.05.10 19:20:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\TRNOET.DLL
[2009.05.10 19:20:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\TRNOEH.DLL
[2009.05.10 19:20:31 | 000,000,033 | ---- | C] () -- C:\WINDOWS\WTRDCTM.INI
[2009.05.10 19:19:57 | 000,002,753 | ---- | C] () -- C:\WINDOWS\UN32P.INI
[2009.05.10 19:18:36 | 000,002,476 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2009.05.10 19:18:27 | 000,002,192 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2009.05.10 19:18:26 | 000,004,578 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2009.04.22 15:06:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EQNRCMAI.INI
[2009.04.22 14:55:33 | 000,008,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\TGRAB.SYS
[2009.04.22 14:55:30 | 000,000,712 | ---- | C] () -- C:\WINDOWS\REMCON.INI
[2009.04.02 15:57:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS71.DLL
[2009.03.24 12:48:18 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\CITMDRV.SYS
[2009.03.24 12:48:04 | 000,000,319 | ---- | C] () -- C:\WINDOWS\swdis.ini
[2009.03.05 15:45:57 | 000,000,221 | ---- | C] () -- C:\WINDOWS\multi.ini
[2009.03.05 14:04:11 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2009.03.05 14:00:22 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009.03.05 14:00:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008.04.14 14:00:00 | 000,210,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndis.sys
[2005.04.07 13:33:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2005.04.07 13:33:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2005.04.07 13:33:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2005.04.07 13:33:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2005.04.07 13:33:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2005.04.07 13:32:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2005.04.07 13:32:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2005.04.07 13:32:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2005.04.07 13:32:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
< End of report >

#5 Příspěvek od **motji** » 18 kvě 2010 23:58

Combofix stahněte takto:
- pravým myšítkem klikněte na odkaz combofixu --uložit jako.. ,a teď ho přejmenujte na Potvora.com a uložte.

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

csw* · #6 Příspěvek od csw* » 20 kvě 2010 23:01

ComboFix 10-05-16.01 - magdalena 20.05.2010 21:43:18.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.446.270 [GMT 2:00]
Spuštěný z: c:\documents and settings\magdalena\Plocha\cokoliv.com.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\magdalena\Dokumenty\cc_20100518_184407.reg
c:\documents and settings\magdalena\jpwrtryt.exe
c:\documents and settings\magdalena\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\mchvastekova\Local Settings\Temporary Internet Files\MAILTRAN.INI
c:\documents and settings\mchvastekova\Local Settings\Temporary Internet Files\TRNCOM.INI
c:\program files\AKM Antivirus 2010 Pro
c:\program files\AKM Antivirus 2010 Pro\AKM Antivirus 2010 Pro.exe
c:\program files\alggui.exe
c:\program files\nuar.old
c:\program files\scdata
c:\program files\scdata\dbsinit.exe
c:\program files\scdata\images\i1.gif
c:\program files\scdata\images\i2.gif
c:\program files\scdata\images\i3.gif
c:\program files\scdata\images\j1.gif
c:\program files\scdata\images\j2.gif
c:\program files\scdata\images\j3.gif
c:\program files\scdata\images\jj1.gif
c:\program files\scdata\images\jj2.gif
c:\program files\scdata\images\jj3.gif
c:\program files\scdata\images\l1.gif
c:\program files\scdata\images\l2.gif
c:\program files\scdata\images\l3.gif
c:\program files\scdata\images\pix.gif
c:\program files\scdata\images\t1.gif
c:\program files\scdata\images\t2.gif
c:\program files\scdata\images\Thumbs.db
c:\program files\scdata\images\up1.gif
c:\program files\scdata\images\up2.gif
c:\program files\scdata\images\w1.gif
c:\program files\scdata\images\w11.gif
c:\program files\scdata\images\w2.gif
c:\program files\scdata\images\w3.jpg
c:\program files\scdata\images\word.doc
c:\program files\scdata\images\wt1.gif
c:\program files\scdata\images\wt2.gif
c:\program files\scdata\images\wt3.gif
c:\program files\scdata\wispex.html
c:\program files\skynet.dat
c:\program files\wp3.dat
c:\program files\wp4.dat
c:\windows\system32\cooper.mine
c:\windows\system32\driVERs\alhaooeg.sys
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\h7t.wt
c:\windows\system32\hgtd.ruy
c:\windows\system32\msxsltsso.dll
c:\windows\system32\nmklo.dll
c:\windows\system32\regedit.exe
c:\windows\system32\wbem\grpconv.exe

----- BITS: Možné infikované stránky -----

hxxp://dcadovzam2
c:\windows\system32\grpconv.exe chyběl.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\grpconv.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ADBUPD
-------\Service_AdbUpd
-------\Legacy_alhaooeg
-------\Service_alhaooeg

((((((((((((((((((((((((( Soubory vytvořené od 2010-04-20 do 2010-05-20 )))))))))))))))))))))))))))))))
.

2010-05-20 20:25 . 2008-04-14 06:52 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-05-20 20:25 . 2008-04-14 06:52 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-05-18 22:34 . 2010-05-18 22:51 -------- d-----w- C:\UsbFix
2010-05-18 19:56 . 2010-05-18 19:56 238592 ----a-w- c:\program files\adc_w32.dll
2010-05-18 19:54 . 2010-05-18 19:54 39424 ----a-w- c:\windows\system32\jpwrtryt.exe
2010-05-18 19:47 . 2010-05-18 19:47 -------- d-----w- c:\program files\trend micro
2010-05-18 19:47 . 2010-05-18 19:47 -------- d-----w- C:\rsit
2010-05-18 19:46 . 2010-05-18 19:46 94208 --sh--r- c:\windows\wndrive32.exe
2010-05-18 17:35 . 2010-05-18 19:55 -------- d-----w- c:\program files\SpeedFan
2010-05-18 16:23 . 2010-05-18 16:25 -------- d-----w- c:\program files\CCleaner
2010-05-18 16:09 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-18 16:09 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-18 16:08 . 2008-04-13 22:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-05-18 16:08 . 2008-04-13 22:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-05-18 16:08 . 2010-05-18 16:08 -------- d-----w- c:\program files\Common Files\CANON
2010-05-18 16:05 . 2007-05-21 20:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP94.DLL
2010-05-18 16:05 . 2007-05-21 20:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD94.DLL
2010-05-18 16:05 . 2007-05-21 20:00 215040 ----a-w- c:\windows\system32\CNMLM94.DLL
2010-05-18 16:05 . 2010-05-18 16:05 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2010-05-18 16:05 . 2007-03-23 07:29 98304 ----a-w- c:\windows\system32\CNC520I.DLL
2010-05-18 16:05 . 2007-03-19 01:23 200704 ----a-w- c:\windows\system32\CNC520L.DLL
2010-05-18 16:05 . 2007-03-15 05:12 188416 ----a-w- c:\windows\system32\CNC520O.DLL
2010-05-18 16:05 . 2007-03-23 07:30 1400832 ----a-w- c:\windows\system32\CNC520C.DLL
2010-05-18 16:05 . 2010-05-18 16:05 -------- d--h--w- c:\program files\CanonBJ

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 19:56 . 2008-04-14 12:00 578560 ----a-w- c:\windows\system32\user32.DLL
2010-05-18 16:10 . 2009-04-02 13:55 -------- d-----w- c:\program files\Canon
2010-05-13 08:08 . 2008-04-14 12:00 432516 ----a-w- c:\windows\system32\perfh005.dat
2010-05-13 08:08 . 2008-04-14 12:00 79440 ----a-w- c:\windows\system32\perfc005.dat
2010-05-04 06:59 . 2009-03-05 12:27 -------- d-----w- c:\program files\Kooperativa
2010-04-14 19:06 . 2009-03-05 12:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-14 19:05 . 2009-03-05 12:37 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-14 19:05 . 2009-03-05 12:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-11 12:36 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:11 . 2008-04-14 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}]
2010-05-18 19:56 238592 ----a-w- c:\program files\adc_w32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\magdalena\Nabˇdka Start\Programy\Po spuçtŘnˇ\
algeki32.exe [2008-4-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 0 (0x0)
"enableinstallerdetection"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-14 19:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 TivoliAP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Tivoli\\lcf\\bin\\w32-ix86\\mrt\\lcfd.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kooperativa\\KalkZiv\\Kalk_ziv.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows

R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-04-14 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-27 108552]
S1 TGrab;Tivoli Remote Control Text Grabber; [x]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2010-04-14 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2010-04-19 297752]
S2 CITMDRV;CITMDRV;c:\windows\System32\drivers\CITMDRV.SYS [2008-02-18 10752]
S2 InvokerUpdateService;InvokerUpdateService;c:\ais\Tahiti4\bin\InvokerService.exe [2009-03-05 176128]
S2 KoopPdfService;KoopPdfService;c:\program files\Kooperativa\Services\KoopPDFServer.exe [2010-05-10 447488]
S2 lcfd;Tivoli Endpoint;c:\tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe [2005-11-15 172032]
S2 TME10RC;Tivoli Remote Control Service;c:\windows\RCSERV.EXE [2009-04-22 77824]
S3 Eqnmirdd;Eqnmirdd;c:\windows\system32\DRIVERS\Eqnmirdd.sys [2009-04-22 6107]
S3 KeyEx2;Tivoli Remote Control Keyboard Filter; [x]
S3 MouEx2;Tivoli Remote Control Pointer Filter; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\magdalena\Data aplikací\Mozilla\Firefox\Profiles\pwgf7qja.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SSODL-GootkitSSO-{16C61E83-E409-4B52-BAF2-E56DEFDE7661} - c:\windows\System32\msxsltsso.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-20 22:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\windows\system32\drivers\zxiwwbpdk7.sys 81408 bytes executable
c:\documents and settings\magdalena\Nabídka Start\Programy\Po spuštění\algeki32.exe 29696 bytes executable

sken byl úspešně dokončen
skryté soubory: 2

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe >>UNKNOWN [0x8436E0E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75b3f28
\Driver\ACPI -> ACPI.sys @ 0xf7506cb8
\Driver\atapi -> atapi.sys @ 0xf747a852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac SendCompleteHandler -> NDIS.sys @ 0x842f9bb0
PacketIndicateHandler -> NDIS.sys @ 0x84306a21
SendHandler -> NDIS.sys @ 0x842e487b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zxiwwbpdk7]
"ImagePath"="system32\drivers\zxiwwbpdk7.sys"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(984)
c:\windows\system32\TivoliAP.dll

- - - - - - - > 'explorer.exe'(5132)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\Office12\1029\GrooveIntlResource.dll
c:\windows\WebIE.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\NOTEPAD.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Celkový čas: 2010-05-20 23:59:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-20 21:57

Před spuštěním: 2 254 270 464
Po spuštění: 2 324 701 184

- - End Of File - - 523F52A1D3F4888CB73A9E9214CE3216

#7 Příspěvek od **motji** » 20 kvě 2010 23:12

Otestujte na http://www.virustotal.com

c:\windows\system32\user32.DLL
c:\windows\system32\DRIVERS\Eqnmirdd.sys
C:\WINDOWS\System32\drivers\ndis.sys

-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše


Killall::

Rootkit::
c:\windows\system32\drivers\zxiwwbpdk7.sys

Collect::
c:\program files\adc_w32.dll
c:\windows\system32\jpwrtryt.exe
C:\Program Files\svchost.exe
C:\WINDOWS\System32\regedit.exe
c:\windows\wndrive32.exe
c:\documents and settings\magdalena\Nabídka Start\Programy\Po spuštění\
algeki32.exe
C:\lsass.exe
C:\Documents and Settings\magdalena\Data aplikací\avdrn.dat
C:\Documents and Settings\magdalena\Plocha\AKM Antivirus 2010 Pro.lnk

Dirlook::
C:\Documents and Settings\magdalena\online_{49c3c335-6a58-41c8-8034-3855ee78b887}
C:\Documents and Settings\magdalena\{49c3c335-6a58-41c8-8034-3855ee78b887}

Registry:
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}]

Driver::
zxiwwbpdk7

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Znáte tyto dvě složky?
C:\Documents and Settings\magdalena\online_{49c3c335-6a58-41c8-8034-3855ee78b887}
C:\Documents and Settings\magdalena\{49c3c335-6a58-41c8-8034-3855ee78b887}

Na tomto počítači používáte vzdálenou správu?

csw* · #8 Příspěvek od csw* » 21 kvě 2010 09:40

Soubory otestovat nelze...jedině přenést do jiného PC, ale PC je zpomalené tak, že čekám 20 min. než najede prohlížeč. Asi si umíte představit kolik trvá otestování. Zkoušel jsem to, ale za hodinu to bylo na stejném místě:)

PC vzdálenou správu má.

Ty dvě složky na C:/magdalena.... neznám, můžeme smazat.

Teď se snažím o spuštění combofixu, ale vzhledem k rychlosti PC skoro uvažuji, jestli jej nejdříve nedát opravit

a poté odvšivit.

#9 Příspěvek od **motji** » 21 kvě 2010 09:57

Nechte nejprve pc opravit, pokud se přehřívá, nemá cenu něco dál dělat. Až bude opravený, ozvěte se

csw* · #10 Příspěvek od csw* » 21 kvě 2010 16:14

ComboFix 10-05-16.01 - magdalena 21.05.2010 17:38:12.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.446.133 [GMT 2:00]
Spuštěný z: c:\documents and settings\magdalena\Plocha\cokoliv.com.exe
Použité ovládací přepínače :: c:\documents and settings\magdalena\Plocha\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

file zipped: c:\program files\adc_w32.dll
file zipped: c:\windows\system32\jpwrtryt.exe
file zipped: c:\windows\wndrive32.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\adc_w32.dll
c:\windows\system32\jpwrtryt.exe
c:\windows\system32\msxsltsso.dll
c:\windows\wndrive32.exe

Nakažená kopie c:\windows\system32\drivers\ndis.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\ndis.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-21 do 2010-05-21 )))))))))))))))))))))))))))))))
.

2010-05-21 08:57 . 2010-05-21 09:03 -------- d-----w- C:\cokoliv.com18038c
2010-05-20 21:57 . 2010-05-20 21:57 -------- d--h--w- c:\windows\PIF
2010-05-20 20:25 . 2008-04-14 06:52 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-05-20 20:25 . 2008-04-14 06:52 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-05-20 19:17 . 2010-05-20 22:03 -------- d-----w- C:\cokoliv.com
2010-05-18 22:34 . 2010-05-18 22:51 -------- d-----w- C:\UsbFix
2010-05-18 19:47 . 2010-05-18 19:47 -------- d-----w- c:\program files\trend micro
2010-05-18 19:47 . 2010-05-18 19:47 -------- d-----w- C:\rsit
2010-05-18 17:35 . 2010-05-21 14:41 -------- d-----w- c:\program files\SpeedFan
2010-05-18 16:23 . 2010-05-18 16:25 -------- d-----w- c:\program files\CCleaner
2010-05-18 16:09 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-18 16:09 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-18 16:08 . 2008-04-13 22:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-05-18 16:08 . 2008-04-13 22:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-05-18 16:08 . 2010-05-18 16:08 -------- d-----w- c:\program files\Common Files\CANON
2010-05-18 16:05 . 2007-05-21 20:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP94.DLL
2010-05-18 16:05 . 2007-05-21 20:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD94.DLL
2010-05-18 16:05 . 2007-05-21 20:00 215040 ----a-w- c:\windows\system32\CNMLM94.DLL
2010-05-18 16:05 . 2010-05-18 16:05 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2010-05-18 16:05 . 2007-03-23 07:29 98304 ----a-w- c:\windows\system32\CNC520I.DLL
2010-05-18 16:05 . 2007-03-19 01:23 200704 ----a-w- c:\windows\system32\CNC520L.DLL
2010-05-18 16:05 . 2007-03-15 05:12 188416 ----a-w- c:\windows\system32\CNC520O.DLL
2010-05-18 16:05 . 2007-03-23 07:30 1400832 ----a-w- c:\windows\system32\CNC520C.DLL
2010-05-18 16:05 . 2010-05-18 16:05 -------- d--h--w- c:\program files\CanonBJ

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-21 15:43 . 2008-04-14 12:00 578560 ----a-w- c:\windows\system32\user32.dll
2010-05-18 16:10 . 2009-04-02 13:55 -------- d-----w- c:\program files\Canon
2010-05-13 08:08 . 2008-04-14 12:00 432516 ----a-w- c:\windows\system32\perfh005.dat
2010-05-13 08:08 . 2008-04-14 12:00 79440 ----a-w- c:\windows\system32\perfc005.dat
2010-05-04 06:59 . 2009-03-05 12:27 -------- d-----w- c:\program files\Kooperativa
2010-04-14 19:06 . 2009-03-05 12:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-14 19:05 . 2009-03-05 12:37 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-14 19:05 . 2009-03-05 12:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-11 12:36 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:11 . 2008-04-14 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
Infected c:\windows\system32\user32.dll hex repaired

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\magdalena\{49c3c335-6a58-41c8-8034-3855ee78b887} ----

---- Directory of c:\documents and settings\magdalena\online_{49c3c335-6a58-41c8-8034-3855ee78b887} ----

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\magdalena\Nabˇdka Start\Programy\Po spuçtŘnˇ\
algeki32.exe [2008-4-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 0 (0x0)
"enableinstallerdetection"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-14 19:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 TivoliAP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Tivoli\\lcf\\bin\\w32-ix86\\mrt\\lcfd.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kooperativa\\KalkZiv\\Kalk_ziv.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5.3.2009 14:37 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5.3.2009 14:37 108552]
R1 TGrab;Tivoli Remote Control Text Grabber;c:\windows\system32\drivers\TGRAB.SYS [22.4.2009 14:55 8288]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5.3.2009 14:37 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5.3.2009 14:37 297752]
R2 CITMDRV;CITMDRV;c:\windows\system32\drivers\CITMDRV.SYS [24.3.2009 12:48 10752]
R2 InvokerUpdateService;InvokerUpdateService;c:\ais\Tahiti4\bin\InvokerService.exe [5.3.2009 14:42 176128]
R2 KoopPdfService;KoopPdfService;c:\program files\Kooperativa\Services\KoopPDFServer.exe [6.4.2010 15:39 447488]
R2 lcfd;Tivoli Endpoint;c:\tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe [5.3.2009 15:45 172032]
R2 TME10RC;Tivoli Remote Control Service;c:\windows\RCSERV.EXE [22.4.2009 14:55 77824]
R3 Eqnmirdd;Eqnmirdd;c:\windows\system32\drivers\Eqnmirdd.sys [22.4.2009 14:55 6107]
R3 KeyEx2;Tivoli Remote Control Keyboard Filter;c:\windows\system32\drivers\KEYEX2.SYS [22.4.2009 14:55 5837]
R3 MouEx2;Tivoli Remote Control Pointer Filter;c:\windows\system32\drivers\MOUEX2.SYS [22.4.2009 14:55 4638]
S1 zxiwwbpdk7;zxiwwbpdk7.sys;c:\windows\system32\drivers\zxiwwbpdk7.sys --> c:\windows\system32\drivers\zxiwwbpdk7.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.4.2008 14:00 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\magdalena\Data aplikací\Mozilla\Firefox\Profiles\pwgf7qja.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{149256D5-E103-4523-BB43-2CFB066839D6} - c:\program files\adc_w32.dll
SSODL-GootkitSSO-{22265131-B348-4FAB-889F-5B9BFF82AB7C} - c:\windows\System32\msxsltsso.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-21 17:49
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\documents and settings\magdalena\Nabídka Start\Programy\Po spuštění\algeki32.exe 29696 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(892)
c:\windows\system32\TivoliAP.dll

- - - - - - - > 'explorer.exe'(3328)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
**************************************************************************
.
Celkový čas: 2010-05-21 18:07:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-21 16:07
ComboFix2.txt 2010-05-20 21:59

Před spuštěním: 2 428 542 976
Po spuštění: 2 422 390 784

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - D05E8F42EC4E72E5DA2BDE590E0ADB1F

#11 Příspěvek od **motji** » 21 kvě 2010 16:50

Stáhněte Avenger
http://swandog46.geekstogo.com/avenger.exe

-spustíte program a potvrdíte kliknutím na ok,tím potvrzujete, že všechny činnosti s tím spojené činíte na vlastní riziko.
-Po odkliknutí se objeví hlavní okno programu,do bílého okna něj zkopírujte tento skript:

Kód: Vybrat vše


Files to delete:
c:\documents and settings\magdalena\Nabídka Start\Programy\Po spuštění\algeki32.exe

-zaškrtněte políčko scan for rootkits

a klikněte na tlačítko Execute.
-Potom se objeví okno,kde kliknutím Yes potvrdíte spuštění skriptu. Pak znovu tlačítkem yes potvrdíte restart počítače.
-Po restartu by se měl otevřít poznámkový blok s logem o vykonání skriptu, bude také uložený v C:\avenger.txt.
-Log vložte sem

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Otestujte na http://www.virustotal.com
c:\windows\system32\user32.DLL
c:\windows\system32\DRIVERS\Eqnmirdd.sys
C:\WINDOWS\System32\drivers\ndis.sys

Složky smažte
C:\Documents and Settings\magdalena\online_{49c3c335-6a58-41c8-8034-3855ee78b887}
C:\Documents and Settings\magdalena\{49c3c335-6a58-41c8-8034-3855ee78b887}

csw* · #12 Příspěvek od csw* » 21 kvě 2010 18:48

Tak PC to bohužel neustálo. Nenajelo ani přes nouzák. Kurzor blikal na monitoru přes 40 min.

Vrátil jsem jej do "poslední fungující verze".

csw* · #13 Příspěvek od csw* » 21 kvě 2010 18:55

Soubor user32.dll přijatý 2010.03.13 15:37:34 (UTC)
Současný stav: Dokončeno
Výsledek: 0/42 (0.00%)
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.13 -
AhnLab-V3 5.0.0.2 2010.03.12 -
AntiVir 8.2.1.180 2010.03.12 -
Antiy-AVL 2.0.3.7 2010.03.12 -
Authentium 5.2.0.5 2010.03.13 -
Avast 4.8.1351.0 2010.03.13 -
Avast5 5.0.332.0 2010.03.13 -
AVG 9.0.0.787 2010.03.13 -
BitDefender 7.2 2010.03.13 -
CAT-QuickHeal 10.00 2010.03.13 -
ClamAV 0.96.0.0-git 2010.03.13 -
Comodo 4248 2010.03.13 -
DrWeb 5.0.1.12222 2010.03.13 -
eSafe 7.0.17.0 2010.03.11 -
eTrust-Vet 35.2.7359 2010.03.12 -
F-Prot 4.5.1.85 2010.03.12 -
F-Secure 9.0.15370.0 2010.03.13 -
Fortinet 4.0.14.0 2010.03.13 -
GData 19 2010.03.13 -
Ikarus T3.1.1.80.0 2010.03.13 -
Jiangmin 13.0.900 2010.03.13 -
K7AntiVirus 7.10.996 2010.03.12 -
Kaspersky 7.0.0.125 2010.03.13 -
McAfee 5918 2010.03.12 -
McAfee+Artemis 5918 2010.03.12 -
McAfee-GW-Edition 6.8.5 2010.03.13 -
Microsoft 1.5502 2010.03.12 -
NOD32 4940 2010.03.12 -
Norman 6.04.08 2010.03.13 -
nProtect 2009.1.8.0 2010.03.13 -
Panda 10.0.2.2 2010.03.13 -
PCTools 7.0.3.5 2010.03.13 -
Prevx 3.0 2010.03.13 -
Rising 22.38.04.03 2010.03.12 -
Sophos 4.51.0 2010.03.13 -
Sunbelt 5856 2010.03.13 -
Symantec 20091.2.0.41 2010.03.13 -
TheHacker 6.5.2.0.232 2010.03.13 -
TrendMicro 9.120.0.1004 2010.03.13 -
VBA32 3.12.12.2 2010.03.12 -
ViRobot 2010.3.13.2226 2010.03.13 -
VirusBuster 5.0.27.0 2010.03.13 -
Rozšiřující informace
File size: 578560 bytes
MD5 : e16e0990967374e76f3e40cacafd3d53
SHA1 : ba27aea7ff2fc295a04d1f3c43b8153c3da91992
SHA256: 1e80fa123c1d2557e1dc519d72b3fba6113dd1d8933efe0b96581cd067f0fa70
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xB217
timedatestamp.....: 0x4802CD7A (Mon Apr 14 05:20:26 2008)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5F283 0x5F400 6.65 6d8251c614bd1d941a7e50353a1b314c
.data 0x61000 0x1180 0xC00 2.37 775119e98796af9b8a849dd1f6e4f377
.rsrc 0x63000 0x2A10C 0x2A200 5.01 ebe666284220151c4d9906a1ef1cff9e
.reloc 0x8E000 0x2DE4 0x2E00 6.77 68ebe5a2d822be0663a3e935b39d0bae

( 0 imports )

( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 6144:QMtUG2qbvmfPYjo6QK86tQGdscawPX10BhTruuGVuKtNYmLlLyUTuyGEDSu3ZmDk:b2++fsZ86q5caW0VhG86xxcEPZmzn
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Opera_n_ syst_m Microsoft_ Windows_
description..: Windows XP USER API Client DLL
original name: user32
internal name: user32
file version.: 5.1.2600.5512 (xpsp.080413-2105)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
CWSandbox: http://research.sunbelt-software.com/pa ... cacafd3d53
RDS : NSRL Reference Data Set
-

VAROVÁNÍ VAROVÁNÍ: VirusTotal je služba poskytovaná zdarma společnosti Hispasec

csw* · #14 Příspěvek od csw* » 21 kvě 2010 19:02

Soubor Eqnmirdd.sys přijatý 2010.05.21 18:00:34 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/40 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.21.00 2010.05.20 -
AntiVir 8.2.1.242 2010.05.21 -
Antiy-AVL 2.0.3.7 2010.05.21 -
Authentium 5.2.0.5 2010.05.21 -
Avast 4.8.1351.0 2010.05.21 -
Avast5 5.0.332.0 2010.05.21 -
AVG 9.0.0.787 2010.05.21 -
BitDefender 7.2 2010.05.21 -
CAT-QuickHeal 10.00 2010.05.21 -
ClamAV 0.96.0.3-git 2010.05.21 -
Comodo 4900 2010.05.21 -
DrWeb 5.0.2.03300 2010.05.21 -
eSafe 7.0.17.0 2010.05.20 -
eTrust-Vet 35.2.7502 2010.05.21 -
F-Prot 4.6.0.103 2010.05.20 -
F-Secure 9.0.15370.0 2010.05.21 -
Fortinet 4.1.133.0 2010.05.21 -
GData 21 2010.05.21 -
Ikarus T3.1.1.84.0 2010.05.21 -
Jiangmin 13.0.900 2010.05.21 -
Kaspersky 7.0.0.125 2010.05.21 -
McAfee 5.400.0.1158 2010.05.21 -
McAfee-GW-Edition 2010.1 2010.05.21 -
Microsoft 1.5802 2010.05.21 -
NOD32 5136 2010.05.21 -
Norman 6.04.12 2010.05.21 -
nProtect 2010-05-21.01 2010.05.21 -
Panda 10.0.2.7 2010.05.21 -
PCTools 7.0.3.5 2010.05.21 -
Rising 22.48.04.04 2010.05.21 -
Sophos 4.53.0 2010.05.21 -
Sunbelt 6334 2010.05.21 -
Symantec 20101.1.0.89 2010.05.21 -
TheHacker 6.5.2.0.284 2010.05.20 -
TrendMicro 9.120.0.1004 2010.05.21 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.21 -
VBA32 3.12.12.5 2010.05.21 -
ViRobot 2010.5.20.2326 2010.05.21 -
VirusBuster 5.0.27.0 2010.05.21 -
Rozšiřující informace
File size: 6107 bytes
MD5...: 9dfcb051e3f5c897961421225240d2e6
SHA1..: 093e61bd28293a76c474c1a70564b6f22178dcf0
SHA256: 280fc2570b8950b930c418f5a32fb4ce7dd188f1738e5409ae1f55939ebc7f79
ssdeep: 96:weUJ6xAnNNdNV5+jhehmv9Jpg8YX3QjJ3qZ3t43LXRl4T/GqbLmjuTWd:wf6x
And0npBYQjhqZ3SwCPd
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x52c
timedatestamp.....: 0x429c2733 (Tue May 31 08:58:27 2005)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2c0 0xa84 0xaa0 5.85 dfccd05f8070bf13935848ef76e8535b
.rdata 0xd60 0xb4 0xc0 2.47 55b3156905170df8d0b9e4a11b28006d
.data 0xe20 0xc 0x20 0.00 70bc8f4b72a86921468bf8e8441dce51
INIT 0xe40 0x222 0x240 4.88 eb0e42ea2ef9002d70667778a0d85f8a
.rsrc 0x1080 0x3c8 0x3e0 3.21 0f0c6963a769b25d1f2b71309899be44
.reloc 0x1460 0xc6 0xe0 3.67 e2a320b574d379eec6b4f2174059c3da

( 2 imports )
> ntoskrnl.exe: ExAllocatePoolWithTag, ZwSetValueKey, RtlAppendUnicodeToString, RtlInitUnicodeString, ZwEnumerateKey, MmBuildMdlForNonPagedPool, MmProbeAndLockPages, IoAllocateMdl, ZwClose, ZwOpenKey, MmUnlockPages, MmUnmapLockedPages, ZwQueryValueKey, MmMapLockedPagesSpecifyCache, ExFreePool, IoFreeMdl
> VIDEOPRT.SYS: VideoPortInt10, VideoPortZeroMemory, VideoPortInitialize

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: IBM Corp.
copyright....: (c) Copyright IBM Corp. 1996, 2004. All rights reserved.
product......: IBM Tivoli Remote Control
description..: IBM Tivoli Remote Control Miniport Driver
original name: Eqnmirdd.sys
internal name: Eqnmirdd.sys
file version.: 2.0.3.0
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned

csw* · #15 Příspěvek od csw* » 21 kvě 2010 19:15

Soubor ndis.sys přijatý 2010.05.21 02:52:10 (UTC)
Současný stav: Dokončeno
Výsledek: 0/41 (0.00%)
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.21.00 2010.05.20 -
AntiVir 8.2.1.242 2010.05.20 -
Antiy-AVL 2.0.3.7 2010.05.19 -
Authentium 5.2.0.5 2010.05.21 -
Avast 4.8.1351.0 2010.05.20 -
Avast5 5.0.332.0 2010.05.20 -
AVG 9.0.0.787 2010.05.20 -
BitDefender 7.2 2010.05.21 -
CAT-QuickHeal 10.00 2010.05.20 -
ClamAV 0.96.0.3-git 2010.05.21 -
Comodo 4897 2010.05.21 -
DrWeb 5.0.2.03300 2010.05.21 -
eSafe 7.0.17.0 2010.05.20 -
eTrust-Vet 35.2.7501 2010.05.20 -
F-Prot 4.6.0.103 2010.05.20 -
F-Secure 9.0.15370.0 2010.05.21 -
Fortinet 4.1.133.0 2010.05.20 -
GData 21 2010.05.21 -
Ikarus T3.1.1.84.0 2010.05.21 -
Jiangmin 13.0.900 2010.05.20 -
Kaspersky 7.0.0.125 2010.05.21 -
McAfee 5.400.0.1158 2010.05.21 -
McAfee-GW-Edition 2010.1 2010.05.20 -
Microsoft 1.5802 2010.05.20 -
NOD32 5133 2010.05.20 -
Norman 6.04.12 2010.05.20 -
nProtect 2010-05-20.02 2010.05.20 -
Panda 10.0.2.7 2010.05.20 -
PCTools 7.0.3.5 2010.05.21 -
Prevx 3.0 2010.05.21 -
Rising 22.48.04.01 2010.05.21 -
Sophos 4.53.0 2010.05.21 -
Sunbelt 6331 2010.05.21 -
Symantec 20101.1.0.89 2010.05.20 -
TheHacker 6.5.2.0.284 2010.05.20 -
TrendMicro 9.120.0.1004 2010.05.20 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.21 -
VBA32 3.12.12.5 2010.05.20 -
ViRobot 2010.5.20.2326 2010.05.20 -
VirusBuster 5.0.27.0 2010.05.21 -
Rozšiřující informace
File size: 182656 bytes
MD5 : 1df7f42665c94b825322fae71721130d
SHA1 : b8e7cce36011313b3b908c7ebfa598057847d340
SHA256: fe0dcb728471465b39a42a7511f4133021fba5df88f88bcb5fe2ff34cfd713f9
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x39105
timedatestamp.....: 0x48025D03 (Sun Apr 13 21:20:35 2008)
machinetype.......: 0x14C (Intel I386)

( 16 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0x56F9 0x5700 6.41 96ae3e7d4b54cdd29c0de009162eef7e
.rdata 0x5B80 0x504 0x580 5.20 041d70cc3aed48578be848dc47e39316
.data 0x6100 0xA78 0xA80 0.87 bac7845573b70c4539c4af447cb1bb75
PAGENPNP 0x6B80 0xEC0B 0xEC80 6.46 789cb7199349e9c83c0df68913fc68e4
PAGENDSP 0x15800 0x35BC 0x3600 6.37 db6587f00f71f77e939f18bfef43316f
PAGENDSM 0x18E00 0x5CCC 0x5D00 6.46 6d72571c2cc585816e8c40c7d955c3ba
PAGENDCO 0x1EB00 0x25DD 0x2600 6.37 488075e753b6887aa84713da3e15909a
PAGENDSF 0x21100 0x18DA 0x1900 6.35 c353c4eca24461e7f063cc3ff2d42ddb
PAGENDSE 0x22A00 0x12A4 0x1300 6.27 98988eaa9cee24a419c2b2f3c43ab1ae
PAGENDST 0x23D00 0xD7D 0xD80 6.49 f984580405adf4a4bddefea5c5fa137b
PAGENDSA 0x24A80 0x10C6 0x1100 6.37 10d5f5ea54fc04f6ff9ad1f9fb7ec70a
.edata 0x25B80 0x2559 0x2580 5.52 4e9be9ea659f7cea15058825f12b52f8
PAGE 0x28100 0xF98 0x1000 5.35 e490c30bdc097229eb86dd0e1b45b3a0
INIT 0x29100 0x1D14 0x1D80 6.01 c9cd4b5a9abf37c2b10a60181a3f2e15
.rsrc 0x2AE80 0x3E0 0x400 3.36 031b20e15238ac104a8c5cf753f0522c
.reloc 0x2B280 0x16F0 0x1700 6.75 8d90c4c92326950ec06264028062bbc6

( 0 imports )

( 0 exports )

VIRY.CZ

Druhé PC pro Motji

Druhé PC pro Motji

Re: Druhé PC pro Motji

Re: Druhé PC pro Motji

Re: Druhé PC pro Motji

Re: Druhé PC pro Motji

Re: Druhé PC pro Motji

Re: Druhé PC pro Motji

Re: Druhé PC pro Motji

Re: Druhé PC pro Motji

Re: Druhé PC pro Motji

Re: Druhé PC pro Motji

Re: Druhé PC pro Motji

Re: Druhé PC pro Motji

Re: Druhé PC pro Motji

Re: Druhé PC pro Motji