Pls o kontrolu

Zpráva

Misel1 · #1 Příspěvek od **Misel1** » 13 čer 2010 17:06

Logfile of random's system information tool 1.07 (written by random/random)
Run by Libor at 2010-06-13 18:04:53
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 438 GB (92%) free of 477 GB
Total RAM: 3582 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:05:08, on 13.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Libor\Plocha\RSIT.exe
C:\Program Files\trend micro\Libor.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://217.126.235.138:8888/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pracovní stanice lanmanworkstationPlugPlay (lanmanworkstationPlugPlay) - Unknown owner - C:\WINDOWS\system32\appendq.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\qxchost.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Wyeke Service - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\Wyeke\wyeke127.exe (file missing)

--
End of file - 9295 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1180395095-4025279379-689279713-1007.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1180395095-4025279379-689279713-1007.job
C:\WINDOWS\tasks\SLOW-PCfighter-Libor-Startup.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{8D783746-D266-4E5C-8D7A-DA5BAC52774A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-14 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-06-02 1615200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-03 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2009-09-25 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2009-09-25 1953792]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-06-26 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-06-26 86016]
"GEST"=C:\Program Files\GIGABYTE\GEST\RUN.exe [2009-09-25 236040]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2009-09-25 69632]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-06-02 2065248]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-14 202256]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 171008]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2009-09-25 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-03-12 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\GIGABYTE\GEST\run.exe"="C:\Program Files\GIGABYTE\GEST\run.exe:*:Enabled:update"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Průzkumník Windows"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15b78cfc-7f3a-11de-8581-0009dd5007bd}]
shell\AutoRun\command - I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe
shell\open\command - I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15b78cfd-7f3a-11de-8581-0009dd5007bd}]
shell\AutoRun\command - I:\NokiaPCIA_Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40c9ab87-9166-11de-85a0-0009dd5007bd}]
shell\AutoRun\command - I:\NokiaPCIA_Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d712fbe-533f-11de-8536-0009dd5007bd}]
shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe
shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f1b07be-e682-11de-862c-001fd0834d78}]
shell\AutoRun\command - RECYCLER\autorun.exe
shell\open\command - RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d8f488e-b996-11de-85e3-001fd0834d78}]
shell\AutoRun\command - I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe
shell\open\command - I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a6f4e42-f3ce-11dd-8490-0009dd5007bd}]
shell\AutoRun\command - I:\Autorun.exe /run
shell\Shell00\command - I:\Autorun.exe /run
shell\Shell01\command - I:\Autorun.exe /action
shell\Shell02\command - I:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c31c8c2c-a34e-11dd-8445-001fd0834d78}]
shell\AutoRun\command - qr.exe
shell\open\command - qr.exe

======List of files/folders created in the last 1 months======

2010-06-13 18:04:54 ----D---- C:\Program Files\trend micro
2010-06-13 18:04:53 ----D---- C:\rsit
2010-06-13 18:03:54 ----D---- C:\Program Files\Mozilla Firefox
2010-06-13 17:59:17 ----D---- C:\WINDOWS\pss
2010-06-10 17:17:04 ----D---- C:\Program Files\Reference Assemblies
2010-06-09 23:30:42 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-09 23:29:21 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-09 23:28:47 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-09 23:27:03 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-09 23:27:00 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-09 23:26:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-05-31 14:37:59 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-05-29 19:47:32 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-05-29 19:39:15 ----D---- C:\Config.Msi
2010-05-26 16:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$

======List of files/folders modified in the last 1 months======

2010-06-13 18:05:00 ----D---- C:\WINDOWS\Prefetch
2010-06-13 18:04:54 ----D---- C:\Program Files
2010-06-13 18:04:17 ----D---- C:\Documents and Settings\Libor\Data aplikací\Mozilla
2010-06-13 18:01:10 ----D---- C:\WINDOWS\Temp
2010-06-13 18:01:00 ----RASH---- C:\boot.ini
2010-06-13 18:01:00 ----A---- C:\WINDOWS\win.ini
2010-06-13 18:01:00 ----A---- C:\WINDOWS\system.ini
2010-06-13 17:59:17 ----D---- C:\WINDOWS
2010-06-13 16:20:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-13 16:20:17 ----SD---- C:\WINDOWS\Tasks
2010-06-10 23:17:03 ----SHD---- C:\WINDOWS\Installer
2010-06-10 23:00:13 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-10 23:00:10 ----RSD---- C:\WINDOWS\assembly
2010-06-10 17:16:46 ----D---- C:\WINDOWS\system32
2010-06-10 17:16:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-10 17:16:22 ----D---- C:\WINDOWS\WinSxS
2010-06-10 14:48:16 ----D---- C:\WINDOWS\Debug
2010-06-09 23:30:46 ----HD---- C:\WINDOWS\inf
2010-06-09 23:30:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-09 23:29:20 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-09 23:28:40 ----D---- C:\Program Files\Internet Explorer
2010-06-09 22:51:48 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-05 10:05:58 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-02 20:11:56 ----D---- C:\WINDOWS\system32\drivers
2010-05-31 14:37:57 ----D---- C:\Program Files\Java
2010-05-30 12:56:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-05-30 12:55:59 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-05-30 12:55:52 ----D---- C:\Program Files\Outlook Express
2010-05-30 12:55:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-30 12:40:29 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-29 19:50:04 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-05-29 19:49:56 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-05-29 19:49:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-05-29 19:49:17 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-05-29 19:47:09 ----D---- C:\WINDOWS\system32\CatRoot
2010-05-29 19:42:14 ----D---- C:\WINDOWS\system32\config
2010-05-29 19:41:54 ----D---- C:\WINDOWS\system32\wbem
2010-05-29 19:41:54 ----D---- C:\WINDOWS\Registration
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-12 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-02 29584]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-06-02 242896]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-06-26 6555168]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 mwpmqqxitfnayr;mwpmqqxitfnayr; \??\C:\WINDOWS\system32\drivers\ltchz.sys []
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\adusbser.sys [2006-10-23 93440]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys []
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-30 47360]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-12 308064]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-06-26 159812]
R2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-09-13 198336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-12-27 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-12-27 107832]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 lanmanworkstationPlugPlay;Pracovní stanice lanmanworkstationPlugPlay; C:\WINDOWS\system32\appendq.exe srv []
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 Microsoft Agent;Microsoft Agent; C:\WINDOWS\system32\dllcache\qxchost.exe []
S2 Wyeke Service;Wyeke Service; C:\Documents and Settings\All Users\Data aplikací\Wyeke\wyeke127.exe C:\Program Files\Wyeke\wyeke.dll Service []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-09-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-09-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2009-09-25 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2009-09-25 2528960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2009-09-25 65795]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [2009-09-17 651776]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-09-25 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Misel1 · #2 Příspěvek od **Misel1** » 13 čer 2010 17:14

ctecky karet (primo v PC)

Misel1 · #3 Příspěvek od **Misel1** » 13 čer 2010 18:11

ComboFix 10-06-12.04 - Libor 13.06.2010 18:49:44.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3582.3053 [GMT 2:00]
Spuštěný z: c:\documents and settings\Libor\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\windows\jestertb.dll
c:\windows\OPTIONS\CABS\_desktop.ini
c:\windows\system32\3299818548.dat
c:\windows\system32\drivers\str.sys

c:\windows\system32\accwiz.exe . . . je infikován!!

c:\windows\system32\attrib.exe . . . je infikován!!

c:\windows\system32\cisvc.exe . . . je infikován!!

c:\windows\system32\cleanmgr.exe . . . je infikován!!

c:\windows\system32\clipsrv.exe . . . je infikován!!

c:\windows\system32\cmd.exe . . . je infikován!!

c:\windows\system32\defrag.exe . . . je infikován!!

c:\windows\system32\dfrgntfs.exe . . . je infikován!!

c:\windows\system32\dllhost.exe . . . je infikován!!

c:\windows\system32\dmadmin.exe . . . je infikován!!

c:\windows\system32\dpnsvr.exe . . . je infikován!!

c:\windows\system32\dumprep.exe . . . je infikován!!

c:\windows\system32\dwwin.exe . . . je infikován!!

c:\windows\system32\grpconv.exe . . . je infikován!!

c:\windows\system32\iexpress.exe . . . je infikován!!

c:\windows\system32\imapi.exe . . . je infikován!!

c:\windows\system32\locator.exe . . . je infikován!!

c:\windows\system32\logonui.exe . . . je infikován!!

c:\windows\system32\mmc.exe . . . je infikován!!

c:\windows\system32\mnmsrvc.exe . . . je infikován!!

c:\windows\system32\msdtc.exe . . . je infikován!!

c:\windows\system32\msiexec.exe . . . je infikován!!

c:\windows\system32\netdde.exe . . . je infikován!!

c:\windows\system32\ntvdm.exe . . . je infikován!!

c:\windows\system32\qprocess.exe . . . je infikován!!

c:\windows\system32\rdpclip.exe . . . je infikován!!

c:\windows\system32\regsvr32.exe . . . je infikován!!

c:\windows\system32\runonce.exe . . . je infikován!!

c:\windows\system32\savedump.exe . . . je infikován!!

c:\windows\system32\scardsvr.exe . . . je infikován!!

c:\windows\system32\sessmgr.exe . . . je infikován!!

c:\windows\system32\sethc.exe . . . je infikován!!

c:\windows\system32\shmgrate.exe . . . je infikován!!

c:\windows\system32\smlogsvc.exe . . . je infikován!!

c:\windows\system32\spider.exe . . . je infikován!!

c:\windows\system32\spnpinst.exe . . . je infikován!!

c:\windows\system32\taskmgr.exe . . . je infikován!!

c:\windows\system32\tourstart.exe . . . je infikován!!

c:\windows\system32\ups.exe . . . je infikován!!

c:\windows\system32\userinit.exe . . . je infikován!!

c:\windows\system32\vssvc.exe . . . je infikován!!

c:\windows\system32\wiaacmgr.exe . . . je infikován!!

c:\windows\system32\wscntfy.exe . . . je infikován!!

c:\windows\system32\oobe\msoobe.exe . . . je infikován!!

c:\windows\system32\Restore\rstrui.exe . . . je infikován!!

c:\windows\system32\usmt\migwiz.exe . . . je infikován!!

c:\windows\system32\wbem\wmiadap.exe . . . je infikován!!

c:\windows\system32\wbem\wmiapsrv.exe . . . je infikován!!

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LANMANWORKSTATIONPLUGPLAY
-------\Legacy_MICROSOFT_AGENT
-------\Legacy_WYEKE_SERVICE
-------\Service_lanmanworkstationPlugPlay
-------\Service_Microsoft Agent
-------\Service_Wyeke Service

((((((((((((((((((((((((( Soubory vytvořené od 2010-05-13 do 2010-06-13 )))))))))))))))))))))))))))))))
.

2010-06-13 16:04 . 2010-06-13 16:05 -------- d-----w- c:\program files\trend micro
2010-06-13 16:04 . 2010-06-13 16:05 -------- d-----w- C:\rsit
2010-06-10 15:17 . 2010-06-10 15:17 -------- d-----w- c:\program files\Reference Assemblies
2010-06-09 20:53 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-04 15:08 . 2010-06-04 15:08 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-05-31 12:37 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-29 17:47 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-05-29 17:41 . 2010-05-29 17:41 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-13 17:03 . 2007-06-21 10:54 16608 ----a-w- c:\windows\gdrv.sys
2010-06-13 16:45 . 2007-06-21 11:05 -------- d-----w- c:\program files\Symantec
2010-06-13 16:43 . 2007-06-21 11:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-10 15:16 . 2004-08-18 12:00 90344 ----a-w- c:\windows\system32\perfc005.dat
2010-06-10 15:16 . 2004-08-18 12:00 455434 ----a-w- c:\windows\system32\perfh005.dat
2010-06-05 08:05 . 2009-02-07 09:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 18:11 . 2009-12-11 18:16 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 18:11 . 2009-12-11 18:16 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-31 12:37 . 2009-02-20 12:21 -------- d-----w- c:\program files\Java
2010-05-06 10:35 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

------- Sigcheck -------

[-] 2009-09-25 . D79F866F2ECDBB2C340BE2C5C944D6A4 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2009-09-25 . D79F866F2ECDBB2C340BE2C5C944D6A4 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2009-09-25 . CA72C34505F6A9CFD006A472EFA4432A . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2009-09-25 . 95CD5231CC44954047338B2060537804 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2009-09-25 . 95CD5231CC44954047338B2060537804 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2009-09-25 . 30793331DACB6C62ED5BF0A293D7A135 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2009-09-25 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2009-09-25 1953792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-26 13529088]
"nwiz"="nwiz.exe" [2009-09-25 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-26 86016]
"GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2009-09-25 236040]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-14 202256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 08:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2009-09-25 20:04 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11.12.2009 20:16 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11.12.2009 20:16 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12.3.2010 10:47 308064]
R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [25.10.2008 13:18 47624]
S2 mwpmqqxitfnayr;mwpmqqxitfnayr;\??\c:\windows\system32\drivers\ltchz.sys --> c:\windows\system32\drivers\ltchz.sys [?]
S2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;"c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [25.10.2008 13:38 93440]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-06-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1180395095-4025279379-689279713-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-06-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1180395095-4025279379-689279713-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-06-13 c:\windows\Tasks\User_Feed_Synchronization-{8D783746-D266-4E5C-8D7A-DA5BAC52774A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 20:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Zobrazit originál
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
FF - ProfilePath - c:\documents and settings\Libor\Data aplikací\Mozilla\Firefox\Profiles\r3h5yy5r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-mIRC - c:\documents and settings\Libor\Data aplikací\Microsoft\Document Building Blocks\1025\Build\index\ctfmon.pif

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-13 19:02
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,51,95,ca,6f,9b,f1,4d,b9,6c,11,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,51,95,ca,6f,9b,f1,4d,b9,6c,11,\

[HKEY_USERS\S-1-5-21-1180395095-4025279379-689279713-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1f,00,b2,cc,50,00,59,4a,50,9f,ee,d0,08,98,d6,cb,89,c2,f9,11,69,81,e8,
d9,2e,dd,f1,e5,b8,fb,23,24,2c,36,d3,b1,6c,57,85,97,05,5d,e2,38,36,57,89,c9,\
"??"=hex:19,ba,59,ea,19,57,ef,1e,db,35,28,3a,74,e6,dd,04
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\adsldpc.dll

- - - - - - - > 'explorer.exe'(2016)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-06-13 19:04:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-13 17:04

Před spuštěním: Volných bajtů: 459 652 136 960
Po spuštění: Volných bajtů: 459 561 099 264

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 07274774255C0B99F6775A8DC4645656

Misel1 · #4 Příspěvek od **Misel1** » 13 čer 2010 18:26

Soubor attrib.exe přijatý 2010.06.13 17:19:31 (UTC)Antivirus Verze Poslední aktualizace Výsledek
a-squared 5.0.0.26 2010.06.13 -
AhnLab-V3 2010.06.13.00 2010.06.12 -
AntiVir 8.2.2.6 2010.06.11 -
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.13 -
Avast 4.8.1351.0 2010.06.13 -
Avast5 5.0.332.0 2010.06.13 -
AVG 9.0.0.787 2010.06.13 -
BitDefender 7.2 2010.06.13 -
CAT-QuickHeal 10.00 2010.06.12 -
ClamAV 0.96.0.3-git 2010.06.13 -
Comodo 5087 2010.06.13 -
DrWeb 5.0.2.03300 2010.06.13 -
eSafe 7.0.17.0 2010.06.13 -
eTrust-Vet 36.1.7629 2010.06.11 -
F-Prot 4.6.0.103 2010.06.13 -
F-Secure 9.0.15370.0 2010.06.13 -
Fortinet 4.1.133.0 2010.06.13 -
GData 21 2010.06.13 -
Ikarus T3.1.1.84.0 2010.06.13 -
Jiangmin 13.0.900 2010.06.13 -
Kaspersky 7.0.0.125 2010.06.13 -
McAfee 5.400.0.1158 2010.06.13 -
McAfee-GW-Edition 2010.1 2010.06.12 -
Microsoft 1.5802 2010.06.13 -
NOD32 5193 2010.06.13 -
Norman 6.04.12 2010.06.13 -
nProtect 2010-06-12.01 2010.06.12 -
Panda 10.0.2.7 2010.06.13 -
PCTools 7.0.3.5 2010.06.13 -
Prevx 3.0 2010.06.13 -
Rising 22.51.06.01 2010.06.13 -
Sophos 4.54.0 2010.06.13 -
Sunbelt 6444 2010.06.13 -
Symantec 20101.1.0.89 2010.06.13 -
TheHacker 6.5.2.0.298 2010.06.12 -
TrendMicro 9.120.0.1004 2010.06.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.13 -
VBA32 3.12.12.5 2010.06.11 -
ViRobot 2010.6.12.3882 2010.06.13 -
VirusBuster 5.0.27.0 2010.06.13 -
-----------------------------------------------------------------------------------------

Soubor userinit.exe přijatý 2010.06.13 17:22:30 (UTC)Antivirus Verze Poslední aktualizace Výsledek
a-squared 5.0.0.26 2010.06.13 -
AhnLab-V3 2010.06.13.00 2010.06.12 -
AntiVir 8.2.2.6 2010.06.11 -
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.13 -
Avast 4.8.1351.0 2010.06.13 -
Avast5 5.0.332.0 2010.06.13 -
AVG 9.0.0.787 2010.06.13 -
BitDefender 7.2 2010.06.13 -
CAT-QuickHeal 10.00 2010.06.12 -
ClamAV 0.96.0.3-git 2010.06.13 -
Comodo 5087 2010.06.13 -
DrWeb 5.0.2.03300 2010.06.13 -
eSafe 7.0.17.0 2010.06.13 -
eTrust-Vet 36.1.7629 2010.06.11 -
F-Prot 4.6.0.103 2010.06.13 -
F-Secure 9.0.15370.0 2010.06.13 -
Fortinet 4.1.133.0 2010.06.13 -
GData 21 2010.06.13 -
Ikarus T3.1.1.84.0 2010.06.13 -
Jiangmin 13.0.900 2010.06.13 -
Kaspersky 7.0.0.125 2010.06.13 -
McAfee 5.400.0.1158 2010.06.13 -
McAfee-GW-Edition 2010.1 2010.06.12 Heuristic.LooksLike.Win32.NewMalware.I
Microsoft 1.5802 2010.06.13 -
NOD32 5193 2010.06.13 -
Norman 6.04.12 2010.06.13 -
nProtect 2010-06-12.01 2010.06.12 -
Panda 10.0.2.7 2010.06.13 -
PCTools 7.0.3.5 2010.06.13 -
Prevx 3.0 2010.06.13 -
Rising 22.51.06.01 2010.06.13 -
Sophos 4.54.0 2010.06.13 -
Sunbelt 6444 2010.06.13 -
Symantec 20101.1.0.89 2010.06.13 -
TheHacker 6.5.2.0.298 2010.06.12 -
TrendMicro 9.120.0.1004 2010.06.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.13 -
VBA32 3.12.12.5 2010.06.11 -
ViRobot 2010.6.12.3882 2010.06.13 -
VirusBuster 5.0.27.0 2010.06.13 -
-----------------------------------------------------------------------------------------

Soubor svchost.exe přijatý 2010.06.13 17:24:39 (UTC)Antivirus Verze Poslední aktualizace Výsledek
a-squared 5.0.0.26 2010.06.13 -
AhnLab-V3 2010.06.13.00 2010.06.12 -
AntiVir 8.2.2.6 2010.06.11 -
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.13 -
Avast 4.8.1351.0 2010.06.13 -
Avast5 5.0.332.0 2010.06.13 -
AVG 9.0.0.787 2010.06.13 -
BitDefender 7.2 2010.06.13 -
CAT-QuickHeal 10.00 2010.06.12 -
ClamAV 0.96.0.3-git 2010.06.13 -
Comodo 5087 2010.06.13 -
DrWeb 5.0.2.03300 2010.06.13 -
eSafe 7.0.17.0 2010.06.13 -
eTrust-Vet 36.1.7629 2010.06.11 -
F-Prot 4.6.0.103 2010.06.13 -
F-Secure 9.0.15370.0 2010.06.13 -
Fortinet 4.1.133.0 2010.06.13 -
GData 21 2010.06.13 -
Ikarus T3.1.1.84.0 2010.06.13 -
Jiangmin 13.0.900 2010.06.13 -
Kaspersky 7.0.0.125 2010.06.13 -
McAfee 5.400.0.1158 2010.06.13 -
McAfee-GW-Edition 2010.1 2010.06.12 -
Microsoft 1.5802 2010.06.13 -
NOD32 5193 2010.06.13 -
Norman 6.04.12 2010.06.13 -
nProtect 2010-06-12.01 2010.06.12 -
Panda 10.0.2.7 2010.06.13 -
PCTools 7.0.3.5 2010.06.13 -
Prevx 3.0 2010.06.13 -
Rising 22.51.06.01 2010.06.13 -
Sophos 4.54.0 2010.06.13 -
Sunbelt 6444 2010.06.13 -
Symantec 20101.1.0.89 2010.06.13 -
TheHacker 6.5.2.0.298 2010.06.12 -
TrendMicro 9.120.0.1004 2010.06.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.13 -
VBA32 3.12.12.5 2010.06.11 -
ViRobot 2010.6.12.3882 2010.06.13 -
VirusBuster 5.0.27.0 2010.06.13 -

Misel1 · #5 Příspěvek od **Misel1** » 13 čer 2010 18:41

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-13 19:34:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd5007bd]
"001f5cef140e"=hex:c6,3f,27,27,cf,9c,83,d2,07,1c,09,57,d3,09,b0,76
"001e3a0e01ee"=hex:03,51,08,6c,d3,79,ae,6b,32,b7,6c,8b,5c,8e,21,5c
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd5007bd]
"001f5cef140e"=hex:c6,3f,27,27,cf,9c,83,d2,07,1c,09,57,d3,09,b0,76
"001e3a0e01ee"=hex:03,51,08,6c,d3,79,ae,6b,32,b7,6c,8b,5c,8e,21,5c

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000c1
"TracesSuccessful"=dword:00000096

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

http://www.uschovna.cz/vyzvednout1.php/ ... 79f3106745

Misel1 · #6 Příspěvek od **Misel1** » 13 čer 2010 19:15

ComboFix 10-06-12.04 - Libor 13.06.2010 19:59:29.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3582.3056 [GMT 2:00]
Spuštěný z: c:\documents and settings\Libor\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\accwiz.exe . . . je infikován!!

c:\windows\system32\attrib.exe . . . je infikován!!

c:\windows\system32\cisvc.exe . . . je infikován!!

c:\windows\system32\cleanmgr.exe . . . je infikován!!

c:\windows\system32\clipsrv.exe . . . je infikován!!

c:\windows\system32\cmd.exe . . . je infikován!!

c:\windows\system32\defrag.exe . . . je infikován!!

c:\windows\system32\dfrgntfs.exe . . . je infikován!!

c:\windows\system32\dllhost.exe . . . je infikován!!

c:\windows\system32\dmadmin.exe . . . je infikován!!

c:\windows\system32\dpnsvr.exe . . . je infikován!!

c:\windows\system32\dumprep.exe . . . je infikován!!

c:\windows\system32\dwwin.exe . . . je infikován!!

c:\windows\system32\grpconv.exe . . . je infikován!!

c:\windows\system32\iexpress.exe . . . je infikován!!

c:\windows\system32\imapi.exe . . . je infikován!!

c:\windows\system32\locator.exe . . . je infikován!!

c:\windows\system32\logonui.exe . . . je infikován!!

c:\windows\system32\mmc.exe . . . je infikován!!

c:\windows\system32\mnmsrvc.exe . . . je infikován!!

c:\windows\system32\msdtc.exe . . . je infikován!!

c:\windows\system32\msiexec.exe . . . je infikován!!

c:\windows\system32\netdde.exe . . . je infikován!!

c:\windows\system32\ntvdm.exe . . . je infikován!!

c:\windows\system32\qprocess.exe . . . je infikován!!

c:\windows\system32\rdpclip.exe . . . je infikován!!

c:\windows\system32\regsvr32.exe . . . je infikován!!

c:\windows\system32\runonce.exe . . . je infikován!!

c:\windows\system32\savedump.exe . . . je infikován!!

c:\windows\system32\scardsvr.exe . . . je infikován!!

c:\windows\system32\sessmgr.exe . . . je infikován!!

c:\windows\system32\sethc.exe . . . je infikován!!

c:\windows\system32\shmgrate.exe . . . je infikován!!

c:\windows\system32\smlogsvc.exe . . . je infikován!!

c:\windows\system32\spider.exe . . . je infikován!!

c:\windows\system32\spnpinst.exe . . . je infikován!!

c:\windows\system32\taskmgr.exe . . . je infikován!!

c:\windows\system32\tourstart.exe . . . je infikován!!

c:\windows\system32\ups.exe . . . je infikován!!

c:\windows\system32\userinit.exe . . . je infikován!!

c:\windows\system32\vssvc.exe . . . je infikován!!

c:\windows\system32\wiaacmgr.exe . . . je infikován!!

c:\windows\system32\wscntfy.exe . . . je infikován!!

c:\windows\system32\oobe\msoobe.exe . . . je infikován!!

c:\windows\system32\Restore\rstrui.exe . . . je infikován!!

c:\windows\system32\usmt\migwiz.exe . . . je infikován!!

c:\windows\system32\wbem\wmiadap.exe . . . je infikován!!

c:\windows\system32\wbem\wmiapsrv.exe . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-13 do 2010-06-13 )))))))))))))))))))))))))))))))
.

2010-06-13 16:04 . 2010-06-13 16:05 -------- d-----w- c:\program files\trend micro
2010-06-13 16:04 . 2010-06-13 16:05 -------- d-----w- C:\rsit
2010-06-10 15:17 . 2010-06-10 15:17 -------- d-----w- c:\program files\Reference Assemblies
2010-06-09 20:53 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-04 15:08 . 2010-06-04 15:08 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-05-31 12:37 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-29 17:47 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-05-29 17:41 . 2010-05-29 17:41 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-13 18:10 . 2007-06-21 10:54 16608 ----a-w- c:\windows\gdrv.sys
2010-06-13 16:45 . 2007-06-21 11:05 -------- d-----w- c:\program files\Symantec
2010-06-13 16:43 . 2007-06-21 11:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-10 15:16 . 2004-08-18 12:00 90344 ----a-w- c:\windows\system32\perfc005.dat
2010-06-10 15:16 . 2004-08-18 12:00 455434 ----a-w- c:\windows\system32\perfh005.dat
2010-06-05 08:05 . 2009-02-07 09:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 18:11 . 2009-12-11 18:16 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 18:11 . 2009-12-11 18:16 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-31 12:37 . 2009-02-20 12:21 -------- d-----w- c:\program files\Java
2010-05-06 10:35 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

------- Sigcheck -------

[-] 2009-09-25 . D79F866F2ECDBB2C340BE2C5C944D6A4 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2009-09-25 . D79F866F2ECDBB2C340BE2C5C944D6A4 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2009-09-25 . CA72C34505F6A9CFD006A472EFA4432A . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2009-09-25 . 95CD5231CC44954047338B2060537804 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2009-09-25 . 95CD5231CC44954047338B2060537804 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2009-09-25 . 30793331DACB6C62ED5BF0A293D7A135 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-06-13_17.02.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-13 17:57 . 2010-06-13 17:57 16384 c:\windows\Temp\Perflib_Perfdata_520.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2009-09-25 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2009-09-25 1953792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-26 13529088]
"nwiz"="nwiz.exe" [2009-09-25 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-26 86016]
"GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2009-09-25 236040]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-14 202256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 08:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2009-09-25 20:04 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11.12.2009 20:16 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11.12.2009 20:16 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12.3.2010 10:47 308064]
R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [25.10.2008 13:18 47624]
S2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;"c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [25.10.2008 13:38 93440]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-06-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1180395095-4025279379-689279713-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-06-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1180395095-4025279379-689279713-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-06-13 c:\windows\Tasks\User_Feed_Synchronization-{8D783746-D266-4E5C-8D7A-DA5BAC52774A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 20:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Zobrazit originál
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
FF - ProfilePath - c:\documents and settings\Libor\Data aplikací\Mozilla\Firefox\Profiles\r3h5yy5r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-13 20:10
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,51,95,ca,6f,9b,f1,4d,b9,6c,11,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,51,95,ca,6f,9b,f1,4d,b9,6c,11,\

[HKEY_USERS\S-1-5-21-1180395095-4025279379-689279713-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1f,00,b2,cc,50,00,59,4a,50,9f,ee,d0,08,98,d6,cb,89,c2,f9,11,69,81,e8,
d9,2e,dd,f1,e5,b8,fb,23,24,2c,36,d3,b1,6c,57,85,97,05,5d,e2,38,36,57,89,c9,\
"??"=hex:19,ba,59,ea,19,57,ef,1e,db,35,28,3a,74,e6,dd,04
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1992)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-06-13 20:11:36
ComboFix-quarantined-files.txt 2010-06-13 18:11
ComboFix2.txt 2010-06-13 17:04

Před spuštěním: Volných bajtů: 459 521 789 952
Po spuštění: Volných bajtů: 459 507 687 424

- - End Of File - - 1636B5A6CB030EB11C07179544879E41

Misel1 · #7 Příspěvek od **Misel1** » 13 čer 2010 19:35

OTL logfile created on: 13.6.2010 20:29:28 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Libor\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 83,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 427,97 Gb Free Space | 91,89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: Libor
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.06.13 20:27:53 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Libor\Plocha\OTL.exe
PRC - [2010.06.02 20:11:48 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010.06.02 20:11:47 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010.06.02 20:11:47 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010.06.02 20:11:45 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010.06.02 20:11:44 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010.03.14 15:48:18 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.03.12 10:47:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.14 11:46:28 | 000,047,624 | ---- | M] () -- C:\Program Files\GIGABYTE\GEST\GSvr.exe

========== Modules (SafeList) ==========

MOD - [2010.06.13 20:27:53 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Libor\Plocha\OTL.exe
MOD - [2008.06.26 03:57:00 | 001,486,848 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2008.06.26 03:57:00 | 000,286,720 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwrscs.dll
MOD - [2008.06.26 03:57:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2008.04.14 05:19:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Plánovač automatické aktualizace LiveUpdate)
SRV - [2010.03.12 10:47:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009.09.25 22:04:41 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2009.09.17 11:33:26 | 000,651,776 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.12.14 11:46:28 | 000,047,624 | ---- | M] () [On_Demand | Running] -- C:\Program Files\GIGABYTE\GEST\GSvr.exe -- (GEST Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010.06.13 20:29:30 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010.06.02 20:11:47 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.06.02 20:11:47 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010.03.12 10:46:53 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.06.26 03:57:00 | 006,555,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008.06.06 10:24:44 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.05.07 08:38:36 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008.05.07 08:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.05.07 08:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.02.14 11:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.01.03 16:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007.10.11 11:10:52 | 000,030,008 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ET5Drv.sys -- (ET5Drv)
DRV - [2007.02.16 04:27:10 | 000,044,928 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006.10.23 03:36:38 | 000,093,440 | R--- | M] (AnyDATA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adusbser.sys -- (adusbser)
DRV - [2006.02.07 13:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005.03.03 19:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.02.23 17:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.12.03 12:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1180395095-4025279379-689279713-1007\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultScope = {A3B1A68E-51A6-4355-BBD8-4F9F33248A0A}
IE - HKU\S-1-5-21-1180395095-4025279379-689279713-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1180395095-4025279379-689279713-1007\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1180395095-4025279379-689279713-1007\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1180395095-4025279379-689279713-1007\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1180395095-4025279379-689279713-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.14 15:49:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.13 18:04:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.13 18:03:55 | 000,000,000 | ---D | M]

[2010.06.13 18:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Mozilla\Extensions
[2010.06.13 18:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Mozilla\Firefox\Profiles\r3h5yy5r.default\extensions
[2010.06.13 18:09:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Libor\Data aplikací\Mozilla\Firefox\Profiles\r3h5yy5r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.13 18:30:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Libor\Data aplikací\Mozilla\Firefox\Profiles\r3h5yy5r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.13 18:03:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.01 18:51:34 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.04.01 18:51:34 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.04.01 18:51:34 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.04.01 18:51:34 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.04.01 18:51:34 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.06.13 19:02:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1180395095-4025279379-689279713-1007\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\run.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1180395095-4025279379-689279713-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1180395095-4025279379-689279713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1180395095-4025279379-689279713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1180395095-4025279379-689279713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1180395095-4025279379-689279713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKLM\..Trusted Domains: mojebanka.cz ([*] https in Trusted sites)
O15 - HKU\S-1-5-21-1180395095-4025279379-689279713-1007\..Trusted Domains: mojebanka.cz ([*] https in Trusted sites)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://217.126.235.138:8888/activex/AMC.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.23.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Libor\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Libor\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.06.21 12:46:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007.06.21 14:35:01 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745600305496064)

========== Files/Folders - Created Within 7 Days ==========

[2010.06.13 20:27:50 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Libor\Plocha\OTL.exe
[2010.06.13 18:49:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.06.13 18:47:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.13 18:47:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.13 18:47:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.13 18:47:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.06.13 18:47:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.13 18:46:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.13 18:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.06.13 18:04:53 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.13 18:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.06.13 17:59:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.06.10 17:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010.06.09 22:53:18 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.06.13 20:30:58 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010.06.13 20:28:57 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1180395095-4025279379-689279713-1007.job
[2010.06.13 20:28:57 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1180395095-4025279379-689279713-1007.job
[2010.06.13 20:27:53 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Libor\Plocha\OTL.exe
[2010.06.13 20:11:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.13 20:10:32 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.13 19:57:45 | 000,184,557 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.06.13 19:57:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.13 19:56:34 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\Libor\ntuser.dat
[2010.06.13 19:56:34 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Libor\ntuser.ini
[2010.06.13 19:56:29 | 025,562,198 | -H-- | M] () -- C:\Documents and Settings\Libor\Local Settings\Data aplikací\IconCache.db
[2010.06.13 19:37:51 | 000,134,544 | ---- | M] () -- C:\Documents and Settings\Libor\Plocha\catchme.zip
[2010.06.13 19:34:37 | 000,147,456 | ---- | M] () -- C:\Documents and Settings\Libor\Plocha\catchme.exe
[2010.06.13 19:18:23 | 018,499,623 | ---- | M] () -- C:\Documents and Settings\Libor\Plocha\vlc-1.0.5-win32.exe
[2010.06.13 19:02:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.13 18:49:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.06.13 18:42:47 | 003,707,414 | R--- | M] () -- C:\Documents and Settings\Libor\Plocha\ComboFix.exe
[2010.06.13 18:03:57 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2010.06.13 18:03:02 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\Libor\Plocha\RSIT.exe
[2010.06.13 18:01:00 | 000,000,638 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.13 18:01:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.06.13 15:29:43 | 000,000,466 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8D783746-D266-4E5C-8D7A-DA5BAC52774A}.job
[2010.06.13 15:28:49 | 061,003,847 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.06.13 15:24:57 | 000,012,648 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.12 11:02:44 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Libor\Plocha\Přehled jízd 2010.xls
[2010.06.10 17:16:46 | 001,056,122 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.10 17:16:46 | 000,458,984 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.10 17:16:46 | 000,455,434 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.06.10 17:16:46 | 000,090,344 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.06.10 17:16:46 | 000,077,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.10 13:39:06 | 000,287,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.06.13 19:37:46 | 000,134,544 | ---- | C] () -- C:\Documents and Settings\Libor\Plocha\catchme.zip
[2010.06.13 19:34:37 | 000,147,456 | ---- | C] () -- C:\Documents and Settings\Libor\Plocha\catchme.exe
[2010.06.13 19:17:37 | 018,499,623 | ---- | C] () -- C:\Documents and Settings\Libor\Plocha\vlc-1.0.5-win32.exe
[2010.06.13 18:49:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.06.13 18:49:13 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.06.13 18:47:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.13 18:47:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.13 18:47:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.13 18:47:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.06.13 18:47:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.13 18:42:38 | 003,707,414 | R--- | C] () -- C:\Documents and Settings\Libor\Plocha\ComboFix.exe
[2010.06.13 18:03:57 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2010.06.13 18:03:02 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\Libor\Plocha\RSIT.exe
[2009.12.27 16:12:59 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.11.13 22:44:37 | 000,000,400 | ---- | C] () -- C:\WINDOWS\level.ini
[2009.10.14 16:34:12 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.08.25 14:37:50 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.05.15 07:56:09 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.03.14 19:31:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009.03.14 19:31:59 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009.03.10 15:51:58 | 000,000,270 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.03.07 14:19:55 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009.01.03 13:05:43 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.06.26 03:57:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.06.26 03:57:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.06.26 03:57:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.06.26 03:57:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.06.26 03:57:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007.06.21 14:24:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

========== LOP Check ==========

[2010.04.02 13:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
[2009.12.13 02:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2009.07.20 09:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.02.17 22:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2010.02.04 16:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IObit
[2008.11.09 14:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Nokia
[2009.07.21 18:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\NokiaMusic
[2008.10.29 15:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.01.11 15:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\RegCure
[2010.01.04 15:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Stardock
[2010.02.22 16:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Temp
[2008.12.30 13:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Vso
[2007.06.21 13:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2008.11.07 20:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Canneverbe_Limited
[2009.03.11 15:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Happy Foto
[2008.11.10 20:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\ICQ
[2010.02.14 15:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\IObit
[2010.01.05 14:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Nokia
[2009.02.19 23:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\OpenOffice.org
[2009.10.19 18:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Opera
[2009.11.26 18:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\PC Suite
[2009.12.07 21:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Saxo Bank
[2009.10.25 19:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\vghd
[2008.12.30 13:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Vso
[2009.02.07 12:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Windows Search
[2010.06.13 15:29:43 | 000,000,466 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8D783746-D266-4E5C-8D7A-DA5BAC52774A}.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< c:\windows\*.* /U >
[5 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2009.09.25 22:01:50 | 001,102,801 | ---- | M] (instyler installation software) -- C:\syfrt.exe
[2009.09.25 22:01:50 | 001,102,801 | ---- | M] (instyler installation software) -- C:\sysnb.exe
[2009.09.25 22:01:50 | 001,102,801 | ---- | M] (instyler installation software) -- C:\systb.exe
[2009.09.13 14:15:46 | 000,007,309 | ---- | M] () -- C:\syts.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008.10.29 17:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Adobe
[2009.08.06 21:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\AdobeUM
[2008.11.07 20:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Canneverbe_Limited
[2010.02.22 16:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\CyberLink
[2009.01.18 10:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\DivX
[2009.03.11 15:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Happy Foto
[2009.08.22 09:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Help
[2009.03.04 09:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Hewlett-Packard
[2008.11.10 20:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\ICQ
[2008.10.25 12:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Identities
[2009.07.01 15:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\InstallShield
[2010.02.14 15:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\IObit
[2008.10.25 13:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Macromedia
[2009.01.18 10:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Media Player Classic
[2010.04.09 18:26:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Libor\Data aplikací\Microsoft
[2010.06.13 18:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Mozilla
[2010.01.05 14:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Nokia
[2009.02.19 23:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\OpenOffice.org
[2009.02.19 23:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\OpenOffice.org2
[2009.10.19 18:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Opera
[2009.11.26 18:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\PC Suite
[2010.03.14 15:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Real
[2009.12.07 21:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Saxo Bank
[2009.02.16 14:58:59 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Libor\Data aplikací\SecuROM
[2010.02.12 18:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\skypePM
[2008.11.23 20:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Sun
[2008.10.25 13:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Talkback
[2009.10.25 19:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\vghd
[2009.02.15 13:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\vlc
[2008.12.30 13:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Vso
[2009.02.07 12:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\Windows Search
[2009.02.24 19:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Libor\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2009.09.25 22:02:14 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Libor\Data aplikací\inst.exe
[2007.09.05 22:02:02 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Libor\Data aplikací\Microsoft\Document Building Blocks\1025\Build\index\ctcr.exe
[2007.09.05 22:02:02 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\Libor\Data aplikací\Microsoft\Document Building Blocks\1025\Build\index\hasc.exe

< MD5 for: AGP440.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.10.29 14:05:07 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.10.29 14:05:07 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.10.29 14:05:07 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.10.29 14:05:07 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.18 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0022\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe
[2004.08.18 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.10.29 14:05:07 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.10.29 14:05:07 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.18 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2009.09.25 22:03:57 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=5E768288054E16C08095BA4590A63D34 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2009.09.25 22:04:28 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=EA11B5CF918D3AB7576BD988401E1B79 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.10.29 14:05:07 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.10.29 14:05:07 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.18 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.10.29 14:05:07 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.10.29 14:05:07 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.10.29 14:05:07 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.10.29 14:05:07 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.24 11:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2004.08.18 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.09.25 22:04:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=18EE15B8209BF73796FFB4DCDF0BB46D -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2009.09.25 22:03:57 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=6FAB825AAB08A57F1902C3D519F2C829 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.18 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.18 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.18 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.09.25 22:04:37 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=0C61C187925C6C243D05E9C4661DD444 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2009.09.25 22:03:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=D066A89E3E52BCA321EC98A6E64CB5D4 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.18 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.09.25 22:03:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=CA72C34505F6A9CFD006A472EFA4432A -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2009.09.25 22:04:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=D79F866F2ECDBB2C340BE2C5C944D6A4 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2009.09.25 22:04:45 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=D79F866F2ECDBB2C340BE2C5C944D6A4 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.09.25 22:03:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=7CFDC30390E1D5C4E3139FC1E9DDD2C9 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2009.09.25 22:04:38 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=7EFB06B5CC7CCA1D0098279B07D41409 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.18 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2007.06.21 14:38:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007.06.21 14:38:40 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007.06.21 14:38:40 | 000,479,232 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0

< %systemroot%\system32\drivers\*.sys /3 >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\system32\*.* /3 >
[2010.06.13 19:57:45 | 000,184,557 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[2010.06.13 15:24:57 | 000,012,648 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

P.S. Kartu jsem zadnou nevlozil

Misel1 · #8 Příspěvek od **Misel1** » 13 čer 2010 19:54

syts.exe přijatý 2010.06.13 18:52:45 (UTC)Antivirus Verze Poslední aktualizace Výsledek
a-squared 5.0.0.26 2010.06.13 -
AhnLab-V3 2010.06.13.00 2010.06.12 -
AntiVir 8.2.2.6 2010.06.11 -
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.13 -
Avast 4.8.1351.0 2010.06.13 -
Avast5 5.0.332.0 2010.06.13 -
AVG 9.0.0.787 2010.06.13 -
BitDefender 7.2 2010.06.13 -
CAT-QuickHeal 10.00 2010.06.12 -
ClamAV 0.96.0.3-git 2010.06.13 -
Comodo 5088 2010.06.13 -
DrWeb 5.0.2.03300 2010.06.13 -
eSafe 7.0.17.0 2010.06.13 -
eTrust-Vet 36.1.7629 2010.06.11 -
F-Prot 4.6.0.103 2010.06.13 -
F-Secure 9.0.15370.0 2010.06.13 -
Fortinet 4.1.133.0 2010.06.13 -
GData 21 2010.06.13 -
Ikarus T3.1.1.84.0 2010.06.13 -
Jiangmin 13.0.900 2010.06.13 -
Kaspersky 7.0.0.125 2010.06.13 -
McAfee 5.400.0.1158 2010.06.13 -
McAfee-GW-Edition 2010.1 2010.06.13 -
Microsoft 1.5802 2010.06.13 -
NOD32 5193 2010.06.13 -
Norman 6.04.12 2010.06.13 -
nProtect 2010-06-12.01 2010.06.12 -
Panda 10.0.2.7 2010.06.13 -
PCTools 7.0.3.5 2010.06.13 -
Prevx 3.0 2010.06.13 -
Rising 22.51.06.01 2010.06.13 -
Sophos 4.54.0 2010.06.13 -
Sunbelt 6444 2010.06.13 -
Symantec 20101.1.0.89 2010.06.13 -
TheHacker 6.5.2.0.298 2010.06.12 -
TrendMicro 9.120.0.1004 2010.06.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.13 -
VBA32 3.12.12.5 2010.06.11 -
ViRobot 2010.6.12.3882 2010.06.13 -
VirusBuster 5.0.27.0 2010.06.13 -

Misel1 · #9 Příspěvek od **Misel1** » 13 čer 2010 19:59

http://www.uschovna.cz/vyzvednout1.php/ ... a054b16470

Misel1 · #10 Příspěvek od **Misel1** » 13 čer 2010 20:24

mam pouze jeden typ karty (fotak) ostatni stejne nepouzivam

OTL logfile created on: 13.6.2010 21:22:11 - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Libor\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 82,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 427,94 Gb Free Space | 91,88% Space Free | Partition Type: NTFS
Drive D: | 702,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 241,13 Mb Total Space | 239,50 Mb Free Space | 99,33% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: Libor
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Custom Scans ==========

< C:\*.exe >

< D:\*.exe >

< E:\*.exe >

< F:\*.exe >

< G:\*.exe >

< H:\*.exe >

< CH:\*.exe >

< I:\*.exe >

< J:\*.exe >

< K:\*.exe >

< L:\*.exe >

< M:\*.exe >

< N:\*.exe >

< O:\*.exe >

< P:\*.exe >

< Q:\*.exe >

< R:\*.exe >

< S:\*.exe >

< T:\*.exe >

< U:\*.exe >

< V:\*.exe >

< Z:\*.exe >

< X:\*.exe >

< Y:\*.exe >

< MD5 for: ACCWIZ.EXE >
[2009.09.25 22:04:24 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=3F88FF5FE7D38E0204043FD228C2253B -- C:\WINDOWS\ServicePackFiles\i386\accwiz.exe
[2009.09.25 22:04:40 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=3F88FF5FE7D38E0204043FD228C2253B -- C:\WINDOWS\system32\accwiz.exe
[2009.09.25 22:03:57 | 000,185,344 | ---- | M] (Microsoft Corporation) MD5=92FE4AC5046D300FBECA2C8A182D9356 -- C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe

< MD5 for: ATTRIB.EXE >
[2009.09.25 22:03:57 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=CEC756AADEBB71D8D023BDED74D4B20D -- C:\WINDOWS\$NtServicePackUninstall$\attrib.exe
[2009.09.25 22:04:24 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=F86480D70F6F03E9A1D92A418C4B5215 -- C:\WINDOWS\ServicePackFiles\i386\attrib.exe
[2009.09.25 22:04:40 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=F86480D70F6F03E9A1D92A418C4B5215 -- C:\WINDOWS\system32\attrib.exe

< MD5 for: CISVC.EXE >
[2009.09.25 22:04:25 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=2C34189B68DCD1E9B16A237D41739C66 -- C:\WINDOWS\ServicePackFiles\i386\cisvc.exe
[2009.09.25 22:04:40 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=2C34189B68DCD1E9B16A237D41739C66 -- C:\WINDOWS\system32\cisvc.exe
[2009.09.25 22:03:57 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=A1D3C2293DE71587A0E846193A0C44C9 -- C:\WINDOWS\$NtServicePackUninstall$\cisvc.exe

< MD5 for: CLEANMGR.EXE >
[2009.09.25 22:03:57 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=5A647EBDA91DB4AEFFE1E65039B232BE -- C:\WINDOWS\$NtServicePackUninstall$\cleanmgr.exe
[2009.09.25 22:04:25 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=B1BE5D177E42C7092D3B9FBECC66FB30 -- C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe
[2009.09.25 22:04:40 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=B1BE5D177E42C7092D3B9FBECC66FB30 -- C:\WINDOWS\system32\cleanmgr.exe

< MD5 for: CLIPSRV.EXE >
[2009.09.25 22:03:57 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=5124BBB8927B2CD46D5B883AFBA951EE -- C:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe
[2009.09.25 22:04:26 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=DBDDEFE31F8318B753AE38E888E9F94E -- C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe
[2009.09.25 22:04:40 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=DBDDEFE31F8318B753AE38E888E9F94E -- C:\WINDOWS\system32\clipsrv.exe

< MD5 for: CMD.EXE >
[2009.09.25 22:03:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=2C795829171890A20DD3AAB66DFF84E1 -- C:\WINDOWS\$NtServicePackUninstall$\cmd.exe
[2009.09.25 22:04:26 | 000,390,144 | ---- | M] (Microsoft Corporation) MD5=CAD1565AE65FEC36C6C9E61F39710404 -- C:\WINDOWS\ServicePackFiles\i386\cmd.exe
[2009.09.25 22:04:40 | 000,390,144 | ---- | M] (Microsoft Corporation) MD5=CAD1565AE65FEC36C6C9E61F39710404 -- C:\WINDOWS\system32\cmd.exe

< MD5 for: DEFRAG.EXE >
[2009.09.25 22:04:26 | 000,025,088 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) MD5=4728CE78E31CDC89384A5F7C677C1906 -- C:\WINDOWS\ServicePackFiles\i386\defrag.exe
[2009.09.25 22:04:40 | 000,025,088 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) MD5=4728CE78E31CDC89384A5F7C677C1906 -- C:\WINDOWS\system32\defrag.exe
[2009.09.25 22:03:57 | 000,025,088 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) MD5=D6C9FE7441CFE2D2FD704D454D8CFB7A -- C:\WINDOWS\$NtServicePackUninstall$\defrag.exe

< MD5 for: DFRGNTFS.EXE >
[2009.09.25 22:04:26 | 000,105,472 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) MD5=58015115B213A3610CBD96EF5C1E4ECD -- C:\WINDOWS\ServicePackFiles\i386\dfrgntfs.exe
[2009.09.25 22:04:40 | 000,105,472 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) MD5=58015115B213A3610CBD96EF5C1E4ECD -- C:\WINDOWS\system32\dfrgntfs.exe
[2009.09.25 22:03:57 | 000,104,960 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) MD5=EC97DC0739F298681555F61766AE78D9 -- C:\WINDOWS\$NtServicePackUninstall$\dfrgntfs.exe

< MD5 for: DLLHOST.EXE >
[2009.09.25 22:04:27 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=6E6ED96A2EB7FDAB7436BCCFA0125978 -- C:\WINDOWS\ServicePackFiles\i386\dllhost.exe
[2009.09.25 22:04:41 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=6E6ED96A2EB7FDAB7436BCCFA0125978 -- C:\WINDOWS\system32\dllhost.exe
[2009.09.25 22:03:57 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=EA8ED2FEF920E35A8AC00D93F1E2A1B4 -- C:\WINDOWS\$NtServicePackUninstall$\dllhost.exe

< MD5 for: DMADMIN.EXE >
[2009.09.25 22:04:27 | 000,225,280 | ---- | M] (Microsoft Corp., Veritas Software) MD5=4A04E3E34CA1C20C11C4D10AD049AD25 -- C:\WINDOWS\ServicePackFiles\i386\dmadmin.exe
[2009.09.25 22:04:41 | 000,225,280 | ---- | M] (Microsoft Corp., Veritas Software) MD5=4A04E3E34CA1C20C11C4D10AD049AD25 -- C:\WINDOWS\system32\dmadmin.exe
[2009.09.25 22:03:57 | 000,225,280 | ---- | M] (Microsoft Corp., Veritas Software) MD5=64B4E0BE7FB7DC3C70D6B9FE5AFDCB86 -- C:\WINDOWS\$NtServicePackUninstall$\dmadmin.exe

< MD5 for: DPNSVR.EXE >
[2009.09.25 22:04:27 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=7788E2891EF3B4713A45A0E9B221925B -- C:\WINDOWS\ServicePackFiles\i386\dpnsvr.exe
[2009.09.25 22:04:41 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=7788E2891EF3B4713A45A0E9B221925B -- C:\WINDOWS\system32\dpnsvr.exe
[2009.09.25 22:03:57 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=C739A5610C0BD555FFBA909FEEE9AB81 -- C:\WINDOWS\$NtServicePackUninstall$\dpnsvr.exe

< MD5 for: DUMPREP.EXE >
[2009.09.25 22:03:57 | 000,010,752 | ---- | M] (Microsoft Corporation) MD5=77E755B3BE710B0CF41B40A208BA26DF -- C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe
[2009.09.25 22:04:27 | 000,010,752 | ---- | M] (Microsoft Corporation) MD5=959B5BE65AAED988BE7B96D77C2EB9BA -- C:\WINDOWS\ServicePackFiles\i386\dumprep.exe
[2009.09.25 22:04:41 | 000,010,752 | ---- | M] (Microsoft Corporation) MD5=959B5BE65AAED988BE7B96D77C2EB9BA -- C:\WINDOWS\system32\dumprep.exe

< MD5 for: DWWIN.EXE >
[2009.09.25 22:04:27 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=E70FC458E0C6526F568EC12A7118A0F6 -- C:\WINDOWS\ServicePackFiles\i386\dwwin.exe
[2009.09.25 22:04:41 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=E70FC458E0C6526F568EC12A7118A0F6 -- C:\WINDOWS\system32\dwwin.exe
[2009.09.25 22:03:57 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=EB03867150F86144011CD8B76FED4A32 -- C:\WINDOWS\$NtServicePackUninstall$\dwwin.exe

< MD5 for: GRPCONV.EXE >
[2009.09.25 22:03:57 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=59E14029E0B01B25122834CA16E2F0DF -- C:\WINDOWS\$NtServicePackUninstall$\grpconv.exe
[2009.09.25 22:04:29 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=9F8B48CCCE80DBB7FDC28B97E62C46E9 -- C:\WINDOWS\ServicePackFiles\i386\grpconv.exe
[2009.09.25 22:04:41 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=9F8B48CCCE80DBB7FDC28B97E62C46E9 -- C:\WINDOWS\system32\grpconv.exe

< MD5 for: IEXPRESS.EXE >
[2009.09.25 22:04:29 | 000,114,688 | ---- | M] (Microsoft Corporation) MD5=5F754B9DA2DCBCBE9F4D99CF5AF6E803 -- C:\WINDOWS\ServicePackFiles\i386\iexpress.exe
[2009.09.25 22:04:42 | 000,114,688 | ---- | M] (Microsoft Corporation) MD5=5F754B9DA2DCBCBE9F4D99CF5AF6E803 -- C:\WINDOWS\system32\iexpress.exe
[2009.09.25 22:03:57 | 000,114,688 | ---- | M] (Microsoft Corporation) MD5=BB9924928E6089882D476E016FB86917 -- C:\WINDOWS\$NtServicePackUninstall$\iexpress.exe

< MD5 for: IMAPI.EXE >
[2009.09.25 22:03:57 | 000,150,016 | ---- | M] (Microsoft Corporation) MD5=435018496B5A3A4B5950C7247DCCADC1 -- C:\WINDOWS\$NtServicePackUninstall$\imapi.exe
[2009.09.25 22:04:29 | 000,150,528 | ---- | M] (Microsoft Corporation) MD5=D0F6B82283BE4B170AA9F41A5BB8E6DE -- C:\WINDOWS\ServicePackFiles\i386\imapi.exe
[2009.09.25 22:04:42 | 000,150,528 | ---- | M] (Microsoft Corporation) MD5=D0F6B82283BE4B170AA9F41A5BB8E6DE -- C:\WINDOWS\system32\imapi.exe

< MD5 for: LOCATOR.EXE >
[2009.09.25 22:04:30 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=B75FB4C96D1A9E70B2B63D3864364C71 -- C:\WINDOWS\ServicePackFiles\i386\locator.exe
[2009.09.25 22:04:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=B75FB4C96D1A9E70B2B63D3864364C71 -- C:\WINDOWS\system32\locator.exe
[2009.09.25 22:03:57 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=E183A59956E84B1A7B452FD14F311B29 -- C:\WINDOWS\$NtServicePackUninstall$\locator.exe

< MD5 for: LOGONUI.EXE >
[2009.09.25 22:04:30 | 000,515,072 | ---- | M] (Microsoft Corporation) MD5=7C8B7DCFD589750F26BC6F99DF37369B -- C:\WINDOWS\ServicePackFiles\i386\logonui.exe
[2009.09.25 22:04:42 | 000,515,072 | ---- | M] (Microsoft Corporation) MD5=7C8B7DCFD589750F26BC6F99DF37369B -- C:\WINDOWS\system32\logonui.exe
[2009.09.25 22:03:57 | 000,515,072 | ---- | M] (Microsoft Corporation) MD5=E4AC1C722C3182325BCD4BAFE80C18E6 -- C:\WINDOWS\$NtServicePackUninstall$\logonui.exe

< MD5 for: MIGWIZ.EXE >
[2009.09.25 22:03:57 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=C8A15D7C7142FDD0EB29AB88E8F438E8 -- C:\WINDOWS\$NtServicePackUninstall$\migwiz.exe
[2009.09.25 22:04:30 | 000,244,736 | ---- | M] (Microsoft Corporation) MD5=D99AE14EF73F2EDFFA63877067666BEC -- C:\WINDOWS\ServicePackFiles\i386\migwiz.exe
[2009.09.25 22:04:48 | 000,244,736 | ---- | M] (Microsoft Corporation) MD5=D99AE14EF73F2EDFFA63877067666BEC -- C:\WINDOWS\system32\usmt\migwiz.exe

< MD5 for: MMC.EXE >
[2009.09.25 22:04:31 | 001,415,168 | ---- | M] (Microsoft Corporation) MD5=26B3D536A4562651204F7A05D21A8C9A -- C:\WINDOWS\ServicePackFiles\i386\mmc.exe
[2009.09.25 22:04:42 | 001,415,168 | ---- | M] (Microsoft Corporation) MD5=26B3D536A4562651204F7A05D21A8C9A -- C:\WINDOWS\system32\mmc.exe
[2009.09.25 22:03:57 | 000,815,616 | ---- | M] (Microsoft Corporation) MD5=5AF4BF82278F6F56A57DAB386149B8B7 -- C:\WINDOWS\$NtServicePackUninstall$\mmc.exe

< MD5 for: MNMSRVC.EXE >
[2009.09.25 22:03:57 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=62A1551CB8BA2A3E54C17AA71E091D28 -- C:\WINDOWS\$NtServicePackUninstall$\mnmsrvc.exe
[2009.09.25 22:04:31 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=A566673F6166F994FB96228E46ED63E9 -- C:\WINDOWS\ServicePackFiles\i386\mnmsrvc.exe
[2009.09.25 22:04:43 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=A566673F6166F994FB96228E46ED63E9 -- C:\WINDOWS\system32\mnmsrvc.exe

< MD5 for: MSDTC.EXE >
[2009.09.25 22:03:57 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=984FEE00101A8474BAA298EDB820DA54 -- C:\WINDOWS\$NtServicePackUninstall$\msdtc.exe
[2009.09.25 22:04:31 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=B40AF3ADFC026FA0D53BE39CCBCC26DB -- C:\WINDOWS\ServicePackFiles\i386\msdtc.exe
[2009.09.25 22:04:43 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=B40AF3ADFC026FA0D53BE39CCBCC26DB -- C:\WINDOWS\system32\msdtc.exe

< MD5 for: MSIEXEC.EXE >
[2009.09.25 22:04:31 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=35FC512786D4491DE3318FC81645014D -- C:\WINDOWS\ServicePackFiles\i386\msiexec.exe
[2009.09.25 22:04:43 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=35FC512786D4491DE3318FC81645014D -- C:\WINDOWS\system32\msiexec.exe
[2009.09.25 22:03:56 | 000,077,312 | ---- | M] (Microsoft Corporation) MD5=89C9AE5138FCF67341770A9DD5D916C9 -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe
[2009.09.25 22:03:57 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=B295D4982A94A64C3B42DA6294DAF4C0 -- C:\WINDOWS\$NtServicePackUninstall$\msiexec.exe

< MD5 for: MSOOBE.EXE >
[2009.09.25 22:03:57 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=6982A33C8235B5FCF33F8911CD29472A -- C:\WINDOWS\$NtServicePackUninstall$\msoobe.exe
[2009.09.25 22:04:31 | 000,029,184 | ---- | M] (Microsoft Corporation) MD5=BBA65C5655976924E6B7824589020B5A -- C:\WINDOWS\ServicePackFiles\i386\msoobe.exe
[2009.09.25 22:04:46 | 000,029,184 | ---- | M] (Microsoft Corporation) MD5=BBA65C5655976924E6B7824589020B5A -- C:\WINDOWS\system32\oobe\msoobe.exe

< MD5 for: NETDDE.EXE >
[2009.09.25 22:04:32 | 000,111,616 | ---- | M] (Microsoft Corporation) MD5=3A07ED9DA472B52E1D5EF1B55818AA97 -- C:\WINDOWS\ServicePackFiles\i386\netdde.exe
[2009.09.25 22:04:43 | 000,111,616 | ---- | M] (Microsoft Corporation) MD5=3A07ED9DA472B52E1D5EF1B55818AA97 -- C:\WINDOWS\system32\netdde.exe
[2009.09.25 22:03:57 | 000,111,616 | ---- | M] (Microsoft Corporation) MD5=6BF83465934F4203D8C8DC6BD64281D6 -- C:\WINDOWS\$NtServicePackUninstall$\netdde.exe

< MD5 for: NTVDM.EXE >
[2009.09.25 22:03:57 | 000,419,840 | ---- | M] (Microsoft Corporation) MD5=BD44C063B5D28F4F2A4A8D5636C48450 -- C:\WINDOWS\$NtServicePackUninstall$\ntvdm.exe
[2009.09.25 22:04:32 | 000,420,864 | ---- | M] (Microsoft Corporation) MD5=FD9A8BF4BA5379E74F98FBF1100FC0C1 -- C:\WINDOWS\ServicePackFiles\i386\ntvdm.exe
[2009.09.25 22:04:43 | 000,420,864 | ---- | M] (Microsoft Corporation) MD5=FD9A8BF4BA5379E74F98FBF1100FC0C1 -- C:\WINDOWS\system32\ntvdm.exe

< MD5 for: QPROCESS.EXE >
[2009.09.25 22:04:32 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=6E3A12779FFFC607890A7A4699FD1567 -- C:\WINDOWS\ServicePackFiles\i386\qprocess.exe
[2009.09.25 22:04:44 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=6E3A12779FFFC607890A7A4699FD1567 -- C:\WINDOWS\system32\qprocess.exe
[2009.09.25 22:03:57 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=E10D256569687C9223C5117C1D945AF1 -- C:\WINDOWS\$NtServicePackUninstall$\qprocess.exe

< MD5 for: RDPCLIP.EXE >
[2009.09.25 22:04:32 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=19BECE4483FBD680A0E41C1546205CA8 -- C:\WINDOWS\ServicePackFiles\i386\rdpclip.exe
[2009.09.25 22:04:44 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=19BECE4483FBD680A0E41C1546205CA8 -- C:\WINDOWS\system32\rdpclip.exe
[2009.09.25 22:03:57 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=D7FC8405F501446A4F8AFB6CA8FF2DE2 -- C:\WINDOWS\$NtServicePackUninstall$\rdpclip.exe

< MD5 for: REGSVR32.EXE >
[2009.09.25 22:04:33 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=122DD6D139233F1188C35E04C2A4BBEA -- C:\WINDOWS\ServicePackFiles\i386\regsvr32.exe
[2009.09.25 22:04:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=122DD6D139233F1188C35E04C2A4BBEA -- C:\WINDOWS\system32\regsvr32.exe
[2009.09.25 22:03:57 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=C47211C22EDE6C67A3D52E1FB8D5C96C -- C:\WINDOWS\$NtServicePackUninstall$\regsvr32.exe

< MD5 for: RSTRUI.EXE >
[2009.09.25 22:03:57 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=098DEC7E4EA6E02129E1F303A4B3790F -- C:\WINDOWS\$NtServicePackUninstall$\rstrui.exe
[2009.09.25 22:04:33 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=132C95B11473AC921095083BBA2169AD -- C:\WINDOWS\ServicePackFiles\i386\rstrui.exe
[2009.09.25 22:04:46 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=132C95B11473AC921095083BBA2169AD -- C:\WINDOWS\system32\Restore\rstrui.exe

< MD5 for: RUNONCE.EXE >
[2009.09.25 22:03:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=06D6B5E342278C25F4EA5C2D8B071AB0 -- C:\WINDOWS\$NtServicePackUninstall$\runonce.exe
[2009.09.25 22:04:33 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=857B1A96C89963B4CA44BBBA5C6DAE98 -- C:\WINDOWS\ServicePackFiles\i386\runonce.exe
[2009.09.25 22:04:44 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=857B1A96C89963B4CA44BBBA5C6DAE98 -- C:\WINDOWS\system32\runonce.exe

< MD5 for: SAVEDUMP.EXE >
[2009.09.25 22:04:33 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=215413F780631081F593D2BE83CE7B4B -- C:\WINDOWS\ServicePackFiles\i386\savedump.exe
[2009.09.25 22:04:44 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=215413F780631081F593D2BE83CE7B4B -- C:\WINDOWS\system32\savedump.exe
[2009.09.25 22:03:57 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=290C2A2F489D8C8A60B35545A795588C -- C:\WINDOWS\$NtServicePackUninstall$\savedump.exe

< MD5 for: SCARDSVR.EXE >
[2009.09.25 22:03:57 | 000,097,792 | ---- | M] (Microsoft Corporation) MD5=CA39A7809292E1359B1E6F8C55013BCD -- C:\WINDOWS\$NtServicePackUninstall$\scardsvr.exe
[2009.09.25 22:04:33 | 000,097,792 | ---- | M] (Microsoft Corporation) MD5=F8E49ABC994C646268A5B8FA2E0FB77B -- C:\WINDOWS\ServicePackFiles\i386\scardsvr.exe
[2009.09.25 22:04:44 | 000,097,792 | ---- | M] (Microsoft Corporation) MD5=F8E49ABC994C646268A5B8FA2E0FB77B -- C:\WINDOWS\system32\scardsvr.exe

< MD5 for: SESSMGR.EXE >
[2009.09.25 22:04:33 | 000,141,824 | ---- | M] (Microsoft Corporation) MD5=BA692CF46DE36E6F13FD282167A73E99 -- C:\WINDOWS\ServicePackFiles\i386\sessmgr.exe
[2009.09.25 22:04:44 | 000,141,824 | ---- | M] (Microsoft Corporation) MD5=BA692CF46DE36E6F13FD282167A73E99 -- C:\WINDOWS\system32\sessmgr.exe
[2009.09.25 22:03:57 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=EC4755815DFAA076604DD30D06C34F73 -- C:\WINDOWS\$NtServicePackUninstall$\sessmgr.exe

< MD5 for: SETHC.EXE >
[2009.09.25 22:03:57 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=8A7A1505C49B972847094E3BA51A7768 -- C:\WINDOWS\$NtServicePackUninstall$\sethc.exe
[2009.09.25 22:04:33 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=C68E2E0A26EDEDFA7BD52BF3E5D594E5 -- C:\WINDOWS\ServicePackFiles\i386\sethc.exe
[2009.09.25 22:04:44 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=C68E2E0A26EDEDFA7BD52BF3E5D594E5 -- C:\WINDOWS\system32\sethc.exe

< MD5 for: SHMGRATE.EXE >
[2009.09.25 22:03:57 | 000,042,496 | ---- | M] (Microsoft Corporation) MD5=5D012748D07557CD29555C8534A16E8D -- C:\WINDOWS\$NtServicePackUninstall$\shmgrate.exe
[2009.09.25 22:04:34 | 000,045,056 | ---- | M] (Microsoft Corporation) MD5=857957E8A5FCD080BB56B065C4F496E0 -- C:\WINDOWS\ServicePackFiles\i386\shmgrate.exe
[2009.09.25 22:04:44 | 000,045,056 | ---- | M] (Microsoft Corporation) MD5=857957E8A5FCD080BB56B065C4F496E0 -- C:\WINDOWS\system32\shmgrate.exe

< MD5 for: SMLOGSVC.EXE >
[2009.09.25 22:03:57 | 000,090,112 | ---- | M] (Microsoft Corporation) MD5=0C62278031911D1C0B647DDC7A7AFF01 -- C:\WINDOWS\$NtServicePackUninstall$\smlogsvc.exe
[2009.09.25 22:04:35 | 000,090,112 | ---- | M] (Microsoft Corporation) MD5=BC462750BA176ACD8C3BA21D65D37F9D -- C:\WINDOWS\ServicePackFiles\i386\smlogsvc.exe
[2009.09.25 22:04:44 | 000,090,112 | ---- | M] (Microsoft Corporation) MD5=BC462750BA176ACD8C3BA21D65D37F9D -- C:\WINDOWS\system32\smlogsvc.exe

< MD5 for: SPIDER.EXE >
[2009.09.25 22:03:57 | 000,538,624 | ---- | M] (Microsoft Corporation) MD5=345AB9509596259D5A3E0EF8AD9D497F -- C:\WINDOWS\$NtServicePackUninstall$\spider.exe
[2009.09.25 22:04:35 | 000,538,624 | ---- | M] (Microsoft Corporation) MD5=F9CBA36483A5A43466BC65D82F541F53 -- C:\WINDOWS\ServicePackFiles\i386\spider.exe
[2009.09.25 22:04:44 | 000,538,624 | ---- | M] (Microsoft Corporation) MD5=F9CBA36483A5A43466BC65D82F541F53 -- C:\WINDOWS\system32\spider.exe

< MD5 for: SPNPINST.EXE >
[2009.09.25 22:03:57 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=DF1FEAC7A0086251DB7163F4B537CCBC -- C:\WINDOWS\$NtServicePackUninstall$\spnpinst.exe
[2009.09.25 22:04:35 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=F5C0B33AA740A74474D858BFEDE678DC -- C:\WINDOWS\ServicePackFiles\i386\spnpinst.exe
[2009.09.25 22:04:44 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=F5C0B33AA740A74474D858BFEDE678DC -- C:\WINDOWS\system32\spnpinst.exe

< MD5 for: TASKMGR.EXE >
[2009.09.25 22:04:37 | 000,137,216 | ---- | M] (Microsoft Corporation) MD5=0E089618D2721A75013591A3E4B8C93B -- C:\WINDOWS\ServicePackFiles\i386\taskmgr.exe
[2009.09.25 22:04:45 | 000,137,216 | ---- | M] (Microsoft Corporation) MD5=0E089618D2721A75013591A3E4B8C93B -- C:\WINDOWS\system32\taskmgr.exe
[2009.09.25 22:03:57 | 000,137,216 | ---- | M] (Microsoft Corporation) MD5=5F3DAD231E1A79EA23A10FF176BD68A2 -- C:\WINDOWS\$NtServicePackUninstall$\taskmgr.exe

< MD5 for: TOURSTART.EXE >
[2009.09.25 22:03:57 | 000,347,136 | ---- | M] (Microsoft Corporation) MD5=64F9EDA5F6BA6A91DF3653BFF16562EF -- C:\WINDOWS\$NtServicePackUninstall$\tourstart.exe
[2009.09.25 22:04:45 | 000,347,136 | ---- | M] (Microsoft Corporation) MD5=90C244B30DA8930CDADE247A1F561FC8 -- C:\WINDOWS\system32\tourstart.exe

< MD5 for: UPS.EXE >
[2009.09.25 22:04:37 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=70D8CAB07FD3E34D226D920E7B672AA5 -- C:\WINDOWS\ServicePackFiles\i386\ups.exe
[2009.09.25 22:04:45 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=70D8CAB07FD3E34D226D920E7B672AA5 -- C:\WINDOWS\system32\ups.exe
[2009.09.25 22:03:57 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=D7D4BBB71199404E225678585392799A -- C:\WINDOWS\$NtServicePackUninstall$\ups.exe

< MD5 for: USERINIT.EXE >
[2009.09.25 22:03:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=CA72C34505F6A9CFD006A472EFA4432A -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2009.09.25 22:04:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=D79F866F2ECDBB2C340BE2C5C944D6A4 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2009.09.25 22:04:45 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=D79F866F2ECDBB2C340BE2C5C944D6A4 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VSSVC.EXE >
[2009.09.25 22:03:57 | 000,290,816 | ---- | M] (Microsoft Corporation) MD5=59A8521D4D5DDA2FCAD759D41A94369F -- C:\WINDOWS\$NtServicePackUninstall$\vssvc.exe
[2009.09.25 22:04:38 | 000,290,816 | ---- | M] (Microsoft Corporation) MD5=6F71C4D0ECAEA4A173DE500A3765E0DF -- C:\WINDOWS\ServicePackFiles\i386\vssvc.exe
[2009.09.25 22:04:45 | 000,290,816 | ---- | M] (Microsoft Corporation) MD5=6F71C4D0ECAEA4A173DE500A3765E0DF -- C:\WINDOWS\system32\vssvc.exe

< MD5 for: WIAACMGR.EXE >
[2009.09.25 22:03:57 | 000,433,664 | ---- | M] (Microsoft Corporation) MD5=59399D080A879CE1C91EAEC640C7CD25 -- C:\WINDOWS\$NtServicePackUninstall$\wiaacmgr.exe
[2009.09.25 22:04:38 | 000,433,664 | ---- | M] (Microsoft Corporation) MD5=FC1CC7E6CCA0B380273CE4C9F7ACFCA1 -- C:\WINDOWS\ServicePackFiles\i386\wiaacmgr.exe
[2009.09.25 22:04:46 | 000,433,664 | ---- | M] (Microsoft Corporation) MD5=FC1CC7E6CCA0B380273CE4C9F7ACFCA1 -- C:\WINDOWS\system32\wiaacmgr.exe

< MD5 for: WMIADAP.EXE >
[2009.09.25 22:04:38 | 000,196,608 | ---- | M] (Microsoft Corporation) MD5=51FBD65BF33A436755FC0663172BF2F6 -- C:\WINDOWS\ServicePackFiles\i386\wmiadap.exe
[2009.09.25 22:04:48 | 000,196,608 | ---- | M] (Microsoft Corporation) MD5=51FBD65BF33A436755FC0663172BF2F6 -- C:\WINDOWS\system32\wbem\wmiadap.exe
[2009.09.25 22:03:57 | 000,196,608 | ---- | M] (Microsoft Corporation) MD5=640B3BB68C8CCDBA4FC75A484C1A926F -- C:\WINDOWS\$NtServicePackUninstall$\wmiadap.exe

< MD5 for: WMIAPSRV.EXE >
[2009.09.25 22:04:38 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=0538832FE204C92F93F7B139E8E864E6 -- C:\WINDOWS\ServicePackFiles\i386\wmiapsrv.exe
[2009.09.25 22:04:49 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=0538832FE204C92F93F7B139E8E864E6 -- C:\WINDOWS\system32\wbem\wmiapsrv.exe
[2009.09.25 22:03:57 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=5D6CF83E734464BB21B93BA7A44199B2 -- C:\WINDOWS\$NtServicePackUninstall$\wmiapsrv.exe

< MD5 for: WSCNTFY.EXE >
[2009.09.25 22:03:57 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=30793331DACB6C62ED5BF0A293D7A135 -- C:\WINDOWS\$NtServicePackUninstall$\wscntfy.exe
[2009.09.25 22:04:38 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=95CD5231CC44954047338B2060537804 -- C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe
[2009.09.25 22:04:46 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=95CD5231CC44954047338B2060537804 -- C:\WINDOWS\system32\wscntfy.exe
< End of report >

Misel1 · #11 Příspěvek od **Misel1** » 13 čer 2010 20:35

ok dobrou
diky

VIRY.CZ

Pls o kontrolu

Pls o kontrolu

Re: Pls o kontrolu

Re: Pls o kontrolu

Re: Pls o kontrolu

Re: Pls o kontrolu

Re: Pls o kontrolu

Re: Pls o kontrolu

Re: Pls o kontrolu

Re: Pls o kontrolu

Re: Pls o kontrolu

Re: Pls o kontrolu