trojský kůň

Zpráva

draace · #1 Příspěvek od **draace** » 09 črc 2010 05:19

Zdravím,

je tam, někde.

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2010-07-09 06:15:47
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (44%) free of 40 GB
Total RAM: 2047 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:15:53, on 9.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\userinit.exe
C:\DOCUME~1\User\LOCALS~1\Temp\svcnost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\qtplugin.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\programy apod\RSIT.exe
C:\Program Files\trend micro\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jizdarna-zlutice.ic.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,"C:\DOCUME~1\User\LOCALS~1\Temp\svcnost.exe"
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1ca84937e15efca) (gupdate1ca84937e15efca) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6628 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-07-30 143360]
"PRONoMgrWired"=C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe [2004-03-02 86016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-11 406016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-23 98304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"RegistryMonitor1"=C:\WINDOWS\system32\qtplugin.exe [2010-07-08 522752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-05-13 26192168]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-04 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe"="C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic - Homecinema"
"C:\DOCUME~1\User\LOCALS~1\Temp\svcnost.exe"="C:\DOCUME~1\User\LOCALS~1\Temp\svcnost.exe:*:Enabled:ldrsoft"
"C:\DOCUME~1\User\LOCALS~1\Temp\svchost.exe"="C:\DOCUME~1\User\LOCALS~1\Temp\svchost.exe:*:Enabled:ldrsoft"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:ldrsoft"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-07-08 17:51:10 ----A---- C:\WINDOWS\system32\qtplugin.exe

======List of files/folders modified in the last 1 months======

2010-07-09 06:15:49 ----D---- C:\Program Files\trend micro
2010-07-09 05:44:14 ----D---- C:\WINDOWS\system32
2010-07-09 05:44:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-09 05:41:13 ----D---- C:\WINDOWS\Temp
2010-07-09 05:40:20 ----D---- C:\Documents and Settings\User\Data aplikací\skypePM
2010-07-09 05:40:20 ----D---- C:\Documents and Settings\User\Data aplikací\Skype
2010-07-08 22:32:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-08 22:31:58 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-08 18:53:12 ----D---- C:\Program Files\rajce
2010-07-08 18:03:13 ----A---- C:\WINDOWS\system32\userinit.exe
2010-07-08 17:22:19 ----D---- C:\WINDOWS\Prefetch
2010-07-04 13:51:34 ----D---- C:\Documents and Settings\User\Data aplikací\dvdcss
2010-07-03 09:12:56 ----D---- C:\Program Files\Mozilla Firefox
2010-07-01 21:58:03 ----SHD---- C:\WINDOWS\Installer
2010-07-01 20:10:39 ----D---- C:\Program Files\Opera
2010-06-30 20:10:42 ----A---- C:\WINDOWS\wincmd.ini
2010-06-30 06:35:35 ----D---- C:\WINDOWS
2010-06-28 06:15:15 ----HD---- C:\WINDOWS\inf
2010-06-22 21:35:24 ----D---- C:\Program Files\Mozilla Thunderbird

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-08-14 21275]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2005-02-23 11264]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-04 3488768]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-15 612416]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WISTechVIDCAP;Dazzle DVC170; C:\WINDOWS\system32\drivers\wisgostrm.sys [2006-03-08 198400]
S3 catchme;catchme; \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-05-04 380928]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-04 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-12-24 570880]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-03 593920]
S2 gupdate1ca84937e15efca;Služba Google Update (gupdate1ca84937e15efca); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-24 133104]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-27 654848]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Děkuji pěkně.

draace

#2 Příspěvek od **cernohous13** » 09 črc 2010 05:29

Zdravím, skutečně tam je

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Skener" > Provést rychlý sken > Skenovat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení

draace · #3 Příspěvek od **draace** » 09 črc 2010 14:54

Doufám, že jsem jakožto lama lamovitá instrukce pochopila správně.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4295

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9.7.2010 15:53:10
mbam-log-2010-07-09 (15-53-10).txt

Typ skenu: Rychlý sken
Skenované objekty: 133138
Uplynulý čas: 7 minuta(y), 34 sekunda(y)

Infikované procesy v paměti: 2
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 3
Infikované složky: 0
Infikované soubory: 13

Infikované procesy v paměti:
C:\Documents and Settings\User\Local Settings\temp\svcnost.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\qtplugin.exe (Rootkit.Agent) -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Rootkit.Agent) -> No action taken.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Oficla) -> Data: c:\windows\system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Oficla) -> Data: system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,"C:\DOCUME~1\User\LOCALS~1\Temp\svcnost.exe") Good: (Userinit.exe) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\User\Local Settings\temp\svcnost.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\User\Local Settings\temp\1.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\User\Local Settings\temp\2.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\User\Local Settings\temp\4.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\User\Local Settings\temp\6.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\User\Local Settings\temp\7.exe (Trojan.Dropper.Gen) -> No action taken.
C:\Documents and Settings\User\Local Settings\temp\8.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\User\Local Settings\temp\tmp77373732727.tmp (Trojan.Oficla) -> No action taken.
C:\Documents and Settings\User\Local Settings\temp\A.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\User\Local Settings\temp\B.exe (Trojan.Dropper.Gen) -> No action taken.
C:\Documents and Settings\User\Local Settings\temp\C.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\User\Local Settings\temp\9.exe (Trojan.Dropper.Gen) -> No action taken.
C:\WINDOWS\system32\qtplugin.exe (Rootkit.Agent) -> No action taken.

#4 Příspěvek od **cernohous13** » 09 črc 2010 21:07

MBAM spustit znovu - dát Kompletní kontrola
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Infikované procesy v paměti:
C:\Documents and Settings\xxxxxx -> Quarantined and deleted successfully.
ten bych taky rád viděl

Stáhni si ComboFix
a ulož ho na plochu.
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

draace · #5 Příspěvek od **draace** » 10 črc 2010 17:22

U prvního to chtělo restart na dokončení, takže log je z před restartováním (pak už nic nevyskočilo):

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4295

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10.7.2010 17:55:43
mbam-log-2010-07-10 (17-55-43).txt

Typ skenu: Úplný sken (C:\|E:\|F:\|)
Skenované objekty: 280434
Uplynulý čas: 2 hodina(y), 12 minuta(y), 26 sekunda(y)

Infikované procesy v paměti: 2
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 16

Infikované procesy v paměti:
C:\Documents and Settings\User\Local Settings\temp\svcnost.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\qtplugin.exe (Rootkit.Agent) -> Unloaded process successfully.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Rootkit.Agent) -> Quarantined and deleted successfully.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,"C:\DOCUME~1\User\LOCALS~1\Temp\svcnost.exe") Good: (Userinit.exe) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\User\Local Settings\temp\svcnost.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\User\Local Settings\temp\1.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\User\Local Settings\temp\10.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\User\Local Settings\temp\12.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\User\Local Settings\temp\13.exe (Trojan.Dropper.Gen) -> Delete on reboot.
C:\Documents and Settings\User\Local Settings\temp\2.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\User\Local Settings\temp\4.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\User\Local Settings\temp\6.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\User\Local Settings\temp\7.exe (Trojan.Dropper.Gen) -> Delete on reboot.
C:\Documents and Settings\User\Local Settings\temp\8.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\User\Local Settings\temp\A.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\User\Local Settings\temp\B.exe (Trojan.Dropper.Gen) -> Delete on reboot.
C:\Documents and Settings\User\Local Settings\temp\C.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\User\Local Settings\temp\E.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\User\Local Settings\temp\9.exe (Trojan.Dropper.Gen) -> Delete on reboot.
C:\WINDOWS\system32\qtplugin.exe (Rootkit.Agent) -> Quarantined and deleted successfully.

a druhý:

ComboFix 10-07-09.02 - User 10.07.2010 18:10:45.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1590 [GMT 2:00]
Spuštěný z: c:\documents and settings\User\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100710-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-10 do 2010-07-10 )))))))))))))))))))))))))))))))
.

2010-07-10 16:10 . 2008-04-14 06:52 1034240 ----a-w- c:\windows\system32\userinit.exe
2010-07-09 13:41 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-09 13:41 . 2010-07-09 13:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-09 13:41 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-30 04:35 . 2010-06-30 04:35 2256 ----a-w- c:\windows\current_settings.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-10 16:02 . 2004-08-18 12:00 47206 ----a-w- c:\windows\system32\perfc005.dat
2010-07-10 16:02 . 2004-08-18 12:00 312970 ----a-w- c:\windows\system32\perfh005.dat
2010-07-09 08:52 . 2009-08-14 18:33 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-07-09 04:15 . 2010-01-06 20:24 -------- d-----w- c:\program files\trend micro
2010-07-08 16:53 . 2009-09-30 14:43 -------- d-----w- c:\program files\rajce
2010-07-01 18:10 . 2009-09-30 05:33 -------- d-----w- c:\program files\Opera
2010-06-05 05:16 . 2009-12-09 19:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-12 14:15 . 2009-12-24 12:20 -------- d-----w- c:\program files\Google
2010-05-12 14:05 . 2009-08-14 12:34 -------- d-----w- c:\program files\Kerio
2010-05-12 14:03 . 2009-08-14 18:53 139052 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-05-06 10:35 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-04-25_11.45.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-10 15:58 . 2010-07-10 15:58 16384 c:\windows\Temp\Perflib_Perfdata_640.dat
+ 2010-07-10 15:58 . 2010-07-10 15:58 16384 c:\windows\Temp\Perflib_Perfdata_608.dat
+ 2010-05-30 17:04 . 2008-04-14 06:52 54272 c:\windows\system32\vfwwdm32.dll
+ 2004-08-18 12:00 . 2008-04-14 06:52 26112 c:\windows\system32\userinitxx.exe
- 2008-10-22 09:47 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2004-08-18 12:00 . 2010-07-10 16:02 40836 c:\windows\system32\perfc009.dat
- 2004-08-18 12:00 . 2010-04-25 06:08 40836 c:\windows\system32\perfc009.dat
+ 2010-05-06 19:39 . 1998-05-01 18:01 24848 c:\windows\system32\msjter35.dll
+ 2009-03-08 02:31 . 2010-05-06 10:35 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 02:31 . 2010-02-25 06:18 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-18 12:00 . 2010-02-25 06:18 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-18 12:00 . 2010-05-06 10:35 25600 c:\windows\system32\jsproxy.dll
+ 2010-05-30 17:04 . 2008-04-13 22:16 19200 c:\windows\system32\drivers\WSTCODEC.SYS
+ 2010-05-30 17:04 . 2006-03-08 10:58 52736 c:\windows\system32\drivers\wisboard.dll
+ 2010-05-30 17:04 . 2008-04-13 22:16 15232 c:\windows\system32\drivers\StreamIP.sys
+ 2010-05-30 17:04 . 2008-04-13 22:16 11136 c:\windows\system32\drivers\SLIP.sys
+ 2010-05-30 17:04 . 2008-04-13 22:16 10880 c:\windows\system32\drivers\NdisIP.sys
+ 2010-05-30 17:04 . 2008-04-13 22:16 85248 c:\windows\system32\drivers\NABTSFEC.sys
+ 2010-05-30 17:04 . 2008-04-13 22:16 17024 c:\windows\system32\drivers\CCDECODE.sys
+ 2009-08-16 19:39 . 2010-05-06 10:35 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-08-16 19:39 . 2010-02-25 06:18 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-05-30 17:04 . 2008-04-13 22:16 19200 c:\windows\system32\dllcache\wstcodec.sys
+ 2010-05-30 17:04 . 2008-04-14 06:52 54272 c:\windows\system32\dllcache\vfwwdm32.dll
+ 2010-05-30 17:04 . 2008-04-13 22:16 15232 c:\windows\system32\dllcache\streamip.sys
+ 2010-05-30 17:04 . 2008-04-13 22:16 11136 c:\windows\system32\dllcache\slip.sys
+ 2010-05-30 17:04 . 2008-04-13 22:16 10880 c:\windows\system32\dllcache\ndisip.sys
+ 2010-05-30 17:04 . 2008-04-13 22:16 85248 c:\windows\system32\dllcache\nabtsfec.sys
+ 2009-08-16 19:39 . 2010-05-06 10:35 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-08-16 19:39 . 2010-02-25 06:18 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 02:33 . 2010-02-25 06:18 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 02:33 . 2010-05-06 10:35 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-05-30 17:04 . 2008-04-13 22:16 17024 c:\windows\system32\dllcache\ccdecode.sys
+ 2010-03-05 14:42 . 2010-03-05 14:42 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2004-08-18 12:00 . 2010-03-05 14:42 65536 c:\windows\system32\asycfilt.dll
+ 2010-06-16 19:15 . 2010-06-16 19:15 21504 c:\windows\Installer\13ed5aa.msi
+ 2010-05-12 14:15 . 2010-05-12 14:15 25214 c:\windows\Installer\{961034C0-58DF-11DF-97FD-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-05-12 14:15 . 2010-05-12 14:15 25214 c:\windows\Installer\{961034C0-58DF-11DF-97FD-005056806466}\ARPPRODUCTICON.exe
- 2010-04-14 21:10 . 2010-04-14 21:10 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-06-09 04:56 . 2010-06-09 04:56 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-01-15 10:27 . 2010-04-14 21:10 35088 c:\windows\Installer\{90120000-0017-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-01-15 10:27 . 2010-06-09 04:57 35088 c:\windows\Installer\{90120000-0017-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-01-15 10:27 . 2010-06-09 04:57 18704 c:\windows\Installer\{90120000-0017-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-01-15 10:27 . 2010-04-14 21:10 18704 c:\windows\Installer\{90120000-0017-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-15 10:27 . 2010-06-09 04:57 20240 c:\windows\Installer\{90120000-0017-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-01-15 10:27 . 2010-04-14 21:10 20240 c:\windows\Installer\{90120000-0017-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-08-15 19:06 . 2010-04-14 21:08 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-08-15 19:06 . 2010-07-01 19:58 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-08-15 19:06 . 2010-04-14 21:08 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-08-15 19:06 . 2010-07-01 19:58 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-08-15 19:06 . 2010-07-01 19:58 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-08-15 19:06 . 2010-04-14 21:08 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-08-15 19:06 . 2010-07-01 19:58 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-08-15 19:06 . 2010-04-14 21:08 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-08-15 19:06 . 2010-04-14 21:08 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-08-15 19:06 . 2010-07-01 19:58 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-08-15 19:06 . 2010-04-14 21:08 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-08-15 19:06 . 2010-07-01 19:58 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-06-04 21:20 . 2010-06-04 21:20 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-09 04:56 . 2010-02-25 06:18 12800 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-06-09 04:56 . 2010-02-25 06:18 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-06-09 04:56 . 2010-02-25 06:18 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-05-30 17:04 . 2006-01-24 13:17 30800 c:\windows\go7007fw.bin
+ 2010-05-25 20:56 . 2010-01-23 08:11 46080 c:\windows\$NtUninstallKB981793$\tzchange.exe
+ 2010-05-25 20:56 . 2010-04-22 22:24 16896 c:\windows\$NtUninstallKB981793$\spuninst\tzchange.dll
+ 2010-06-09 04:54 . 2008-04-14 06:51 65024 c:\windows\$NtUninstallKB979482$\asycfilt.dll
+ 2010-06-09 04:56 . 2008-07-08 12:59 26488 c:\windows\$hf_mig$\KB982381-IE8\update\spcustom.dll
+ 2010-06-09 04:56 . 2008-07-08 12:59 18296 c:\windows\$hf_mig$\KB982381-IE8\spmsg.dll
+ 2010-06-09 03:58 . 2010-05-06 10:28 12800 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\xpshims.dll
+ 2010-06-09 03:58 . 2010-05-06 10:28 55296 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\msfeedsbs.dll
+ 2010-06-09 03:58 . 2010-05-06 10:28 25600 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\jsproxy.dll
+ 2010-06-09 04:58 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980218\update\spcustom.dll
+ 2010-06-09 04:58 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB980218\spmsg.dll
+ 2010-06-09 04:57 . 2008-07-08 12:59 26488 c:\windows\$hf_mig$\KB980195\update\spcustom.dll
+ 2010-06-09 04:57 . 2008-07-08 12:59 18296 c:\windows\$hf_mig$\KB980195\spmsg.dll
+ 2010-06-09 04:56 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979559\update\spcustom.dll
+ 2010-06-09 04:56 . 2009-05-26 09:01 18296 c:\windows\$hf_mig$\KB979559\spmsg.dll
+ 2010-06-09 04:54 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979482\update\spcustom.dll
+ 2010-06-09 04:54 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB979482\spmsg.dll
+ 2010-03-05 14:53 . 2010-03-05 14:53 65536 c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll
+ 2010-05-12 14:45 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978542\update\spcustom.dll
+ 2010-05-12 14:45 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB978542\spmsg.dll
+ 2010-06-09 04:53 . 2008-07-08 12:59 26488 c:\windows\$hf_mig$\KB975562\update\spcustom.dll
+ 2010-06-09 04:53 . 2008-07-08 12:59 18296 c:\windows\$hf_mig$\KB975562\spmsg.dll
+ 2010-05-30 17:04 . 2008-04-13 22:09 5504 c:\windows\system32\drivers\MSTEE.sys
+ 2010-05-30 17:04 . 2008-04-13 22:09 5504 c:\windows\system32\dllcache\mstee.sys
- 2009-08-15 19:06 . 2010-04-14 21:08 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-08-15 19:06 . 2010-07-01 19:58 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-05-06 19:39 . 1998-05-01 18:01 368912 c:\windows\system32\vbar332.dll
+ 2004-08-18 12:00 . 2010-07-10 16:02 314508 c:\windows\system32\perfh009.dat
- 2004-08-18 12:00 . 2010-04-25 06:08 314508 c:\windows\system32\perfh009.dat
- 2004-08-18 12:00 . 2010-02-25 06:18 206848 c:\windows\system32\occache.dll
+ 2004-08-18 12:00 . 2010-05-06 10:35 206848 c:\windows\system32\occache.dll
+ 2010-05-06 19:39 . 1998-05-01 18:01 287504 c:\windows\system32\msxbse35.dll
- 2004-08-18 12:00 . 2010-02-25 06:18 611840 c:\windows\system32\mstime.dll
+ 2004-08-18 12:00 . 2010-05-06 10:35 611840 c:\windows\system32\mstime.dll
+ 2010-05-06 19:39 . 1998-05-01 18:01 165648 c:\windows\system32\mstext35.dll
+ 2010-05-06 19:39 . 1999-04-12 21:00 415504 c:\windows\system32\msrepl35.dll
+ 2010-05-06 19:39 . 1998-05-01 18:01 252176 c:\windows\system32\msrd2x35.dll
+ 2010-05-06 19:39 . 1998-05-01 18:01 123664 c:\windows\system32\Msjint35.dll
+ 2009-03-08 02:32 . 2010-05-06 10:35 599040 c:\windows\system32\msfeeds.dll
+ 2010-05-06 19:39 . 1998-05-01 18:01 250128 c:\windows\system32\msexcl35.dll
+ 2010-06-18 04:15 . 2010-06-18 04:15 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe
+ 2010-06-11 04:04 . 2010-06-11 04:04 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
+ 2010-06-11 04:04 . 2010-06-11 04:04 311760 c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.dll
+ 2009-08-14 11:21 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
- 2009-08-14 11:21 . 2008-04-11 19:06 691712 c:\windows\system32\inetcomm.dll
+ 2004-08-18 12:00 . 2010-05-06 10:35 184320 c:\windows\system32\iepeers.dll
- 2004-08-18 12:00 . 2010-02-25 06:18 184320 c:\windows\system32\iepeers.dll
+ 2004-08-18 12:00 . 2010-05-06 10:35 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-18 12:00 . 2010-02-25 06:18 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-18 12:00 . 2010-02-24 09:53 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-18 12:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
+ 2010-05-30 17:04 . 2006-03-08 10:58 198400 c:\windows\system32\drivers\wisgostrm.sys
- 2009-06-26 16:51 . 2010-02-25 06:18 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-06-26 16:51 . 2010-05-06 10:35 916480 c:\windows\system32\dllcache\wininet.dll
- 2009-03-08 02:34 . 2010-02-25 06:18 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 02:34 . 2010-05-06 10:35 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 02:32 . 2010-02-25 06:18 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 02:32 . 2010-05-06 10:35 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-08-16 19:39 . 2010-05-06 10:35 599040 c:\windows\system32\dllcache\msfeeds.dll
- 2009-08-14 12:41 . 2008-04-11 19:06 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-08-14 12:41 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-08-16 19:39 . 2010-05-06 10:35 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-08-16 19:39 . 2010-02-25 06:18 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-03-08 02:31 . 2010-05-06 10:35 184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-03-08 02:31 . 2010-02-25 06:18 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-09 03:58 . 2010-05-06 10:35 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2009-03-08 12:09 . 2010-05-06 10:35 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 12:09 . 2010-02-25 06:18 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 02:32 . 2010-02-24 09:53 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 02:32 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-04-20 05:32 . 2010-04-20 05:32 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2010-05-12 14:15 . 2010-05-12 14:15 881664 c:\windows\Installer\87b87.msi
+ 2010-05-01 12:16 . 2010-05-01 12:16 836096 c:\windows\Installer\17ca16b.msi
+ 2010-05-06 19:39 . 2010-05-06 19:39 169472 c:\windows\Installer\154e7b7.msi
+ 2010-05-06 19:39 . 2010-05-06 19:39 163840 c:\windows\Installer\154e7b0.msi
+ 2010-05-26 04:09 . 2010-05-26 04:09 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
- 2010-03-27 11:27 . 2010-03-27 11:27 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2010-01-15 10:27 . 2010-06-09 04:57 217864 c:\windows\Installer\{90120000-0017-0000-0000-0000000FF1CE}\misc.exe
- 2010-01-15 10:27 . 2010-04-14 21:10 217864 c:\windows\Installer\{90120000-0017-0000-0000-0000000FF1CE}\misc.exe
+ 2009-08-15 19:06 . 2010-07-01 19:58 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-08-15 19:06 . 2010-04-14 21:08 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-08-15 19:06 . 2010-04-14 21:08 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-08-15 19:06 . 2010-07-01 19:58 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-08-15 19:06 . 2010-07-01 19:58 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-08-15 19:06 . 2010-04-14 21:08 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-08-15 19:06 . 2010-07-01 19:58 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-08-15 19:06 . 2010-04-14 21:08 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-08-15 19:06 . 2010-04-14 21:08 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-08-15 19:06 . 2010-07-01 19:58 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-08-15 19:06 . 2010-04-14 21:08 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-08-15 19:06 . 2010-07-01 19:58 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-06-09 04:56 . 2010-02-25 06:18 916480 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-06-09 04:56 . 2010-02-22 14:21 391032 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-06-09 04:56 . 2008-07-08 12:59 233848 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-06-09 04:56 . 2010-02-25 06:18 206848 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-06-09 04:56 . 2010-02-25 06:18 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-06-09 04:56 . 2010-02-25 06:18 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-06-09 04:56 . 2010-02-25 06:18 247808 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-06-09 04:56 . 2010-02-25 06:18 184320 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-06-09 04:56 . 2009-03-08 02:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-06-09 04:56 . 2010-02-25 06:18 387584 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-06-09 04:56 . 2010-02-24 09:53 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-05-30 17:04 . 2006-01-24 13:17 143540 c:\windows\go7007sb.bin
+ 2010-05-25 20:56 . 2009-05-26 09:01 391032 c:\windows\$NtUninstallKB981793$\spuninst\updspapi.dll
+ 2010-05-25 20:56 . 2009-05-26 09:01 233848 c:\windows\$NtUninstallKB981793$\spuninst\spuninst.exe
+ 2010-06-09 04:58 . 2009-05-26 11:40 391032 c:\windows\$NtUninstallKB980218$\spuninst\updspapi.dll
+ 2010-06-09 04:58 . 2009-05-26 11:40 233848 c:\windows\$NtUninstallKB980218$\spuninst\spuninst.exe
+ 2010-06-09 04:58 . 2008-04-14 06:37 285696 c:\windows\$NtUninstallKB980218$\atmfd.dll
+ 2010-06-09 04:57 . 2008-07-08 12:59 391032 c:\windows\$NtUninstallKB980195$\spuninst\updspapi.dll
+ 2010-06-09 04:57 . 2008-07-08 12:59 233848 c:\windows\$NtUninstallKB980195$\spuninst\spuninst.exe
+ 2010-06-09 04:56 . 2009-05-26 11:40 391032 c:\windows\$NtUninstallKB979559$\spuninst\updspapi.dll
+ 2010-06-09 04:56 . 2009-05-26 09:01 233848 c:\windows\$NtUninstallKB979559$\spuninst\spuninst.exe
+ 2010-06-09 04:54 . 2009-05-26 11:40 391032 c:\windows\$NtUninstallKB979482$\spuninst\updspapi.dll
+ 2010-06-09 04:54 . 2009-05-26 11:40 233848 c:\windows\$NtUninstallKB979482$\spuninst\spuninst.exe
+ 2010-06-09 04:54 . 2007-07-27 21:11 382840 c:\windows\$NtUninstallKB978695_WM9$\spuninst\updspapi.dll
+ 2010-06-09 04:54 . 2007-07-27 18:47 233848 c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe
+ 2010-05-12 14:45 . 2009-05-26 11:40 391032 c:\windows\$NtUninstallKB978542$\spuninst\updspapi.dll
+ 2010-05-12 14:45 . 2009-05-26 11:40 233848 c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe
+ 2010-05-12 14:45 . 2008-04-11 19:06 691712 c:\windows\$NtUninstallKB978542$\inetcomm.dll
+ 2010-06-09 04:53 . 2009-05-26 11:40 391032 c:\windows\$NtUninstallKB975562$\spuninst\updspapi.dll
+ 2010-06-09 04:53 . 2008-07-08 12:59 233848 c:\windows\$NtUninstallKB975562$\spuninst\spuninst.exe
+ 2010-06-09 04:56 . 2010-02-22 14:21 391032 c:\windows\$hf_mig$\KB982381-IE8\update\updspapi.dll
+ 2010-06-09 04:56 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB982381-IE8\update\update.exe
+ 2010-06-09 04:56 . 2008-07-08 12:59 233848 c:\windows\$hf_mig$\KB982381-IE8\spuninst.exe
+ 2010-06-09 03:58 . 2010-05-06 10:28 919040 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
+ 2010-06-09 03:58 . 2010-05-06 10:28 206848 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\occache.dll
+ 2010-06-09 03:58 . 2010-05-06 10:28 611840 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mstime.dll
+ 2010-06-09 03:58 . 2010-05-06 10:28 599040 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\msfeeds.dll
+ 2010-06-09 03:58 . 2010-05-06 10:28 247808 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ieproxy.dll
+ 2010-06-09 03:58 . 2010-05-06 10:28 184320 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iepeers.dll
+ 2010-06-09 03:58 . 2010-05-06 10:28 743424 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iedvtool.dll
+ 2010-06-09 03:58 . 2010-05-06 10:28 387584 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iedkcs32.dll
+ 2010-06-09 03:58 . 2010-05-05 13:55 173056 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ie4uinit.exe
+ 2010-06-09 04:58 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB980218\update\updspapi.dll
+ 2010-06-09 04:58 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB980218\update\update.exe
+ 2010-06-09 04:58 . 2009-05-26 11:40 233848 c:\windows\$hf_mig$\KB980218\spuninst.exe
+ 2010-04-20 05:38 . 2010-04-20 05:38 285824 c:\windows\$hf_mig$\KB980218\SP3QFE\atmfd.dll
+ 2010-06-09 04:57 . 2008-07-08 12:59 391032 c:\windows\$hf_mig$\KB980195\update\updspapi.dll
+ 2010-06-09 04:57 . 2008-07-08 12:59 759160 c:\windows\$hf_mig$\KB980195\update\update.exe
+ 2010-06-09 04:57 . 2008-07-08 12:59 233848 c:\windows\$hf_mig$\KB980195\spuninst.exe
+ 2010-06-09 04:56 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB979559\update\updspapi.dll
+ 2010-06-09 04:56 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB979559\update\update.exe
+ 2010-06-09 04:56 . 2009-05-26 09:01 233848 c:\windows\$hf_mig$\KB979559\spuninst.exe
+ 2010-06-09 04:54 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB979482\update\updspapi.dll
+ 2010-06-09 04:54 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB979482\update\update.exe
+ 2010-06-09 04:54 . 2009-05-26 11:40 233848 c:\windows\$hf_mig$\KB979482\spuninst.exe
+ 2010-05-12 14:45 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB978542\update\updspapi.dll
+ 2010-05-12 14:45 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB978542\update\update.exe
+ 2010-05-12 14:45 . 2009-05-26 11:40 233848 c:\windows\$hf_mig$\KB978542\spuninst.exe
+ 2010-01-29 14:54 . 2010-01-29 14:54 691712 c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll
+ 2010-06-09 04:53 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB975562\update\updspapi.dll
+ 2010-06-09 04:53 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB975562\update\update.exe
+ 2010-06-09 04:53 . 2008-07-08 12:59 233848 c:\windows\$hf_mig$\KB975562\spuninst.exe
+ 2004-08-18 12:00 . 2010-04-06 02:52 2462720 c:\windows\system32\WMVCore.dll
+ 2004-08-18 12:00 . 2010-05-06 10:35 1209344 c:\windows\system32\urlmon.dll
- 2004-08-18 12:00 . 2010-02-25 06:18 1209344 c:\windows\system32\urlmon.dll
- 2004-08-18 12:00 . 2009-11-27 17:14 1294336 c:\windows\system32\quartz.dll
+ 2004-08-18 12:00 . 2010-02-05 18:27 1294336 c:\windows\system32\quartz.dll
+ 2010-05-06 19:39 . 1999-04-12 21:00 1046288 c:\windows\system32\msjet35.dll
+ 2004-08-18 12:00 . 2010-05-06 10:35 5950976 c:\windows\system32\mshtml.dll
+ 2010-01-27 01:07 . 2010-06-18 04:15 5612496 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-03-08 02:32 . 2010-05-06 10:35 1985536 c:\windows\system32\iertutil.dll
- 2009-03-08 02:32 . 2010-02-25 06:18 1985536 c:\windows\system32\iertutil.dll
+ 2009-08-14 12:58 . 2010-06-09 13:30 1531880 c:\windows\system32\FNTCACHE.DAT
- 2009-08-14 12:58 . 2010-01-15 10:43 1531880 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-18 12:00 . 2010-04-06 02:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-04-19 19:52 . 2010-05-02 08:09 1851264 c:\windows\system32\dllcache\win32k.sys
+ 2009-06-26 16:51 . 2010-05-06 10:35 1209344 c:\windows\system32\dllcache\urlmon.dll
- 2009-06-26 16:51 . 2010-02-25 06:18 1209344 c:\windows\system32\dllcache\urlmon.dll
- 2009-06-03 19:11 . 2009-11-27 17:14 1294336 c:\windows\system32\dllcache\quartz.dll
+ 2009-06-03 19:11 . 2010-02-05 18:27 1294336 c:\windows\system32\dllcache\quartz.dll
- 2009-08-14 12:41 . 2009-07-10 13:28 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-08-14 12:41 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-07-18 16:05 . 2010-05-06 10:35 5950976 c:\windows\system32\dllcache\mshtml.dll
+ 2009-08-16 19:39 . 2010-05-06 10:35 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2009-08-16 19:39 . 2010-02-25 06:18 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-05-26 04:09 . 2010-05-26 04:09 1575936 c:\windows\Installer\8fa01.msi
+ 2010-05-03 14:27 . 2010-05-03 14:27 6825472 c:\windows\Installer\3821a4.msp
+ 2010-05-03 14:11 . 2010-05-03 14:11 4149760 c:\windows\Installer\382178.msp
+ 2010-05-10 15:17 . 2010-05-10 15:17 5520896 c:\windows\Installer\382161.msp
+ 2010-04-24 15:10 . 2010-04-24 15:10 8486400 c:\windows\Installer\38214a.msp
+ 2010-05-03 14:06 . 2010-05-03 14:06 5053952 c:\windows\Installer\382140.msp
+ 2010-03-30 10:34 . 2010-03-30 10:34 3826688 c:\windows\Installer\382129.msp
+ 2009-10-16 16:07 . 2009-10-16 16:07 6115328 c:\windows\Installer\246646.msp
+ 2010-04-21 15:46 . 2010-04-21 15:46 5522432 c:\windows\Installer\246630.msp
+ 2009-10-16 05:08 . 2009-10-16 05:08 2237952 c:\windows\Installer\246619.msp
+ 2010-05-04 20:25 . 2010-05-04 20:25 7681024 c:\windows\Installer\1645c79.msp
+ 2010-07-01 18:10 . 2010-07-01 18:10 2647552 c:\windows\Installer\101cd3e.msi
+ 2007-04-30 13:57 . 2007-04-30 13:57 7084384 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\INFOPATH.EXE
+ 2008-08-25 21:50 . 2008-08-25 21:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002109710000000000000000F01FEC\12.0.6425\VBE6.DLL
+ 2010-06-09 04:56 . 2010-02-25 06:18 1209344 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-06-09 04:56 . 2010-02-25 06:18 5944832 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-06-09 04:56 . 2010-02-25 06:18 1985536 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2010-06-09 04:56 . 2009-08-14 15:15 1850624 c:\windows\$NtUninstallKB979559$\win32k.sys
+ 2010-06-09 04:54 . 2009-05-20 03:56 2458112 c:\windows\$NtUninstallKB978695_WM9$\wmvcore.dll
+ 2010-05-12 14:45 . 2009-07-10 13:28 1315328 c:\windows\$NtUninstallKB978542$\msoe.dll
+ 2010-06-09 04:53 . 2009-11-27 17:14 1294336 c:\windows\$NtUninstallKB975562$\quartz.dll
+ 2010-06-09 03:58 . 2010-05-06 10:28 1209856 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\urlmon.dll
+ 2010-06-09 03:58 . 2010-05-06 10:28 5953024 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
+ 2010-06-09 03:58 . 2010-05-06 10:28 1986048 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iertutil.dll
+ 2010-05-02 08:03 . 2010-05-02 08:03 1860352 c:\windows\$hf_mig$\KB979559\SP3QFE\win32k.sys
+ 2010-01-29 14:54 . 2010-01-29 14:54 1315328 c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll
+ 2010-02-05 18:29 . 2010-02-05 18:29 1294336 c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll
+ 2009-08-16 19:30 . 2010-05-28 19:37 32472008 c:\windows\system32\MRT.exe
+ 2009-03-08 02:39 . 2010-05-06 10:35 11076096 c:\windows\system32\ieframe.dll
+ 2009-08-16 19:39 . 2010-05-06 10:35 11076096 c:\windows\system32\dllcache\ieframe.dll
+ 2010-05-11 09:30 . 2010-05-11 09:30 11194880 c:\windows\Installer\3821bb.msp
+ 2010-04-24 15:09 . 2010-04-24 15:09 11750912 c:\windows\Installer\382182.msp
+ 2010-06-04 21:19 . 2010-06-04 21:19 20242432 c:\windows\Installer\1b2fc1c.msp
+ 2010-06-09 04:56 . 2010-02-25 09:48 11070976 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2010-05-06 13:58 . 2010-05-06 13:58 11078144 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ieframe.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-03-02 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-23 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-8-14 614400]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14.8.2009 14:02 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.8.2009 14:02 20560]
S2 gupdate1ca84937e15efca;Služba Google Update (gupdate1ca84937e15efca);c:\program files\Google\Update\GoogleUpdate.exe [24.12.2009 14:20 133104]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 12:20]

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 12:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://jizdarna-zlutice.ic.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Data aplikací\Mozilla\Firefox\Profiles\ezq7z3ur.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-10 18:14
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2096)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-07-10 18:16:22
ComboFix-quarantined-files.txt 2010-07-10 16:16
ComboFix2.txt 2010-04-29 05:46
ComboFix3.txt 2010-04-26 11:20
ComboFix4.txt 2010-04-25 11:46

Před spuštěním: Volných bajtů: 19 381 833 728
Po spuštění: Volných bajtů: 19 576 303 616

- - End Of File - - 7439D8FC428771D31704C61F771C40D4

#6 Příspěvek od **cernohous13** » 10 črc 2010 22:47

Tak to vypadá, že MBAM uklidil a log ComboFixu se zdá čistý.

teď ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

pak použij

Stáhni a spusť T-cleaner http://sweb.cz/Marinus/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.
spustit "Nástroje" > "Obnova systému" - 1.řádek zachovej, ostatní "Odstranit"

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

Po vyčištění by se hodila defragmentace
doporučuji http://www.slunecnice.cz/sw/defraggler/ + čeština

Napiš jestli jsou ještě nějaké příznaky problému.

draace · #7 Příspěvek od **draace** » 11 črc 2010 07:04

Zdravím, včera už jsem na PC nebyla, takže jsem ho vypnula.

Dnes po startu vyběhl pouze obrázek na ploše, plus otevřené okno "dokumenty", a skrz jsem se proklikala k "plocha" a otevřela i net.

Má to něco společného s manévry s Combofix?
Nechám to zatím takhle a počkám na odpověď, co dál.

Děkuji:-)

PS: po problémech s trojanem ani stopa (zatím)

#8 Příspěvek od **cernohous13** » 11 črc 2010 16:28

ComboFix podle záznamu nic nemazal ani neopravoval.

Provedla jsi operace podle předchozího návodu?

Pokud nevidíš na monitoru lištu Hlavní panel s tlačítkem Start, zkus příkazový řádek spustit kombinací Win+R a zkopíruj tam ComboFix /Uninstall -> OK

draace · #9 Příspěvek od **draace** » 13 črc 2010 16:17

Zdravím,

operace jsem dle předchozího návodu provedla, a po novém startu mi místo tradiční plochy naběhlo tohle: Obrázek

= pouze tapeta plus "dokumenty".

Skrz nabídku se jde proklikat na "plocha" a spustit ikony, ale k nabídce START ani ke všemu, co mělo zástupce na liště, už se nedostanu.

Zkusila jsem znovu Malwarebytes' Anti-Malware (čisté) a poté opět ComboFix. Poté se mi ikony i lišta na plochu vrátily a trojský kůň nic, takže jsem odinstalovala ComboFix, ale nazítří po startu PC se situace zopakovala: opět pouze tapeta, ikony a lišta nikde.

Takže pokud potřebuji na PC pracovat, musím zapnout, až vyběhne okno, tak spustit ComboFix; pak sice je vše ok, ale tento druh startování zabere 10 minut čistého času a je značně neuspokojivý

Ještě ke ComboFix: když jsem jej spustila poprvé, byly dle návodu vypnuty antivir, firewall atd. Při dalších aplikacích (již pouze s tapetou a oknem) ale antiviry atd. vypnout nejdou, protože nemám lištu, tak doufám, že mi PC neumře.

Přikládám log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by User at 2010-07-13 17:12:14
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (55%) free of 40 GB
Total RAM: 2047 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:12:17, on 13.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\User\Plocha\RSIT.exe
C:\Program Files\trend micro\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jizdarna-zlutice.ic.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1ca84937e15efca) (gupdate1ca84937e15efca) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6655 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-07-30 143360]
"PRONoMgrWired"=C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe [2004-03-02 86016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-11 406016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-23 98304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-05-13 26192168]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-04 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic - Homecinema"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-07-13 15:31:30 ----A---- C:\ComboFix.txt
2010-07-13 15:25:08 ----D---- C:\ComboFix
2010-07-11 19:32:47 ----A---- C:\WINDOWS\zip.exe
2010-07-11 19:32:47 ----A---- C:\WINDOWS\SWSC.exe
2010-07-11 19:32:47 ----A---- C:\WINDOWS\SWREG.exe
2010-07-11 19:32:47 ----A---- C:\WINDOWS\sed.exe
2010-07-11 19:32:47 ----A---- C:\WINDOWS\PEV.exe
2010-07-11 19:32:47 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-11 19:32:47 ----A---- C:\WINDOWS\MBR.exe
2010-07-11 19:32:47 ----A---- C:\WINDOWS\grep.exe
2010-07-11 19:32:46 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-11 19:32:20 ----D---- C:\Qoobox
2010-07-10 18:10:36 ----A---- C:\WINDOWS\system32\userinit.exe
2010-07-09 15:41:32 ----D---- C:\Documents and Settings\User\Data aplikací\Malwarebytes
2010-07-09 15:41:23 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-09 15:41:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-07-09 15:41:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-09 15:41:21 ----A---- C:\WINDOWS\system32\drivers\mbam.sys

======List of files/folders modified in the last 1 months======

2010-07-13 17:12:15 ----D---- C:\Program Files\trend micro
2010-07-13 17:01:52 ----D---- C:\Program Files\rajce
2010-07-13 16:31:52 ----D---- C:\Documents and Settings\User\Data aplikací\Skype
2010-07-13 16:01:56 ----D---- C:\Documents and Settings\User\Data aplikací\skypePM
2010-07-13 15:41:54 ----D---- C:\WINDOWS\Temp
2010-07-13 15:32:41 ----D---- C:\WINDOWS\system32
2010-07-13 15:32:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-13 15:30:31 ----D---- C:\WINDOWS
2010-07-13 15:30:31 ----A---- C:\WINDOWS\system.ini
2010-07-13 15:29:03 ----D---- C:\WINDOWS\system32\drivers
2010-07-13 15:29:03 ----D---- C:\WINDOWS\AppPatch
2010-07-13 15:29:00 ----D---- C:\Program Files\Common Files
2010-07-13 15:25:37 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-13 15:25:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-13 15:25:09 ----D---- C:\WINDOWS\Prefetch
2010-07-11 19:32:45 ----SHD---- C:\System Volume Information
2010-07-11 19:32:45 ----D---- C:\WINDOWS\system32\Restore
2010-07-11 19:32:40 ----D---- C:\WINDOWS\ERDNT
2010-07-11 16:12:22 ----D---- C:\WINDOWS\Debug
2010-07-10 17:57:09 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2010-07-09 15:41:21 ----RD---- C:\Program Files
2010-07-09 10:52:39 ----D---- C:\Program Files\Mozilla Thunderbird
2010-07-04 13:51:34 ----D---- C:\Documents and Settings\User\Data aplikací\dvdcss
2010-07-03 09:12:56 ----D---- C:\Program Files\Mozilla Firefox
2010-07-01 21:58:03 ----SHD---- C:\WINDOWS\Installer
2010-07-01 20:10:39 ----D---- C:\Program Files\Opera
2010-06-30 20:10:42 ----A---- C:\WINDOWS\wincmd.ini
2010-06-28 06:15:15 ----HD---- C:\WINDOWS\inf

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-08-14 21275]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2005-02-23 11264]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-04 3488768]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
R3 catchme;catchme; \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys []
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-15 612416]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WISTechVIDCAP;Dazzle DVC170; C:\WINDOWS\system32\drivers\wisgostrm.sys [2006-03-08 198400]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 mbr;mbr; \??\C:\DOCUME~1\User\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-05-04 380928]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-04 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-12-24 570880]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-03 593920]
S2 gupdate1ca84937e15efca;Služba Google Update (gupdate1ca84937e15efca); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-24 133104]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-27 654848]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

#10 Příspěvek od **cernohous13** » 14 črc 2010 05:36

Můžeš sem dát poslední C:\ComboFix.txt ?

Klikni na https://www.virustotal.com/cs/
klik "Procházet" > do zadávacího pole zkopíruj:

C:\WINDOWS\system32\userinit.exe

"Odeslat soubor" (pokud byl již testován, nech testovat znovu)
Trpělivě vyčkej dokončení scanu dokud se neobjeví konečný výsledek např.0/39
Do fóra zkopíruj výsledný log. nebo link na stránku.

http://www.gmer.net/gmer.zip

Stáhni a rozbal přímo na C: a spusť
po ukonční scanu se zobrazí výsledek > "Save" > uloží log který zkopíruj do svého příspěvku.

Při zaškrtnutých všech položkách v pravém sloupci klik na "Scan"
po dokončení scanu opět "Save" > uloží se log který rovněž zkopíruj na fórum.

http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 - kompletní návod

Budovi · #11 Příspěvek od **Budovi** » 14 črc 2010 12:31

k ploche a listam sa neda dostat takto?

1. Ctrl+Alt+Del -- otvori spravcu uloh
2. karta procesy, ak tam najdete explorer exe kliknete pravym - ukoncit proces
3, karta ulohy - nova uloha, napisete len explorer.exe

Problem neriesi ale mozno pomoze (namiesto 10 minut combofixu)

#12 Příspěvek od **Caroprd111** » 14 črc 2010 18:19

Dobrý den,
zaskočím za kolegu.

Ano, je to možné.

draace · #13 Příspěvek od **draace** » 14 črc 2010 18:54

ComboFix 10-07-10.02 - User 14.07.2010 15:44:44.10.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1597 [GMT 2:00]
Spuštěný z: c:\documents and settings\User\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100714-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-14 do 2010-07-14 )))))))))))))))))))))))))))))))
.

2010-07-14 03:57 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-14 03:35 . 2010-07-14 03:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-10 16:10 . 2008-04-14 06:52 1034240 ----a-w- c:\windows\system32\userinit.exe
2010-07-09 13:41 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-09 13:41 . 2010-07-09 13:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-09 13:41 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-30 04:35 . 2010-06-30 04:35 2256 ----a-w- c:\windows\current_settings.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 13:28 . 2004-08-18 12:00 47206 ----a-w- c:\windows\system32\perfc005.dat
2010-07-14 13:28 . 2004-08-18 12:00 312970 ----a-w- c:\windows\system32\perfh005.dat
2010-07-13 16:07 . 2009-09-30 14:43 -------- d-----w- c:\program files\rajce
2010-07-13 15:12 . 2010-01-06 20:24 -------- d-----w- c:\program files\trend micro
2010-07-09 08:52 . 2009-08-14 18:33 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-07-01 18:10 . 2009-09-30 05:33 -------- d-----w- c:\program files\Opera
2010-06-14 14:31 . 2009-08-14 11:21 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-05 05:16 . 2009-12-09 19:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-06 10:35 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-11_17.37.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-14 13:24 . 2010-07-14 13:24 16384 c:\windows\Temp\Perflib_Perfdata_6f4.dat
+ 2010-07-14 13:24 . 2010-07-14 13:24 16384 c:\windows\Temp\Perflib_Perfdata_638.dat
- 2010-07-11 17:26 . 2010-07-11 17:26 16384 c:\windows\Temp\Perflib_Perfdata_638.dat
+ 2004-08-18 12:00 . 2010-07-14 13:28 40836 c:\windows\system32\perfc009.dat
- 2004-08-18 12:00 . 2010-07-11 17:30 40836 c:\windows\system32\perfc009.dat
- 2009-08-15 19:06 . 2010-07-01 19:58 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-08-15 19:06 . 2010-07-14 04:26 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-08-15 19:06 . 2010-07-01 19:58 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-08-15 19:06 . 2010-07-14 04:26 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-08-15 19:06 . 2010-07-14 04:26 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-08-15 19:06 . 2010-07-01 19:58 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-08-15 19:06 . 2010-07-14 04:26 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-08-15 19:06 . 2010-07-01 19:58 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-08-15 19:06 . 2010-07-01 19:58 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-08-15 19:06 . 2010-07-14 04:26 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-08-15 19:06 . 2010-07-01 19:58 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-08-15 19:06 . 2010-07-14 04:26 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-08-15 19:06 . 2010-07-14 04:26 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-08-15 19:06 . 2010-07-01 19:58 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2004-08-18 12:00 . 2010-07-14 13:28 314508 c:\windows\system32\perfh009.dat
- 2004-08-18 12:00 . 2010-07-11 17:30 314508 c:\windows\system32\perfh009.dat
+ 2009-08-15 19:06 . 2010-07-14 04:26 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-08-15 19:06 . 2010-07-01 19:58 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-08-15 19:06 . 2010-07-01 19:58 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-08-15 19:06 . 2010-07-14 04:26 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-08-15 19:06 . 2010-07-14 04:26 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-08-15 19:06 . 2010-07-01 19:58 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-08-15 19:06 . 2010-07-14 04:26 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-08-15 19:06 . 2010-07-01 19:58 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-08-15 19:06 . 2010-07-01 19:58 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-08-15 19:06 . 2010-07-14 04:26 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-08-15 19:06 . 2010-07-14 04:26 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-08-15 19:06 . 2010-07-01 19:58 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-04-19 13:01 . 2007-04-19 13:01 238424 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
+ 2007-01-16 19:32 . 2007-01-16 19:32 136032 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSAEXP30.DLL
+ 2007-04-19 12:54 . 2007-04-19 12:54 169312 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\ACCWIZ.DLL
+ 2010-05-25 09:45 . 2010-05-25 09:45 8445440 c:\windows\Installer\338b2a9.msp
+ 2010-06-11 15:55 . 2010-06-11 15:55 1827328 c:\windows\Installer\338b290.msp
+ 2010-06-30 20:52 . 2010-06-30 20:52 5522944 c:\windows\Installer\338b275.msp
+ 2007-05-10 12:43 . 2007-05-10 12:43 6688096 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSACCESS.EXE
+ 2009-08-16 19:30 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
+ 2010-06-11 15:52 . 2010-06-11 15:52 45542912 c:\windows\Installer\338b291.msp
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-03-02 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-23 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-8-14 614400]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14.8.2009 14:02 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.8.2009 14:02 20560]
S2 gupdate1ca84937e15efca;Služba Google Update (gupdate1ca84937e15efca);c:\program files\Google\Update\GoogleUpdate.exe [24.12.2009 14:20 133104]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 12:20]

2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 12:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://jizdarna-zlutice.ic.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Data aplikací\Mozilla\Firefox\Profiles\ezq7z3ur.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-07-14 15:50:07
ComboFix-quarantined-files.txt 2010-07-14 13:50
ComboFix2.txt 2010-07-13 13:31
ComboFix3.txt 2010-07-12 13:40
ComboFix4.txt 2010-07-12 03:46
ComboFix5.txt 2010-07-14 13:44

Před spuštěním: Volných bajtů: 22 961 623 040
Po spuštění: Volných bajtů: 22 953 054 208

- - End Of File - - A270B22A9FA7B9413A208BA22F05A26F

***
VIRUS TOTAL

Soubor již byl testován:MD5: 27afd587c462e280ee046b8cca3c2cd1
Poprvé zaslán: 2009.02.13 15:57:33 UTC
Datum: 2010.07.10 10:43:50 UTC [>4D]
Výsledky: 0/40
Stálý odkaz: analisis/096ce5536bfb81c3982c464485e536e727edc7c31c8e67cef06644845f20126d-1278758630

***

GMER

Je mi líto, ale dvakrát mi po spuštění zamrznul počítač, a i po vyklikání všeho, co ve správci ukončit šlo, řval jako kráva dál a pak už nefungovalo ani ctrl+alt+del.

Třetí pokus jsem nehodlala riskovat: varianta ctrl+alt+del po startu, s následným ukončením explorer.exe nejde (explorer.exe v nabídce vůbec není) a pokud jej zadám jako „nová úloha“, objeví se opět jen nabídka „dokumenty“ (tedy to, co je místo plochy).

Potřetí čekat, než skončí combofix, abych měla plochu, mě odstrašilo předem. Poprvé to chcíplo natvrdo, podruhé (po vypnutí úplně všeho v pc, běžel snad jen antivirák a prohlížeč) to sice nabídlo uložení logu, ale po kliknutí na rozbalení dokumentů to chcíplo znovu, za mohutného řevu počítače:-(

Děkuji za svatou trpělivost.

#14 Příspěvek od **Caroprd111** » 14 črc 2010 19:10

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

draace · #15 Příspěvek od **draace** » 14 črc 2010 19:33

OTL txt

OTL logfile created on: 14.7.2010 20:25:13 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\User\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 21,36 Gb Free Space | 54,68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 35,46 Gb Total Space | 1,67 Gb Free Space | 4,71% Space Free | Partition Type: NTFS
Drive F: | 596,17 Gb Total Space | 271,13 Gb Free Space | 45,48% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1,92 Gb Total Space | 1,90 Gb Free Space | 99,14% Space Free | Partition Type: FAT32
Drive J: | 1002,73 Mb Total Space | 983,16 Mb Free Space | 98,05% Space Free | Partition Type: FAT

Computer Name: DRAACE
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.07.14 20:22:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Plocha\OTL.exe
PRC - [2010.06.30 14:52:22 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010.02.18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009.12.24 14:30:08 | 000,570,880 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009.11.25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.05.16 11:22:58 | 000,614,400 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\Common\RaUI.exe
PRC - [2004.03.02 11:49:18 | 000,086,016 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
PRC - [2003.07.30 09:08:58 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (SafeList) ==========

MOD - [2010.07.14 20:22:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Plocha\OTL.exe
MOD - [2008.04.14 08:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2009.12.27 19:33:49 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.12.24 14:30:08 | 000,570,880 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009.11.25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.11.25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.02.04 09:27:21 | 003,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.04.14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
DRV - [2006.05.10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006.05.04 19:02:58 | 000,380,928 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2006.03.08 12:58:32 | 000,198,400 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wisgostrm.sys -- (WISTechVIDCAP)
DRV - [2005.06.02 19:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005.02.23 18:40:26 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2005.02.09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-842925246-2049760794-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://jizdarna-zlutice.ic.cz/
IE - HKU\S-1-5-21-842925246-2049760794-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-842925246-2049760794-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.seznam.cz"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.6
FF - prefs.js..extensions.enabledItems: {21cfaec0-dbb3-11dc-95ff-0800200c9a66}:1.1.2.4
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789
FF - prefs.js..extensions.enabledItems: {44f38b3f-a2a5-4d80-851d-3a13edf89b4e}:3.0
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.69

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.03 09:12:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.03 09:12:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.12 10:33:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009.10.18 17:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Mozilla\Extensions
[2010.07.11 20:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\ezq7z3ur.default\extensions
[2010.06.29 20:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\ezq7z3ur.default\extensions\xmlfiller@software602.cz
[2009.10.18 16:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\p0dqa917.default\extensions
[2009.10.18 16:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\p0dqa917.default\extensions\{21cfaec0-dbb3-11dc-95ff-0800200c9a66}
[2009.10.18 16:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\p0dqa917.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2009.10.18 16:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\p0dqa917.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.07.11 20:01:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.02.11 09:06:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\xmlfiller@software602.cz
[2009.12.17 16:39:34 | 000,090,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npfiller.dll
[2010.03.28 11:34:54 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.28 11:34:54 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.28 11:34:54 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.28 11:34:54 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.28 11:34:54 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.01.13 09:21:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-2049760794-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-2049760794-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-842925246-2049760794-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-842925246-2049760794-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.23 19:07:09 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.PIM1 - pclepim1.dll File not found
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2010.07.14 20:22:05 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Plocha\OTL.exe
[2010.07.14 19:35:44 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.07.14 05:57:57 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.07.11 19:32:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.07.11 19:32:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.07.11 19:32:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.07.11 19:32:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.07.11 19:32:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.07.11 19:24:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Plocha\TFC.exe
[2010.07.11 16:12:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2010.07.09 15:41:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Data aplikací\Malwarebytes
[2010.07.09 15:41:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.09 15:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.07.09 15:41:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.09 15:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.06.20 19:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Plocha\VIDEO_TS

========== Files - Modified Within 30 Days ==========

[2010.07.14 20:22:35 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\User\Plocha\ComboFix 10.doc
[2010.07.14 20:22:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Plocha\OTL.exe
[2010.07.14 20:20:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.14 19:43:09 | 000,723,278 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.14 19:43:09 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.07.14 19:43:09 | 000,312,970 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.07.14 19:43:09 | 000,047,206 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.07.14 19:43:09 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.07.14 19:41:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.14 19:40:59 | 000,000,277 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.14 19:33:43 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.14 19:33:24 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.14 19:32:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.14 19:08:44 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\User\Plocha\gmer.zip
[2010.07.14 19:07:59 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\User\Plocha\~$mboFix 10.doc
[2010.07.14 18:32:37 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.07.14 17:35:57 | 000,861,879 | ---- | M] () -- C:\Documents and Settings\User\Plocha\P1300932-1.JPG
[2010.07.14 16:46:39 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\User\Plocha\Microsoft Office Word.lnk
[2010.07.14 16:37:04 | 003,389,583 | ---- | M] () -- C:\Documents and Settings\User\Plocha\P1300941.JPG
[2010.07.14 16:35:00 | 001,440,287 | ---- | M] () -- C:\Documents and Settings\User\Plocha\P1300934.JPG
[2010.07.14 16:34:42 | 001,673,447 | ---- | M] () -- C:\Documents and Settings\User\Plocha\P1300932.JPG
[2010.07.14 16:34:36 | 004,615,768 | ---- | M] () -- C:\Documents and Settings\User\Plocha\P1300931.JPG
[2010.07.14 06:23:07 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\User\ntuser.dat
[2010.07.14 06:23:07 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010.07.14 05:35:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.13 18:47:59 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\User\Plocha\Kasa Amon 2010.xls
[2010.07.11 19:31:55 | 003,738,436 | R--- | M] () -- C:\Documents and Settings\User\Plocha\ComboFix.exe
[2010.07.11 19:28:00 | 000,200,396 | ---- | M] () -- C:\Documents and Settings\User\Plocha\T-Cleaner.exe
[2010.07.11 19:24:49 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Plocha\TFC.exe
[2010.07.11 18:44:08 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\User\Plocha\RSIT.exe
[2010.07.11 12:13:07 | 000,129,536 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.10 13:43:14 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\PCLECHAL.INI
[2010.07.09 15:41:25 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.07.06 21:36:27 | 000,044,259 | ---- | M] () -- C:\Documents and Settings\User\Plocha\DSC_0196 Scansor.JPG
[2010.07.05 07:57:20 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\User\Plocha\821K1_Depoltovice_skok_KM 21.-22.8..lnk
[2010.07.01 20:10:40 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Opera.lnk
[2010.06.30 20:10:42 | 000,003,333 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.06.30 06:35:35 | 000,002,256 | ---- | M] () -- C:\WINDOWS\current_settings.bin
[2010.06.24 19:40:36 | 004,106,493 | ---- | M] () -- C:\Documents and Settings\User\Plocha\maduar - do it.mp3
[2010.06.22 21:28:03 | 003,895,416 | ---- | M] () -- C:\Documents and Settings\User\Plocha\JS Plzen.pdf

========== Files Created - No Company Name ==========

[2010.07.14 19:08:54 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\User\Plocha\gmer.exe
[2010.07.14 19:08:44 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\User\Plocha\gmer.zip
[2010.07.14 19:07:59 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\User\Plocha\~$mboFix 10.doc
[2010.07.14 17:35:56 | 000,861,879 | ---- | C] () -- C:\Documents and Settings\User\Plocha\P1300932-1.JPG
[2010.07.14 17:11:05 | 004,615,768 | ---- | C] () -- C:\Documents and Settings\User\Plocha\P1300931.JPG
[2010.07.14 17:08:48 | 003,389,583 | ---- | C] () -- C:\Documents and Settings\User\Plocha\P1300941.JPG
[2010.07.14 17:08:19 | 001,440,287 | ---- | C] () -- C:\Documents and Settings\User\Plocha\P1300934.JPG
[2010.07.14 17:08:01 | 001,673,447 | ---- | C] () -- C:\Documents and Settings\User\Plocha\P1300932.JPG
[2010.07.14 16:46:53 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\User\Plocha\ComboFix 10.doc
[2010.07.14 05:35:42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.13 18:19:28 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\User\Plocha\Kasa Amon 2010.xls
[2010.07.11 19:32:47 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.07.11 19:32:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.07.11 19:32:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.07.11 19:32:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.07.11 19:32:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.07.11 19:31:44 | 003,738,436 | R--- | C] () -- C:\Documents and Settings\User\Plocha\ComboFix.exe
[2010.07.11 19:28:00 | 000,200,396 | ---- | C] () -- C:\Documents and Settings\User\Plocha\T-Cleaner.exe
[2010.07.11 18:44:07 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\User\Plocha\RSIT.exe
[2010.07.09 15:41:25 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.07.06 21:36:23 | 000,044,259 | ---- | C] () -- C:\Documents and Settings\User\Plocha\DSC_0196 Scansor.JPG
[2010.07.05 07:57:20 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\User\Plocha\821K1_Depoltovice_skok_KM 21.-22.8..lnk
[2010.06.30 06:35:35 | 000,002,256 | ---- | C] () -- C:\WINDOWS\current_settings.bin
[2010.06.22 21:27:49 | 003,895,416 | ---- | C] () -- C:\Documents and Settings\User\Plocha\JS Plzen.pdf
[2010.06.22 18:36:17 | 004,106,493 | ---- | C] () -- C:\Documents and Settings\User\Plocha\maduar - do it.mp3
[2010.04.12 12:08:41 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2009.12.24 14:30:07 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009.11.23 19:09:41 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2009.11.23 19:07:09 | 000,001,208 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2009.11.23 19:07:05 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2009.11.23 19:07:05 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2009.11.23 19:07:05 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2009.11.23 19:07:05 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2009.11.23 19:07:05 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2009.10.05 19:44:49 | 000,005,150 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.08.15 21:06:27 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.08.14 20:59:45 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.08.14 20:59:45 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.08.14 20:59:43 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.08.14 20:59:43 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.08.14 20:59:43 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.08.14 20:59:41 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.08.14 20:59:41 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.08.14 20:14:31 | 000,295,028 | ---- | C] () -- C:\WINDOWS\System32\Install6x.dll
[2009.08.14 14:09:07 | 000,003,333 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.08.14 13:51:14 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2005.07.29 20:38:24 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009.08.14 20:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ashampoo
[2009.10.05 19:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\FreeRIP
[2010.04.12 12:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2010.04.12 12:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio
[2009.11.23 20:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SmartSound Software Inc
[2009.12.24 14:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2009.12.23 15:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Ashampoo
[2009.09.30 08:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\ICQ
[2009.08.16 23:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\MxBoost
[2009.09.30 07:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Opera
[2009.12.24 14:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Spyware Terminator
[2009.08.14 20:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Thunderbird
[2009.08.14 16:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Zoner

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Skype" = "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized -- [2010.05.13 16:12:40 | 026,192,168 | R--- | M] (Skype Technologies S.A.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >
[2009.10.18 16:50:03 | 009,089,880 | ---- | M] (Opera Software ASA ) -- C:\Opera_1000_int_Setup.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.02.04 23:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Adobe
[2009.12.23 15:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Ashampoo
[2010.07.04 13:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\dvdcss
[2009.09.30 08:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\ICQ
[2009.08.14 13:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Identities
[2010.05.06 21:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\InstallShield
[2009.08.14 20:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Macromedia
[2010.07.09 15:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Malwarebytes
[2009.08.15 00:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Media Player Classic
[2010.01.25 22:30:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\User\Data aplikací\Microsoft
[2009.10.18 17:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Mozilla
[2009.08.16 23:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\MxBoost
[2009.09.30 07:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Opera
[2009.10.12 18:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Real
[2010.07.14 20:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Skype
[2010.07.14 19:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\skypePM
[2009.12.24 14:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Spyware Terminator
[2009.10.23 18:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Sun
[2009.08.14 20:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Thunderbird
[2009.09.30 08:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\vlc
[2009.10.05 12:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\WinRAR
[2009.08.14 16:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Zoner

< %APPDATA%\*.exe /s >
[2009.11.23 19:05:26 | 000,029,926 | R--- | M] () -- C:\Documents and Settings\User\Data aplikací\Microsoft\Installer\{EEECE229-49F6-4851-A73A-99B058221F8C}\ARPPRODUCTICON.exe

< MD5 for: AGP440.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.18 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.18 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.18 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 00:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.18 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.24 11:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2004.08.18 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.18 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.18 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.18 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.18 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.18 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.18 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004.08.18 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.18 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.18 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.08.14 14:57:29 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.08.14 14:57:29 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.08.14 14:57:29 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.07.14 05:35:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\system32\d3d9caps.dat
[2010.07.14 19:43:09 | 000,047,206 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2010.07.14 19:43:09 | 000,040,836 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010.07.14 19:43:09 | 000,312,970 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2010.07.14 19:43:09 | 000,314,508 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010.07.14 19:43:09 | 000,723,278 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010.07.14 19:33:43 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
< End of report >

VIRY.CZ

trojský kůň

trojský kůň

Re: trojský kůň

Re: trojský kůň

Re: trojský kůň

Re: trojský kůň

Re: trojský kůň

Re: trojský kůň

Re: trojský kůň

Re: trojský kůň

Re: trojský kůň

Re: trojský kůň

Re: trojský kůň

Re: trojský kůň

Re: trojský kůň

Re: trojský kůň