spoolvcs.exe<<---- Pomoc :/

[Sphynx]

Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\documents and settings\Karel\Nabídka Start\Programy\Po spuštění\spoolsvcs.exe

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

A jéjé .. jako pardon ale no takhle Otevru txt. a co do nej skopiruju sem nepochopil....?

Jo takhle ... ale jeste nechápu co stím mám udělat... Vzít to a dat do txt. dokumentu ? nebo co?

a jak to budu davat do toho .exe tak mam dat zas nouzovy rezim nebo uz ne?

[Rudy]

Collect::
c:\documents and settings\Karel\Nabídka Start\Programy\Po spuštění\spoolsvcs.exe

zkopírujete do otevřeného poznámkového bloku. Uložíte ne plochu jako CFScript.txt. Pak jej podle toho animovaného gifu myší přetáhnete nad ikonu CF a pustíte. Pak už bude CF pracovat.

[Sphynx]

Collect::
c:\documents and settings\Karel\Nabídka Start\Programy\Po spuštění\spoolsvcs.exe

zkopírujete do otevřeného poznámkového bloku. Uložíte ne plochu jako CFScript.txt. Pak jej podle toho animovaného gifu myší přetáhnete nad ikonu CF a pustíte. Pak už bude CF pracovat.

Pretáhl sem to na to spustil jsem to a udelalo mi varováni mám kliknout na OK?




Varování : ComboFix zjistil ze nasledujici bezpečnostní programy maji zapnute r. stity:
Antivirus : Mi... (MSE)

Antivirove a jine ochranne programy casto zasahuji do cinosti ComboFixu . To muze vest k nepredvidatelnym vysledkum a moznemu poskozeni Pocitace. Prosim ukoncete tyto programy pred kliknutim na OK .

[Rudy]

Vše odsouhlaste, neinstalujte konzolu pro zotavení.

[Sphynx]

Vše odsouhlaste, neinstalujte konzolu pro zotavení.

Udělal sem to ale pak mi nacetlo neco ze je chybny nazev nebo co a vyplo mi to...


Pardon chyba se vloudila

[Rudy]

Zkuste to v nouz. režimu.

[Sphynx]

Zkuste to v nouz. režimu.

Nene dobré dal sem omilem CFSscript.txt misto CFScript.txt asi mám poslat ten log co?





ComboFix 10-08-06.01 - Karel 07.08.2010 20:20:01.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.685 [GMT 2:00]
Spuštěný z: c:\documents and settings\Karel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Karel\Plocha\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-07 do 2010-08-07 )))))))))))))))))))))))))))))))
.

2010-08-06 20:00 . 2010-08-06 20:01 -------- d-----w- c:\program files\trend micro
2010-08-06 20:00 . 2010-08-06 20:01 -------- d-----w- C:\rsit
2010-08-05 12:58 . 2010-08-05 13:03 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-08-05 11:43 . 2010-08-05 11:46 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-05 11:43 . 1998-10-02 17:00 327168 ----a-w- c:\windows\IsUninst.exe
2010-08-05 11:24 . 2010-08-05 11:24 -------- d-----w- c:\documents and settings\Karel\.thumbnails
2010-08-05 11:23 . 2010-08-05 11:29 -------- d-----w- c:\documents and settings\Karel\.gimp-2.6
2010-08-05 11:23 . 2010-08-05 11:23 -------- d-----w- c:\program files\GIMP-2.0
2010-08-05 07:18 . 2010-08-05 07:18 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-05 06:57 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-08-05 06:57 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-08-04 20:15 . 2010-08-06 16:05 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-04 20:15 . 2010-08-06 16:05 214816 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-04 20:15 . 2010-08-04 20:15 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-04 19:30 . 2010-08-05 10:46 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2010-08-04 15:14 . 2008-04-13 22:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-08-04 14:04 . 2010-08-04 14:04 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-04 14:03 . 2010-08-04 14:03 -------- d-----w- c:\program files\Common Files\Skype
2010-08-04 14:03 . 2010-08-04 14:03 -------- d-----r- c:\program files\Skype
2010-08-04 14:02 . 2010-08-04 14:02 0 ----a-w- c:\windows\nsreg.dat
2010-08-04 14:00 . 2008-04-14 06:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-08-04 14:00 . 2008-04-14 06:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-08-04 14:00 . 2001-10-24 09:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-08-04 14:00 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-08-04 13:59 . 2008-04-13 22:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-08-04 13:59 . 2008-04-13 22:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-08-04 13:07 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-08-04 13:07 . 2008-04-14 07:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-08-04 13:06 . 2008-04-14 08:52 75264 ----a-w- c:\windows\system32\usbui.dll
2010-08-04 13:04 . 2010-08-04 11:20 -------- d-----w- C:\Documents and Settings
2010-08-04 13:04 . 2010-08-04 11:14 -------- d--h--w- c:\documents and settings\Default User
2010-08-04 13:04 . 2010-08-04 11:13 -------- d-----w- c:\documents and settings\All Users

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 09:12 . 2006-03-02 12:00 389664 ----a-w- c:\windows\system32\perfh005.dat
2010-08-07 09:12 . 2006-03-02 12:00 68736 ----a-w- c:\windows\system32\perfc005.dat
2010-08-04 14:15 . 2010-08-04 12:25 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-04 12:14 . 2010-08-04 12:14 -------- d-----w- c:\program files\AMD
2010-08-04 12:14 . 2010-08-04 11:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-04 12:11 . 2010-08-04 12:11 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-04 11:54 . 2010-08-04 11:54 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-04 11:51 . 2010-08-04 11:51 -------- d-----w- c:\program files\VIA
2010-08-04 11:51 . 2010-08-04 11:40 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-04 11:51 . 2007-12-07 09:13 16896 ----a-w- c:\windows\system32\drivers\ViBus.sys
2010-08-04 11:51 . 2007-12-07 09:10 52736 ----a-w- c:\windows\system32\drivers\ViPrt.sys
2010-08-04 11:51 . 2007-09-21 14:28 18432 ----a-w- c:\windows\system32\vIdeInst.dll
2010-08-04 11:51 . 2010-08-04 11:51 331184 ------w- c:\windows\system32\difxapi.dll
2010-08-04 11:51 . 2007-09-21 15:49 9216 ----a-w- c:\windows\system32\drivers\videX32.sys
2010-08-04 11:46 . 2010-08-04 11:45 -------- d-----w- c:\program files\ATI Technologies
2010-08-04 11:36 . 2010-08-04 11:13 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-04 11:36 . 2010-08-04 11:13 2378 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-08-04 11:35 . 2010-08-04 11:14 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-08-04 11:14 . 2010-08-04 11:14 -------- d-----w- c:\program files\microsoft frontpage
2010-08-04 11:11 . 2010-08-04 11:11 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-01 17:37 . 2010-08-04 12:28 221568 ------w- c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RTHDCPL"="RTHDCPL.EXE" [2010-08-04 16050688]
"SkyTel"="SkyTel.EXE" [2010-08-04 2879488]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\Karel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
spoolsvcs.exe [2010-8-6 494402]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-5 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [7.12.2007 11:13 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [7.12.2007 11:10 52736]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [4.8.2010 13:40 34944]
.
Obsah adresáře 'Naplánované úlohy'

2010-08-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 19:40]
.
.
------- Doplňkový sken -------
.
FF - ProfilePath - c:\documents and settings\Karel\Data aplikací\Mozilla\Firefox\Profiles\psj58kei.default\
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - component: c:\documents and settings\Karel\Data aplikací\Mozilla\Firefox\Profiles\psj58kei.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Karel\Data aplikací\Mozilla\Firefox\Profiles\psj58kei.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-07 20:26
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1824)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-08-07 20:28:45
ComboFix-quarantined-files.txt 2010-08-07 18:28
ComboFix2.txt 2010-08-07 17:13

Před spuštěním: Volných bajtů: 307 484 676 096
Po spuštění: Volných bajtů: 306 161 344 512

- - End Of File - - 914B596BFDC7A7726E8FEC36BF4AE807

[Sphynx]

Prosím informace co dál...

[Rudy]

Položka nebyla smazána. Zkuste to znovu a zkontrolujte, zda skript má tento obsah:

Collect::
c:\documents and settings\Karel\Nabídka Start\Programy\Po spuštění\spoolsvcs.exe

[Sphynx]

Položka nebyla smazána. Zkuste to znovu a zkontrolujte, zda skript má tento obsah:

Collect::
c:\documents and settings\Karel\Nabídka Start\Programy\Po spuštění\spoolsvcs.exe

Dobrá skusím to pres nouz. režim ok?

[Sphynx]

ComboFix 10-08-06.01 - Karel 08.08.2010 10:44:33.3.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.725 [GMT 2:00]
Spuštěný z: c:\documents and settings\Karel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Karel\Plocha\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-08 do 2010-08-08 )))))))))))))))))))))))))))))))
.

2010-08-06 20:00 . 2010-08-06 20:01 -------- d-----w- c:\program files\trend micro
2010-08-06 20:00 . 2010-08-06 20:01 -------- d-----w- C:\rsit
2010-08-06 07:25 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-06 07:25 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-08-06 07:25 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-08-06 07:25 . 2008-06-14 17:35 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-08-06 07:24 . 2010-02-17 12:09 2192128 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-08-06 07:24 . 2010-02-16 19:08 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-08-06 07:24 . 2010-02-16 19:08 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-08-05 12:58 . 2010-08-05 13:03 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-08-05 11:43 . 2010-08-05 11:46 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-05 11:43 . 1998-10-02 17:00 327168 ----a-w- c:\windows\IsUninst.exe
2010-08-05 11:24 . 2010-08-05 11:24 -------- d-----w- c:\documents and settings\Karel\.thumbnails
2010-08-05 11:23 . 2010-08-05 11:29 -------- d-----w- c:\documents and settings\Karel\.gimp-2.6
2010-08-05 11:23 . 2010-08-05 11:23 -------- d-----w- c:\program files\GIMP-2.0
2010-08-05 07:18 . 2010-08-05 07:18 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-05 06:57 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-08-05 06:57 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-08-04 20:15 . 2010-08-06 16:05 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-04 20:15 . 2010-08-06 16:05 214816 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-04 20:15 . 2010-08-04 20:15 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-04 19:30 . 2010-08-05 10:46 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2010-08-04 15:14 . 2008-04-13 22:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-08-04 14:04 . 2010-08-04 14:04 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-04 14:03 . 2010-08-04 14:03 -------- d-----w- c:\program files\Common Files\Skype
2010-08-04 14:03 . 2010-08-04 14:03 -------- d-----r- c:\program files\Skype
2010-08-04 14:02 . 2010-08-04 14:02 0 ----a-w- c:\windows\nsreg.dat
2010-08-04 14:00 . 2008-04-14 06:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-08-04 14:00 . 2008-04-14 06:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-08-04 14:00 . 2001-10-24 09:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-08-04 14:00 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-08-04 13:59 . 2008-04-13 22:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-08-04 13:59 . 2008-04-13 22:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-08-04 13:07 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-08-04 13:07 . 2008-04-14 07:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-08-04 13:06 . 2008-04-14 08:52 75264 ----a-w- c:\windows\system32\usbui.dll
2010-08-04 13:04 . 2010-08-04 11:20 -------- d-----w- C:\Documents and Settings
2010-08-04 13:04 . 2010-08-04 11:14 -------- d--h--w- c:\documents and settings\Default User
2010-08-04 13:04 . 2010-08-04 11:13 -------- d-----w- c:\documents and settings\All Users

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 07:07 . 2006-03-02 12:00 68736 ----a-w- c:\windows\system32\perfc005.dat
2010-08-08 07:07 . 2006-03-02 12:00 389664 ----a-w- c:\windows\system32\perfh005.dat
2010-08-04 14:15 . 2010-08-04 12:25 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-04 12:14 . 2010-08-04 12:14 -------- d-----w- c:\program files\AMD
2010-08-04 12:14 . 2010-08-04 11:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-04 12:11 . 2010-08-04 12:11 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-04 11:54 . 2010-08-04 11:54 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-04 11:51 . 2010-08-04 11:51 -------- d-----w- c:\program files\VIA
2010-08-04 11:51 . 2010-08-04 11:40 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-04 11:51 . 2007-12-07 09:13 16896 ----a-w- c:\windows\system32\drivers\ViBus.sys
2010-08-04 11:51 . 2007-12-07 09:10 52736 ----a-w- c:\windows\system32\drivers\ViPrt.sys
2010-08-04 11:51 . 2007-09-21 14:28 18432 ----a-w- c:\windows\system32\vIdeInst.dll
2010-08-04 11:51 . 2010-08-04 11:51 331184 ------w- c:\windows\system32\difxapi.dll
2010-08-04 11:51 . 2007-09-21 15:49 9216 ----a-w- c:\windows\system32\drivers\videX32.sys
2010-08-04 11:46 . 2010-08-04 11:45 -------- d-----w- c:\program files\ATI Technologies
2010-08-04 11:36 . 2010-08-04 11:13 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-04 11:36 . 2010-08-04 11:13 2378 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-08-04 11:35 . 2010-08-04 11:14 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-08-04 11:14 . 2010-08-04 11:14 -------- d-----w- c:\program files\microsoft frontpage
2010-08-04 11:11 . 2010-08-04 11:11 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-14 14:31 . 2010-08-04 11:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-01 17:37 . 2010-08-04 12:28 221568 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-07_17.12.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 06:52 . 2008-05-09 10:56 90112 c:\windows\system32\wshext.dll
- 2008-04-14 06:52 . 2008-04-14 06:52 90112 c:\windows\system32\wshext.dll
+ 2008-04-14 06:52 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 06:52 . 2009-06-15 10:45 78336 c:\windows\system32\telnet.exe
+ 2006-03-02 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
+ 2008-04-14 06:51 . 2009-10-12 13:40 79872 c:\windows\system32\raschap.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 79872 c:\windows\system32\raschap.dll
- 2006-03-02 12:00 . 2010-08-07 09:12 58596 c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2010-08-08 07:07 58596 c:\windows\system32\perfc009.dat
+ 2010-08-04 11:10 . 2008-06-12 14:24 91648 c:\windows\system32\mtxoci.dll
- 2010-08-04 11:10 . 2008-04-14 06:51 91648 c:\windows\system32\mtxoci.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 66560 c:\windows\system32\mtxclu.dll
+ 2008-04-14 06:51 . 2008-06-12 14:24 66560 c:\windows\system32\mtxclu.dll
+ 2008-04-14 08:51 . 2009-11-27 17:14 17920 c:\windows\system32\msyuv.dll
+ 2006-03-02 12:00 . 2009-11-27 16:09 28672 c:\windows\system32\msvidc32.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 11264 c:\windows\system32\msrle32.dll
+ 2008-04-14 06:51 . 2009-11-27 16:09 11264 c:\windows\system32\msrle32.dll
- 2010-08-04 11:10 . 2008-04-14 06:51 58880 c:\windows\system32\msdtclog.dll
+ 2010-08-04 11:10 . 2008-06-12 14:24 58880 c:\windows\system32\msdtclog.dll
+ 2008-04-14 06:51 . 2008-06-24 16:44 74240 c:\windows\system32\mscms.dll
+ 2008-04-14 06:51 . 2009-09-04 21:05 58880 c:\windows\system32\msasn1.dll
+ 2008-04-14 08:51 . 2009-11-27 16:09 48128 c:\windows\system32\iyuv_32.dll
+ 2008-04-14 06:51 . 2009-10-15 16:32 81920 c:\windows\system32\fontsub.dll
+ 2010-08-04 13:04 . 2010-08-08 07:03 93480 c:\windows\system32\FNTCACHE.DAT
- 2010-08-04 13:04 . 2010-08-04 11:16 93480 c:\windows\system32\FNTCACHE.DAT
- 2008-04-14 06:52 . 2008-04-14 06:52 90112 c:\windows\system32\dllcache\wshext.dll
+ 2008-04-14 06:52 . 2008-05-09 10:56 90112 c:\windows\system32\dllcache\wshext.dll
+ 2008-04-14 06:52 . 2009-06-15 10:45 78336 c:\windows\system32\dllcache\telnet.exe
+ 2006-03-02 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2008-04-14 06:51 . 2009-10-12 13:40 79872 c:\windows\system32\dllcache\raschap.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 79872 c:\windows\system32\dllcache\raschap.dll
- 2010-08-04 11:10 . 2008-04-14 06:51 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2010-08-04 11:10 . 2008-06-12 14:24 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-04-14 06:51 . 2008-06-12 14:24 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2010-08-04 11:56 . 2009-11-27 17:14 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2006-03-02 12:00 . 2009-11-27 16:09 28672 c:\windows\system32\dllcache\msvidc32.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2008-04-14 06:51 . 2009-11-27 16:09 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2010-08-04 11:10 . 2008-06-12 14:24 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2010-08-04 11:10 . 2008-04-14 06:51 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2008-04-14 06:51 . 2008-06-24 16:44 74240 c:\windows\system32\dllcache\mscms.dll
+ 2008-04-14 06:51 . 2009-09-04 21:05 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2008-04-14 06:51 . 2009-10-15 16:32 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2008-04-14 06:51 . 2009-12-14 07:10 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2008-04-14 06:51 . 2010-01-13 14:02 86016 c:\windows\system32\dllcache\cabview.dll
+ 2008-04-14 06:51 . 2009-11-27 16:09 84992 c:\windows\system32\dllcache\avifil32.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2008-04-14 06:51 . 2009-07-17 19:04 58880 c:\windows\system32\dllcache\atl.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 58880 c:\windows\system32\dllcache\atl.dll
+ 2008-04-14 06:51 . 2010-03-05 14:42 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2008-04-14 06:51 . 2009-12-14 07:10 33280 c:\windows\system32\csrsrv.dll
+ 2008-04-14 06:51 . 2010-01-13 14:02 86016 c:\windows\system32\cabview.dll
+ 2008-04-14 06:51 . 2009-11-27 16:09 84992 c:\windows\system32\avifil32.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 84992 c:\windows\system32\avifil32.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 58880 c:\windows\system32\atl.dll
+ 2008-04-14 06:51 . 2009-07-17 19:04 58880 c:\windows\system32\atl.dll
+ 2008-04-14 06:51 . 2010-03-05 14:42 65536 c:\windows\system32\asycfilt.dll
+ 2010-08-04 11:56 . 2009-11-27 17:14 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2001-10-24 12:25 . 2009-11-27 16:09 8704 c:\windows\system32\tsbyuv.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
- 2008-04-14 06:52 . 2008-04-14 06:52 155648 c:\windows\system32\wscript.exe
+ 2008-04-14 06:52 . 2008-05-08 11:24 155648 c:\windows\system32\wscript.exe
+ 2008-04-14 06:52 . 2009-04-01 21:02 604160 c:\windows\system32\wmspdmod.dll
+ 2008-04-14 06:52 . 2009-07-13 21:43 286208 c:\windows\system32\wmpdxm.dll
+ 2008-04-14 06:52 . 2008-06-18 03:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2008-04-14 06:52 . 2007-10-25 07:28 222720 c:\windows\system32\wmasf.dll
+ 2008-04-14 06:52 . 2009-06-10 06:16 132096 c:\windows\system32\wkssvc.dll
- 2008-04-14 06:52 . 2008-04-14 06:52 132096 c:\windows\system32\wkssvc.dll
+ 2008-04-14 06:52 . 2009-12-24 07:04 177664 c:\windows\system32\wintrust.dll
+ 2010-08-04 11:10 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2010-08-04 11:10 . 2009-02-09 10:56 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2010-08-04 11:10 . 2009-02-09 10:56 473600 c:\windows\system32\wbem\fastprox.dll
+ 2008-04-14 06:52 . 2010-03-10 06:17 420352 c:\windows\system32\vbscript.dll
- 2008-04-14 06:52 . 2009-03-08 02:33 420352 c:\windows\system32\vbscript.dll
+ 2008-04-14 06:52 . 2009-10-15 16:32 119808 c:\windows\system32\t2embed.dll
+ 2008-04-14 06:52 . 2009-08-26 08:02 247326 c:\windows\system32\strmdll.dll
+ 2008-04-14 06:51 . 2009-12-08 09:25 474112 c:\windows\system32\shlwapi.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 474112 c:\windows\system32\shlwapi.dll
+ 2008-04-14 06:52 . 2009-02-09 11:25 111104 c:\windows\system32\services.exe
+ 2008-04-14 06:51 . 2008-05-09 10:56 172032 c:\windows\system32\scrrun.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 172032 c:\windows\system32\scrrun.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 180224 c:\windows\system32\scrobj.dll
+ 2008-04-14 06:51 . 2008-05-09 10:56 180224 c:\windows\system32\scrobj.dll
+ 2008-04-14 06:51 . 2009-02-09 10:56 401408 c:\windows\system32\rpcss.dll
+ 2008-04-14 06:51 . 2009-04-15 14:54 585216 c:\windows\system32\rpcrt4.dll
+ 2008-04-14 06:51 . 2009-10-12 13:40 150016 c:\windows\system32\rastls.dll
+ 2006-03-02 12:00 . 2010-08-08 07:07 392296 c:\windows\system32\perfh009.dat
- 2006-03-02 12:00 . 2010-08-07 09:12 392296 c:\windows\system32\perfh009.dat
- 2008-04-14 06:51 . 2008-04-14 06:51 284160 c:\windows\system32\pdh.dll
+ 2008-04-14 06:51 . 2009-03-06 14:23 284160 c:\windows\system32\pdh.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 271360 c:\windows\system32\oakley.dll
+ 2008-04-14 06:51 . 2009-10-13 10:34 271360 c:\windows\system32\oakley.dll
+ 2008-04-14 06:51 . 2009-02-09 10:56 709632 c:\windows\system32\ntdll.dll
+ 2008-04-14 06:51 . 2008-06-20 17:49 247296 c:\windows\system32\mswsock.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 247296 c:\windows\system32\mswsock.dll
+ 2008-04-14 06:51 . 2009-08-05 09:01 205312 c:\windows\system32\mswebdvd.dll
+ 2008-04-14 06:53 . 2006-12-04 14:21 414720 c:\windows\system32\msscp.dll
- 2010-08-04 11:10 . 2008-04-14 06:52 343552 c:\windows\system32\mspaint.exe
+ 2010-08-04 11:10 . 2009-12-17 07:42 343552 c:\windows\system32\mspaint.exe
- 2010-08-04 11:10 . 2008-04-14 06:51 161792 c:\windows\system32\msdtcuiu.dll
+ 2010-08-04 11:10 . 2008-06-12 14:24 161792 c:\windows\system32\msdtcuiu.dll
+ 2010-08-04 11:10 . 2008-06-12 14:24 956928 c:\windows\system32\msdtctm.dll
- 2010-08-04 11:10 . 2008-04-14 06:51 956928 c:\windows\system32\msdtctm.dll
+ 2010-08-04 11:10 . 2008-06-12 14:24 428032 c:\windows\system32\msdtcprx.dll
+ 2008-04-14 06:52 . 2008-06-17 23:09 100864 c:\windows\system32\logagent.exe
- 2008-04-14 06:52 . 2006-10-18 18:03 100864 c:\windows\system32\logagent.exe
+ 2008-04-14 06:51 . 2009-05-07 15:33 346624 c:\windows\system32\localspl.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 988160 c:\windows\system32\kernel32.dll
+ 2008-04-14 06:51 . 2009-03-21 14:09 988160 c:\windows\system32\kernel32.dll
+ 2008-04-14 06:51 . 2009-12-09 05:55 726528 c:\windows\system32\jscript.dll
- 2008-04-14 06:51 . 2009-06-22 06:48 726528 c:\windows\system32\jscript.dll
+ 2010-08-04 11:12 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
- 2010-08-04 11:12 . 2008-04-14 06:51 691712 c:\windows\system32\inetcomm.dll
+ 2008-04-14 06:51 . 2008-07-07 20:29 253952 c:\windows\system32\es.dll
+ 2008-04-13 22:30 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2008-04-13 22:50 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
+ 2008-04-13 22:45 . 2009-12-31 16:50 353792 c:\windows\system32\drivers\srv.sys
+ 2008-04-13 22:25 . 2008-05-08 14:02 203136 c:\windows\system32\drivers\rmcast.sys
+ 2008-04-13 22:47 . 2010-02-24 13:11 455680 c:\windows\system32\drivers\mrxsmb.sys
+ 2008-04-13 22:49 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys
+ 2008-04-14 06:51 . 2008-06-20 17:49 147968 c:\windows\system32\dnsapi.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 147968 c:\windows\system32\dnsapi.dll
+ 2008-04-14 06:52 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe
- 2008-04-14 06:52 . 2008-04-14 06:52 155648 c:\windows\system32\dllcache\wscript.exe
+ 2008-04-14 06:52 . 2009-04-01 21:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2008-04-14 06:52 . 2009-07-13 21:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2008-04-14 06:52 . 2008-06-18 03:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2010-08-04 11:10 . 2009-02-06 10:10 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2010-08-04 11:10 . 2009-02-09 10:56 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2008-04-14 06:52 . 2007-10-25 07:28 222720 c:\windows\system32\dllcache\wmasf.dll
- 2008-04-14 06:52 . 2008-04-14 06:52 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2008-04-14 06:52 . 2009-06-10 06:16 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2008-04-14 06:52 . 2009-12-24 07:04 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-04-14 06:52 . 2010-03-10 06:17 420352 c:\windows\system32\dllcache\vbscript.dll
- 2008-04-14 06:52 . 2009-03-08 02:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2008-04-14 06:52 . 2007-06-27 13:31 317952 c:\windows\system32\dllcache\unregmp2.exe
- 2010-08-04 11:11 . 2008-04-14 06:52 153088 c:\windows\system32\dllcache\triedit.dll
+ 2010-08-04 11:11 . 2009-06-21 21:48 153088 c:\windows\system32\dllcache\triedit.dll
+ 2008-04-13 22:30 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-04-13 22:50 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys
+ 2008-04-14 06:52 . 2009-10-15 16:32 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-04-14 06:52 . 2009-08-26 08:02 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2008-04-13 22:45 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
- 2008-04-14 06:51 . 2008-04-14 06:51 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2008-04-14 06:51 . 2009-12-08 09:25 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2008-04-14 06:52 . 2009-02-09 11:25 111104 c:\windows\system32\dllcache\services.exe
- 2008-04-14 06:51 . 2008-04-14 06:51 172032 c:\windows\system32\dllcache\scrrun.dll
+ 2008-04-14 06:51 . 2008-05-09 10:56 172032 c:\windows\system32\dllcache\scrrun.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 180224 c:\windows\system32\dllcache\scrobj.dll
+ 2008-04-14 06:51 . 2008-05-09 10:56 180224 c:\windows\system32\dllcache\scrobj.dll
+ 2008-04-14 06:51 . 2009-02-09 10:56 401408 c:\windows\system32\dllcache\rpcss.dll
+ 2008-04-14 06:51 . 2009-04-15 14:54 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2008-04-13 22:25 . 2008-05-08 14:02 203136 c:\windows\system32\dllcache\rmcast.sys
+ 2008-04-14 06:51 . 2009-10-12 13:40 150016 c:\windows\system32\dllcache\rastls.dll
+ 2008-04-14 06:51 . 2009-03-06 14:23 284160 c:\windows\system32\dllcache\pdh.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 284160 c:\windows\system32\dllcache\pdh.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 271360 c:\windows\system32\dllcache\oakley.dll
+ 2008-04-14 06:51 . 2009-10-13 10:34 271360 c:\windows\system32\dllcache\oakley.dll
+ 2008-04-14 06:51 . 2009-02-09 10:56 709632 c:\windows\system32\dllcache\ntdll.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 247296 c:\windows\system32\dllcache\mswsock.dll
+ 2008-04-14 06:51 . 2008-06-20 17:49 247296 c:\windows\system32\dllcache\mswsock.dll
+ 2008-04-14 06:51 . 2009-08-05 09:01 205312 c:\windows\system32\dllcache\mswebdvd.dll
+ 2008-04-14 06:53 . 2006-12-04 14:21 414720 c:\windows\system32\dllcache\msscp.dll
- 2010-08-04 11:10 . 2008-04-14 06:52 343552 c:\windows\system32\dllcache\mspaint.exe
+ 2010-08-04 11:10 . 2009-12-17 07:42 343552 c:\windows\system32\dllcache\mspaint.exe
+ 2010-08-04 11:10 . 2008-06-12 14:24 161792 c:\windows\system32\dllcache\msdtcuiu.dll
- 2010-08-04 11:10 . 2008-04-14 06:51 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2010-08-04 11:10 . 2008-06-12 14:24 956928 c:\windows\system32\dllcache\msdtctm.dll
- 2010-08-04 11:10 . 2008-04-14 06:51 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2010-08-04 11:10 . 2008-06-12 14:24 428032 c:\windows\system32\dllcache\msdtcprx.dll
- 2010-08-04 11:11 . 2008-04-14 06:51 331776 c:\windows\system32\dllcache\msadce.dll
+ 2010-08-04 11:11 . 2008-05-01 14:37 331776 c:\windows\system32\dllcache\msadce.dll
+ 2008-04-14 06:52 . 2008-06-17 23:09 100864 c:\windows\system32\dllcache\logagent.exe
- 2008-04-14 06:52 . 2006-10-18 18:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2008-04-14 06:51 . 2009-05-07 15:33 346624 c:\windows\system32\dllcache\localspl.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 988160 c:\windows\system32\dllcache\kernel32.dll
+ 2008-04-14 06:51 . 2009-03-21 14:09 988160 c:\windows\system32\dllcache\kernel32.dll
+ 2008-04-14 06:51 . 2009-12-09 05:55 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-04-14 06:51 . 2009-06-22 06:48 726528 c:\windows\system32\dllcache\jscript.dll
+ 2010-08-04 11:12 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
- 2010-08-04 11:12 . 2008-04-14 06:51 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-08-04 11:12 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe
- 2010-08-04 11:12 . 2008-04-14 06:52 744448 c:\windows\system32\dllcache\helpsvc.exe
+ 2010-08-04 11:10 . 2009-02-09 10:56 473600 c:\windows\system32\dllcache\fastprox.dll
+ 2008-04-14 06:51 . 2008-07-07 20:29 253952 c:\windows\system32\dllcache\es.dll
+ 2008-04-14 06:51 . 2008-06-20 17:49 147968 c:\windows\system32\dllcache\dnsapi.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 147968 c:\windows\system32\dllcache\dnsapi.dll
+ 2008-04-14 06:52 . 2008-05-07 09:07 135168 c:\windows\system32\dllcache\cscript.exe
+ 2008-04-14 06:37 . 2010-04-20 05:32 285696 c:\windows\system32\dllcache\atmfd.dll
- 2008-04-14 06:37 . 2008-04-14 06:37 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2008-04-13 22:49 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
+ 2008-04-14 06:51 . 2009-02-09 10:56 684032 c:\windows\system32\dllcache\advapi32.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 684032 c:\windows\system32\dllcache\advapi32.dll
+ 2008-04-14 06:51 . 2009-11-21 16:03 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2008-04-14 06:51 . 2010-02-12 04:35 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2008-04-14 06:52 . 2008-05-07 09:07 135168 c:\windows\system32\cscript.exe
- 2008-04-14 06:37 . 2008-04-14 06:37 285696 c:\windows\system32\atmfd.dll
+ 2008-04-14 06:37 . 2010-04-20 05:32 285696 c:\windows\system32\atmfd.dll
+ 2008-04-14 06:51 . 2009-02-09 10:56 684032 c:\windows\system32\advapi32.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 684032 c:\windows\system32\advapi32.dll
+ 2008-04-14 06:51 . 2010-02-12 04:35 100864 c:\windows\system32\6to4svc.dll
+ 2008-04-14 06:52 . 2007-06-27 13:31 317952 c:\windows\inf\unregmp2.exe
+ 2010-08-08 06:50 . 2009-03-08 02:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-08-08 06:50 . 2009-05-26 11:40 391032 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-08-08 06:50 . 2009-05-26 11:40 233848 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-08-08 06:55 . 2008-07-08 12:59 391032 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-08-08 06:55 . 2008-07-08 12:59 233848 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-08-08 06:55 . 2009-06-22 06:48 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-08-06 07:25 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-08-06 07:25 . 2008-06-14 17:35 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2008-04-14 06:51 . 2009-11-21 16:03 471552 c:\windows\AppPatch\aclayers.dll
+ 2010-08-06 07:25 . 2009-08-13 13:56 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2008-04-14 06:53 . 2010-04-06 02:52 2462720 c:\windows\system32\WMVCore.dll
+ 2008-04-14 05:45 . 2010-05-02 08:09 1851264 c:\windows\system32\win32k.sys
+ 2008-04-14 06:51 . 2010-07-27 06:30 8466432 c:\windows\system32\shell32.dll
+ 2008-04-14 06:51 . 2009-07-17 16:17 1437696 c:\windows\system32\query.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 1437696 c:\windows\system32\query.dll
+ 2008-04-14 06:06 . 2010-02-16 19:08 2148352 c:\windows\system32\ntoskrnl.exe
+ 2008-04-14 08:06 . 2010-02-16 19:08 2026496 c:\windows\system32\ntkrnlpa.exe
+ 2008-04-14 06:51 . 2009-07-31 08:05 1372672 c:\windows\system32\msxml6.dll
+ 2008-04-14 06:51 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2010-08-04 11:10 . 2009-06-10 07:21 2066432 c:\windows\system32\mstscax.dll
+ 2008-04-14 06:53 . 2010-04-06 02:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-04-14 05:45 . 2010-05-02 08:09 1851264 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-14 06:51 . 2010-07-27 06:30 8466432 c:\windows\system32\dllcache\shell32.dll
- 2008-04-14 06:51 . 2008-04-14 06:51 1437696 c:\windows\system32\dllcache\query.dll
+ 2008-04-14 06:51 . 2009-07-17 16:17 1437696 c:\windows\system32\dllcache\query.dll
+ 2009-02-10 17:09 . 2010-02-16 19:09 2068992 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-04-14 06:51 . 2009-07-31 08:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-04-14 06:51 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-06-10 07:21 . 2009-06-10 07:21 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2010-08-04 11:12 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
- 2010-08-04 11:12 . 2008-04-14 06:52 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-08-04 11:12 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-08-06 07:24 . 2010-02-17 12:09 2192128 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-08-06 07:24 . 2010-02-16 19:08 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-10 17:09 . 2010-02-16 19:09 2068992 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-08-06 07:24 . 2010-02-16 19:08 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-04-14 06:52 . 2009-07-13 21:43 10841088 c:\windows\system32\wmp.dll
+ 2008-04-14 06:52 . 2009-07-13 21:43 10841088 c:\windows\system32\dllcache\wmp.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RTHDCPL"="RTHDCPL.EXE" [2010-08-04 16050688]
"SkyTel"="SkyTel.EXE" [2010-08-04 2879488]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\Karel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
spoolsvcs.exe [2010-8-6 494402]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-5 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [7.12.2007 11:13 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [7.12.2007 11:10 52736]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [4.8.2010 13:40 34944]
.
Obsah adresáře 'Naplánované úlohy'

2010-08-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 19:40]
.
.
------- Doplňkový sken -------
.
FF - ProfilePath - c:\documents and settings\Karel\Data aplikací\Mozilla\Firefox\Profiles\psj58kei.default\
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - component: c:\documents and settings\Karel\Data aplikací\Mozilla\Firefox\Profiles\psj58kei.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Karel\Data aplikací\Mozilla\Firefox\Profiles\psj58kei.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-08 10:48
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(212)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-08-08 10:49:39
ComboFix-quarantined-files.txt 2010-08-08 08:49
ComboFix2.txt 2010-08-07 18:28
ComboFix3.txt 2010-08-07 17:13

Před spuštěním: Volných bajtů: 305 997 762 560
Po spuštění: Volných bajtů: 306 979 147 776

- - End Of File - - A33EC64BFF54EC475BB0526033EC6EF1

[Rudy]

Ach jo, někde děláte chybu. Zkuste to Avengerem: http://www.viry.cz/forum/viewtopic.php?f=15&t=19832 se skriptem:

Files to delete:
c:\documents and settings\Karel\Nabídka Start\Programy\Po spuštění\spoolsvcs.exe

[Sphynx]

Ach jo, někde děláte chybu. Zkuste to Avengerem: http://www.viry.cz/forum/viewtopic.php?f=15&t=19832 se skriptem:

Files to delete:
c:\documents and settings\Karel\Nabídka Start\Programy\Po spuštění\spoolsvcs.exe

Asi jsem fakt blbej ale podle mně to dělám dobře u Avenger-u piseto že je "Invalid Script" ten script spoolvcs.exe ziskam ze dam start vsechny programy po spusteni a tam spoolvcs a pretahnuto do toho .txt ?? jestli jo tak to delam dobre...

[Sphynx]

Ach jo, někde děláte chybu. Zkuste to Avengerem: http://www.viry.cz/forum/viewtopic.php?f=15&t=19832 se skriptem:

Files to delete:
c:\documents and settings\Karel\Nabídka Start\Programy\Po spuštění\spoolsvcs.exe

Presneji : Error
Error: Invalid Script. A valid script must begin with a command directive. Aborting execution!


Asi jsem fakt blbej ale podle mně to dělám dobře u Avenger-u piseto že je "Invalid Script" ten script spoolvcs.exe ziskam ze dam start vsechny programy po spusteni a tam spoolvcs a pretahnuto do toho .txt ?? jestli jo tak to delam dobre...

[Rudy]

Tak ještě Killbox: http://www.viry.cz/forum/viewtopic.php?f=15&t=43207 . Cestu k souboru zkopírujte do okénka, zaškrtněte "Delete on reboot" a klikněte na na bílý křížek v červeném kruhu.