Backdoor.Win32.Bifrose.cqqy Win32/Sality Packed.Vunt

Zpráva

#16 Příspěvek od **Caroprd111** » 15 zář 2010 14:36

Doporučuji odinstalovat P2P klienty.

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.

Obrázek

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WPRO_40_1340.sys -- (WPRO_40_1340) WinPcap Packet Driver (WPRO_40_1340)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- J:\Drivery\_MSI CD k MB oranzove\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
O4 - HKLM..\Run: [] File not found
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2009.01.02 00:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:84098FD3

Klikněte na Opravit, PC se restartuje, log vložte sem.

hp184 · #17 Příspěvek od **hp184** » 16 zář 2010 09:22

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3077515 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->FireFox cache emptied: 3696035 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1408874536 bytes

User: user
->Temp folder emptied: 570453725 bytes
->Temporary Internet Files folder emptied: 5390581 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 98065797 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 44494 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2148726 bytes
%systemroot%\System32 .tmp files removed: 738918 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 530470 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 77500056 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2 070,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

========== OTL ==========
Error: No service named WPRO_40_1340) WinPcap Packet Driver (WPRO_40_1340 was found to stop!
Service\Driver key WPRO_40_1340) WinPcap Packet Driver (WPRO_40_1340 not found.
File C:\WINDOWS\System32\drivers\WPRO_40_1340.sys not found.
Service sptd stopped successfully!
Service sptd deleted successfully!
File C:\WINDOWS\System32\Drivers\sptd.sys not found.
Service GMSIPCI stopped successfully!
Service GMSIPCI deleted successfully!
File J:\Drivery\_MSI CD k MB oranzove\INSTALL\GMSIPCI.SYS not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\All Users\Data aplikací\TEMP folder moved successfully.
Unable to delete ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:84098FD3 .

OTL by OldTimer - Version 3.2.12.0 log created on 09162010_101751

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

hp184 · #18 Příspěvek od **hp184** » 16 zář 2010 09:35

Ještě jedna věc: Musím se bohužel přiznat k mé chybě v průběhu naší komunikace.

Poslední vámi uložený krok jsem splnil správně, ALE v předcházejícím kroku, kdy jste psal toto:

Obrázek

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

Spusťte, poté do spodního políčka vložte následující skript.

.............

jsem sice udělal to, co jste chtěl, ovšem předtím jsem nevložil vámi poslaný log do okna, takže jsem vám tím pak zřejmě zpět poslal nesprávné informace. Tak nevím, co s tím, mám teď ještě něco zopakovat??

Samozřejmě se omlouvám

#19 Příspěvek od **Caroprd111** » 16 zář 2010 13:01

V pořádku, spusťte znovu OTL podle prvního návodu a vložte sem log OTL.txt.

#20 Příspěvek od **stell** » 16 zář 2010 14:18

Ale udělal jsem si screen obrazovky a z toho jsem pak vyčetl /ale až dole drobným písmem/, že Windows Security v Mozille Firefox nabízelo vymazání hlášených virů.....ale už bylo pozdě. P.S. nevím, jak se sem na fórum dají poslat scereeny, jinak bych to na ukázku poslal.

Prosim, vloz sem screenshoty, takto:
http://www.viry.cz/forum/viewtopic.php?f=15&t=14114

ak ak maz odkaz na tu stranku, tak mi vloz do sukromnej spravy.
dikes:

hp184 · #21 Příspěvek od **hp184** » 17 zář 2010 08:07

OTL logfile created on: 17.9.2010 8:52:40 - Run 2
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\user\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 162,45 Gb Free Space | 54,50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALZA-574BF022DC
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.09.15 07:54:03 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Plocha\OTL.exe
PRC - [2010.09.10 06:59:16 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.09.10 06:59:14 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.09.03 09:49:36 | 001,355,928 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.09.03 09:49:36 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.04.19 16:36:37 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.06.04 00:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2009.06.04 00:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008.05.03 20:48:20 | 000,606,720 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.08.17 12:32:04 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2006.03.30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005.11.04 18:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2005.06.06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

========== Modules (SafeList) ==========

MOD - [2010.09.15 07:54:03 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Plocha\OTL.exe
MOD - [2008.04.14 05:19:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006.08.17 12:32:04 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010.09.03 09:49:36 | 001,355,928 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.07.08 12:48:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.04.19 16:36:37 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.01.03 13:01:59 | 000,304,528 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\WINDOWS\System32\appdrvrem01.exe -- (appdrvrem01) Application Driver Auto Removal Service (01)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.05.03 20:48:20 | 000,606,720 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2006.05.10 11:59:04 | 000,353,912 | ---- | M] (Protection Technology (StarForce)) [Auto | Stopped] -- C:\WINDOWS\System32\sfrem01.exe -- (sfrem01) SF FrontLine Drivers Auto Removal (v1)
SRV - [2006.03.30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WPRO_40_1340.sys -- (WPRO_40_1340) WinPcap Packet Driver (WPRO_40_1340)
DRV - [2010.08.13 08:18:42 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010.07.12 10:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010.06.08 01:57:00 | 010,531,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010.03.01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.04 02:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009.06.04 02:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009.06.04 02:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009.06.04 02:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009.06.04 02:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009.06.04 02:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009.06.04 02:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009.06.04 02:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009.06.04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009.06.04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009.06.04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009.06.04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009.06.04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009.06.04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.01.03 13:01:59 | 002,911,848 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\appdrv01.sys -- (appdrv01) Application Driver (01)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008.04.13 20:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008.04.13 20:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008.04.13 18:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.02.24 21:48:40 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.12.14 09:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)
DRV - [2007.10.12 17:33:00 | 004,609,024 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.08.08 12:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lachesis.sys -- (LachesisFltr)
DRV - [2006.11.20 02:35:26 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.11.20 02:35:24 | 000,062,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.10.18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006.05.10 10:39:38 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.05.10 10:20:28 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.08.12 11:11:10 | 000,019,020 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Razerlow.sys -- (Razerlow)
DRV - [2005.06.03 13:47:06 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2005.06.03 13:47:04 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005.06.03 13:47:00 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005.06.03 13:46:58 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005.06.03 13:46:52 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2004.12.03 12:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004.11.18 12:49:14 | 000,024,786 | ---- | M] (EUTRON) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\eusk2par.sys -- (eusk2par)
DRV - [2004.08.09 13:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.08.09 13:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.07.19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2004.06.21 17:03:22 | 000,078,976 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004.03.10 17:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.04.19 01:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)
DRV - [2003.03.02 18:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)
DRV - [2000.10.24 01:00:00 | 000,003,608 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\port_nt.sys -- (port_nt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1960408961-1383384898-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1960408961-1383384898-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2186473
IE - HKU\S-1-5-21-1960408961-1383384898-839522115-1004\..\URLSearchHook: {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files\Movier-media\tbMov1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1960408961-1383384898-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1960408961-1383384898-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "About:Blank"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.10 06:59:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.10 06:59:18 | 000,000,000 | ---D | M]

[2008.09.19 21:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Mozilla\Extensions
[2010.09.17 08:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Mozilla\Firefox\Profiles\jgre2h2f.default\extensions
[2010.06.28 15:41:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Data aplikací\Mozilla\Firefox\Profiles\jgre2h2f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.01 18:03:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\user\Data aplikací\Mozilla\Firefox\Profiles\jgre2h2f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.09.11 11:47:32 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\user\Data aplikací\Mozilla\Firefox\Profiles\jgre2h2f.default\searchplugins\icqplugin-1.xml
[2008.03.26 22:02:35 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\user\Data aplikací\Mozilla\Firefox\Profiles\jgre2h2f.default\searchplugins\icqplugin-2.xml
[2008.04.17 17:57:14 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\user\Data aplikací\Mozilla\Firefox\Profiles\jgre2h2f.default\searchplugins\icqplugin-3.xml
[2008.07.05 09:09:25 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\user\Data aplikací\Mozilla\Firefox\Profiles\jgre2h2f.default\searchplugins\icqplugin-4.xml
[2008.07.16 22:58:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\user\Data aplikací\Mozilla\Firefox\Profiles\jgre2h2f.default\searchplugins\icqplugin-5.xml
[2008.02.29 12:36:21 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\user\Data aplikací\Mozilla\Firefox\Profiles\jgre2h2f.default\searchplugins\icqplugin.xml
[2010.09.17 08:46:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.29 13:37:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.21 15:55:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.06.12 01:52:09 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.06.12 01:52:09 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.06.12 01:52:09 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.06.12 01:52:09 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.06.12 01:52:09 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2008.12.26 13:48:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Movier-media Toolbar) - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files\Movier-media\tbMov1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Movier-media Toolbar) - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files\Movier-media\tbMov1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1960408961-1383384898-839522115-1004\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-1960408961-1383384898-839522115-1004\..\Toolbar\WebBrowser: (Movier-media Toolbar) - {CE10BF86-DA68-441E-91FA-38336363E3CD} - C:\Program Files\Movier-media\tbMov1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKU\S-1-5-21-1960408961-1383384898-839522115-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\user\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-1383384898-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-1383384898-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1960408961-1383384898-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1960408961-1383384898-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://www.driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\user\Plocha\pracovní plochy\auto.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Plocha\pracovní plochy\auto.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.11.15 17:13:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\RALCodec.dll (Pinnacle Systems GmbH)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2010.09.16 10:17:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.09.16 10:12:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2010.09.15 07:54:03 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Plocha\OTL.exe
[2010.09.14 22:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Plocha\Nová složka (3)
[2010.09.14 19:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Plocha\žjp
[2010.09.14 17:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.09.14 17:48:04 | 000,000,000 | ---D | C] -- C:\rsit
[2010.09.14 16:19:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe
[2010.09.14 16:19:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe
[2010.09.14 15:09:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
[2010.09.14 15:09:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE
[2010.09.14 15:09:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe
[2010.09.14 14:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Data aplikací\Download Manager
[2010.09.14 08:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Data aplikací\RealWorld
[2010.09.14 08:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\RealWorld Icon Editor
[2010.09.12 12:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dokumenty\The KMPlayer
[2010.09.12 12:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2010.09.12 12:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Plocha\KMPlayer
[2010.09.06 18:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Data aplikací\NVIDIA
[2010.09.06 18:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Data aplikací\2K Games
[2010.09.05 18:52:53 | 000,000,000 | ---D | C] -- C:\_RestoreRender
[2010.09.05 18:52:53 | 000,000,000 | ---D | C] -- C:\_RestoreMedia
[2010.09.05 18:52:53 | 000,000,000 | ---D | C] -- C:\_Restore
[2010.09.05 18:52:30 | 000,000,000 | ---D | C] -- C:\_Backup
[2010.09.04 18:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Liquid.6
[2010.09.03 19:53:30 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2010.09.03 19:53:30 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2010.09.03 19:53:29 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2010.09.03 19:53:29 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2010.09.03 19:53:28 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2010.09.03 19:53:28 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2010.09.03 19:53:27 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2010.09.03 19:53:27 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2010.09.03 19:53:26 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2010.09.03 19:53:26 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2010.09.03 19:53:25 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2010.09.03 19:53:25 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2010.09.03 19:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Webteh
[2010.09.03 10:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.09.03 10:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Movier-media
[2010.09.02 19:22:04 | 006,588,488 | ---- | C] (DExUS & Snipes ) -- C:\Documents and Settings\user\Plocha\install.exe
[2010.09.02 14:03:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Quicktime
[2010.09.02 11:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Plocha\Nová složka
[2010.09.01 18:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\dwhelper
[2010.08.28 11:58:38 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010.08.28 11:58:35 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010.08.28 11:58:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010.08.28 11:58:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010.08.28 11:58:34 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010.08.28 11:58:32 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010.08.28 11:58:29 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010.08.28 11:58:27 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010.08.28 11:58:24 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010.08.28 11:58:19 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010.08.28 11:58:19 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010.08.28 11:58:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010.08.28 11:58:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010.08.28 11:58:19 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010.08.28 11:58:19 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010.08.28 11:58:19 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2010.08.28 11:58:19 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2010.08.28 11:58:19 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010.08.28 11:58:19 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010.08.28 11:58:14 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\avc.sys
[2010.08.28 11:58:14 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2010.08.28 11:58:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\61883.sys
[2010.08.28 11:58:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2010.08.22 18:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Data aplikací\Movier
[2010.08.22 18:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Data aplikací\Conduit
[2010.08.22 18:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Data aplikací\Movier-media
[2010.08.22 18:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.08.22 18:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\Movier-media
[2010.08.22 18:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\Movier
[2006.08.17 12:32:46 | 000,060,928 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010.09.17 08:51:06 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{53A57D5A-365C-4A80-A419-DC8885684B15}.job
[2010.09.17 08:37:00 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.17 08:34:39 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.09.17 08:33:36 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.17 08:33:36 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-1383384898-839522115-1004.job
[2010.09.17 08:33:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.17 08:33:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.16 22:17:51 | 017,534,976 | ---- | M] () -- C:\Documents and Settings\user\ntuser.dat
[2010.09.16 22:17:51 | 000,055,300 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000008-00001102-00000005-00311102}.rfx
[2010.09.16 22:17:51 | 000,055,300 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000008-00001102-00000005-00311102}.rfx
[2010.09.16 22:17:51 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000008-00001102-00000005-00311102}.rfx
[2010.09.16 18:02:46 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010.09.16 14:51:25 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.09.16 14:50:30 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.16 12:46:43 | 000,234,280 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010.09.16 11:22:18 | 000,137,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.09.16 10:48:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-1383384898-839522115-1004.job
[2010.09.16 10:06:03 | 000,007,628 | ---- | M] () -- C:\Documents and Settings\user\Dokumenty\cc_20100916_100559.reg
[2010.09.16 10:00:57 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\user\Plocha\CCleaner.lnk
[2010.09.16 09:00:55 | 011,839,356 | ---- | M] () -- C:\Documents and Settings\user\Plocha\Far jag kan inte få upp min kokosnöt.mp4
[2010.09.15 21:29:04 | 000,014,256 | ---- | M] () -- C:\Documents and Settings\user\Plocha\Text.odt
[2010.09.15 19:40:27 | 000,510,128 | ---- | M] () -- C:\Documents and Settings\user\Plocha\Bath.odp
[2010.09.15 07:54:03 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Plocha\OTL.exe
[2010.09.14 19:51:14 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\user\Plocha\Microsoft Office Word 2003 (2).lnk
[2010.09.14 19:10:34 | 000,000,089 | ---- | M] () -- C:\WINDOWS\ULead32.ini
[2010.09.14 16:20:29 | 000,216,719 | ---- | M] () -- C:\Documents and Settings\user\Dokumenty\pinfect.zip
[2010.09.14 16:19:44 | 000,000,054 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2010.09.14 15:14:40 | 007,877,379 | ---- | M] () -- C:\WINDOWS\REGBK00.ZIP
[2010.09.14 15:05:58 | 099,334,664 | ---- | M] () -- C:\Documents and Settings\user\Plocha\mwav.exe
[2010.09.13 20:07:34 | 000,008,728 | ---- | M] () -- C:\Documents and Settings\user\Plocha\Reklama.odt
[2010.09.13 19:58:00 | 000,018,287 | ---- | M] () -- C:\Documents and Settings\user\Plocha\Bath_concept.odt
[2010.09.13 15:59:40 | 000,000,145 | ---- | M] () -- C:\Documents and Settings\user\Plocha\CD.lnk
[2010.09.10 10:10:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.09.08 18:27:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.06 09:32:59 | 001,065,602 | ---- | M] () -- C:\Documents and Settings\user\Dokumenty\11_-_Vivaldi_Winter_mvt_2_Largo_-_John_Harrison_violin.mp3
[2010.09.06 09:28:29 | 001,198,486 | ---- | M] () -- C:\Documents and Settings\user\Dokumenty\upload.wikimedia.org_11_-_Vivaldi_Winter_mvt_2_Largo_-_John_Harrison_violin.ogg_83034.avi
[2010.09.06 09:26:31 | 001,198,456 | ---- | M] () -- C:\Documents and Settings\user\Dokumenty\11_-_Vivaldi_Winter_mvt_2_Largo_-_John_Harrison_violin.avi
[2010.09.06 09:21:52 | 002,544,381 | ---- | M] () -- C:\Documents and Settings\user\Plocha\11_-_Vivaldi_Winter_mvt_2_Largo_-_John_Harrison_violin.ogg
[2010.09.06 09:07:13 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\iTunes.lnk
[2010.09.05 14:13:50 | 000,001,384 | ---- | M] () -- C:\WINDOWS\VFO.INI
[2010.09.05 14:12:44 | 000,000,544 | ---- | M] () -- C:\WINDOWS\VFO.VST
[2010.09.04 19:14:52 | 000,000,051 | ---- | M] () -- C:\WINDOWS\System32\blue.SITENAME
[2010.09.04 19:02:10 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Liquid 6.lnk
[2010.09.04 18:25:19 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\user\Dokumenty\cc_20100904_182516.reg
[2010.09.04 18:25:00 | 000,000,406 | ---- | M] () -- C:\Documents and Settings\user\Dokumenty\cc_20100904_182458.reg
[2010.09.04 18:24:44 | 000,000,488 | ---- | M] () -- C:\Documents and Settings\user\Dokumenty\cc_20100904_182440.reg
[2010.09.04 18:23:27 | 000,040,904 | ---- | M] () -- C:\Documents and Settings\user\Dokumenty\cc_20100904_182306.reg
[2010.09.04 00:29:21 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.09.04 00:29:21 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.09.03 19:26:31 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\user\Dokumenty\cc_20100903_192609.reg
[2010.09.03 18:48:16 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\user\Plocha\Mafia II - Public Demo.url
[2010.09.03 14:30:23 | 000,109,568 | ---- | M] () -- C:\Documents and Settings\user\Plocha\Zřícenina kaple Povýšení svatého Kříže.doc
[2010.09.03 10:22:04 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\QuickTime Player.lnk
[2010.09.02 19:22:04 | 006,588,488 | ---- | M] (DExUS & Snipes ) -- C:\Documents and Settings\user\Plocha\install.exe
[2010.09.02 13:31:36 | 000,005,836 | ---- | M] () -- C:\Documents and Settings\user\Dokumenty\cc_20100902_133044.reg
[2010.09.02 13:28:59 | 000,030,780 | ---- | M] () -- C:\Documents and Settings\user\Dokumenty\cc_20100902_132805.reg
[2010.09.02 13:27:54 | 000,025,254 | ---- | M] () -- C:\Documents and Settings\user\Dokumenty\cc_20100902_132649.reg
[2010.09.02 13:26:29 | 000,017,762 | ---- | M] () -- C:\Documents and Settings\user\Dokumenty\cc_20100902_132411.reg
[2010.09.02 13:07:25 | 002,071,552 | ---- | M] () -- C:\Documents and Settings\user\Plocha\liq odin.doc
[2010.08.31 10:44:10 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\user\Plocha\DVD.lnk
[2010.08.31 10:41:00 | 000,000,071 | ---- | M] () -- C:\Documents and Settings\user\default.pls
[2010.08.30 12:57:55 | 000,000,222 | ---- | M] () -- C:\WINDOWS\emsoft.ini
[2010.08.28 20:34:38 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\user\Plocha\Mafia 2.doc
[2010.08.22 18:53:56 | 000,521,946 | ---- | M] () -- C:\Documents and Settings\user\Plocha\GetSite.zip
[2010.08.22 18:38:19 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Movier.lnk
[2010.08.22 18:28:16 | 007,242,308 | ---- | M] () -- C:\Documents and Settings\user\Plocha\Movier-Installer 1.exe
[2010.08.22 18:13:22 | 006,970,459 | ---- | M] () -- C:\Documents and Settings\user\Plocha\Movier-Installer.exe
[2010.08.21 15:48:59 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2010.09.16 10:06:01 | 000,007,628 | ---- | C] () -- C:\Documents and Settings\user\Dokumenty\cc_20100916_100559.reg
[2010.09.16 09:00:55 | 011,839,356 | ---- | C] () -- C:\Documents and Settings\user\Plocha\Far jag kan inte få upp min kokosnöt.mp4
[2010.09.15 21:29:04 | 000,014,256 | ---- | C] () -- C:\Documents and Settings\user\Plocha\Text.odt
[2010.09.14 15:13:50 | 007,877,379 | ---- | C] () -- C:\WINDOWS\REGBK00.ZIP
[2010.09.14 15:04:40 | 099,334,664 | ---- | C] () -- C:\Documents and Settings\user\Plocha\mwav.exe
[2010.09.13 20:07:34 | 000,008,728 | ---- | C] () -- C:\Documents and Settings\user\Plocha\Reklama.odt
[2010.09.13 19:47:07 | 000,018,287 | ---- | C] () -- C:\Documents and Settings\user\Plocha\Bath_concept.odt
[2010.09.11 20:04:10 | 000,510,128 | ---- | C] () -- C:\Documents and Settings\user\Plocha\Bath.odp
[2010.09.06 09:32:52 | 001,065,602 | ---- | C] () -- C:\Documents and Settings\user\Dokumenty\11_-_Vivaldi_Winter_mvt_2_Largo_-_John_Harrison_violin.mp3
[2010.09.06 09:28:22 | 001,198,486 | ---- | C] () -- C:\Documents and Settings\user\Dokumenty\upload.wikimedia.org_11_-_Vivaldi_Winter_mvt_2_Largo_-_John_Harrison_violin.ogg_83034.avi
[2010.09.06 09:26:24 | 001,198,456 | ---- | C] () -- C:\Documents and Settings\user\Dokumenty\11_-_Vivaldi_Winter_mvt_2_Largo_-_John_Harrison_violin.avi
[2010.09.06 09:21:48 | 002,544,381 | ---- | C] () -- C:\Documents and Settings\user\Plocha\11_-_Vivaldi_Winter_mvt_2_Largo_-_John_Harrison_violin.ogg
[2010.09.04 19:14:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\blue.SITENAME
[2010.09.04 19:02:10 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Liquid 6.lnk
[2010.09.04 18:25:17 | 000,000,544 | ---- | C] () -- C:\Documents and Settings\user\Dokumenty\cc_20100904_182516.reg
[2010.09.04 18:24:59 | 000,000,406 | ---- | C] () -- C:\Documents and Settings\user\Dokumenty\cc_20100904_182458.reg
[2010.09.04 18:24:42 | 000,000,488 | ---- | C] () -- C:\Documents and Settings\user\Dokumenty\cc_20100904_182440.reg
[2010.09.04 18:23:24 | 000,040,904 | ---- | C] () -- C:\Documents and Settings\user\Dokumenty\cc_20100904_182306.reg
[2010.09.03 19:26:11 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\user\Dokumenty\cc_20100903_192609.reg
[2010.09.03 18:48:16 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\user\Plocha\Mafia II - Public Demo.url
[2010.09.03 13:38:30 | 000,109,568 | ---- | C] () -- C:\Documents and Settings\user\Plocha\Zřícenina kaple Povýšení svatého Kříže.doc
[2010.09.03 10:24:54 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\iTunes.lnk
[2010.09.03 10:22:04 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\QuickTime Player.lnk
[2010.09.02 13:30:45 | 000,005,836 | ---- | C] () -- C:\Documents and Settings\user\Dokumenty\cc_20100902_133044.reg
[2010.09.02 13:28:07 | 000,030,780 | ---- | C] () -- C:\Documents and Settings\user\Dokumenty\cc_20100902_132805.reg
[2010.09.02 13:26:53 | 000,025,254 | ---- | C] () -- C:\Documents and Settings\user\Dokumenty\cc_20100902_132649.reg
[2010.09.02 13:24:33 | 000,017,762 | ---- | C] () -- C:\Documents and Settings\user\Dokumenty\cc_20100902_132411.reg
[2010.09.02 13:03:11 | 002,071,552 | ---- | C] () -- C:\Documents and Settings\user\Plocha\liq odin.doc
[2010.08.28 20:33:11 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\user\Plocha\Mafia 2.doc
[2010.08.22 18:53:56 | 000,521,946 | ---- | C] () -- C:\Documents and Settings\user\Plocha\GetSite.zip
[2010.08.22 18:38:19 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Movier.lnk
[2010.08.22 18:28:16 | 007,242,308 | ---- | C] () -- C:\Documents and Settings\user\Plocha\Movier-Installer 1.exe
[2010.08.22 18:13:22 | 006,970,459 | ---- | C] () -- C:\Documents and Settings\user\Plocha\Movier-Installer.exe
[2010.05.02 12:02:23 | 000,000,222 | ---- | C] () -- C:\WINDOWS\emsoft.ini
[2009.07.17 12:51:51 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2009.07.17 12:51:51 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2009.07.17 12:51:51 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2009.07.17 12:51:51 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2009.07.17 12:51:51 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2009.07.17 12:48:45 | 000,001,384 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2009.07.17 12:48:07 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2009.06.21 11:37:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2009.06.13 09:23:57 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009.06.13 09:23:55 | 000,000,048 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2009.06.04 01:37:08 | 000,021,093 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009.06.04 01:37:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009.06.04 00:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2009.06.04 00:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009.01.17 15:14:31 | 000,122,951 | ---- | C] () -- C:\WINDOWS\System32\vfmpegu.dll
[2009.01.17 13:04:55 | 001,138,767 | ---- | C] () -- C:\WINDOWS\System32\dialogsu.dll
[2008.12.29 20:44:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\futilu.dll
[2008.12.23 14:36:14 | 002,638,788 | ---- | C] () -- C:\Documents and Settings\user\Data aplikací\install.txt
[2008.11.30 16:40:05 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008.10.28 18:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008.05.18 17:09:53 | 000,000,278 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2008.05.18 15:39:23 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Constutn.ini
[2008.05.03 20:48:20 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2008.04.08 09:14:09 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2008.03.23 23:19:27 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008.02.01 21:47:58 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2008.02.01 21:05:51 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2008.02.01 19:47:09 | 000,003,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\port_nt.sys
[2007.12.24 15:48:18 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007.11.26 15:54:01 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2007.11.26 15:54:01 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2007.11.17 20:00:42 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.11.17 14:26:24 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.11.17 14:15:45 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.17 10:36:58 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007.11.16 21:24:07 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Data aplikací\fusioncache.dat
[2007.11.16 13:50:38 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\user\Data aplikací\PnkBstrK.sys
[2007.11.16 13:50:38 | 000,137,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2006.11.07 00:55:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.11.07 00:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.09.27 17:47:40 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006.08.17 12:33:54 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 12:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.06.07 22:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2004.03.18 09:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2003.04.09 16:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997.03.13 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997.03.13 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

hp184 · #22 Příspěvek od **hp184** » 17 zář 2010 08:10

========== LOP Check ==========

[2008.04.19 10:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Age of Empires 3
[2009.01.02 02:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2008.12.26 23:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MailFrontier
[2009.04.06 10:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
[2009.11.29 09:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ParetoLogic
[2009.07.17 12:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2009.10.30 22:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Razer
[2008.10.31 20:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2009.06.21 11:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Teleca
[2007.11.16 13:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ubisoft
[2009.03.20 11:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010.07.07 21:39:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2010.04.09 10:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.09.11 10:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.04.10 10:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010.07.28 10:30:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2009.02.14 00:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Canon
[2009.10.30 22:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
[2009.01.02 02:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\ESET
[2010.01.30 21:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\IcoFX
[2007.11.18 20:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\ICQ
[2008.03.06 10:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\ICQ Toolbar
[2008.12.24 21:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Leadertech
[2009.11.08 22:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\MMToolz
[2010.09.16 09:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Movier
[2010.09.16 22:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Mumble
[2007.11.26 13:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Opera
[2009.10.30 22:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Raptr
[2009.03.13 21:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Red Alert 3
[2010.02.02 12:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Registry Booster
[2008.12.23 12:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Spyware Terminator
[2009.06.21 11:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Teleca
[2010.02.02 11:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Uniblue
[2010.09.17 08:34:39 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010.09.16 18:02:46 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2010.09.17 08:51:06 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{53A57D5A-365C-4A80-A419-DC8885684B15}.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -- [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.12.23 23:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Adobe
[2009.06.21 11:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\AdobeAUM
[2009.08.16 11:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\AdobeUM
[2007.11.17 20:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Ahead
[2010.04.09 14:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Apple Computer
[2010.03.24 21:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Avira
[2009.02.14 00:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Canon
[2009.10.30 22:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
[2010.04.10 09:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Creative
[2010.09.14 15:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Download Manager
[2009.01.02 02:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\ESET
[2008.02.13 22:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Google
[2008.04.03 20:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Hamachi
[2007.11.17 14:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Help
[2010.01.30 21:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\IcoFX
[2007.11.18 20:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\ICQ
[2008.03.06 10:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\ICQ Toolbar
[2007.11.15 17:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Identities
[2007.11.15 17:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\InstallShield
[2008.12.24 21:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Leadertech
[2007.11.22 10:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Macromedia
[2010.09.14 08:47:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\user\Data aplikací\Microsoft
[2009.11.08 22:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\MMToolz
[2010.09.16 09:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Movier
[2008.09.19 21:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Mozilla
[2010.09.16 22:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Mumble
[2010.09.06 18:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\NVIDIA
[2010.09.16 10:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\OpenOffice.org2
[2007.11.26 13:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Opera
[2009.10.30 22:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Raptr
[2010.04.08 10:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Real
[2010.09.14 08:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\RealWorld
[2009.03.13 21:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Red Alert 3
[2010.02.02 12:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Registry Booster
[2007.11.16 13:51:41 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\user\Data aplikací\SecuROM
[2010.05.15 22:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Skype
[2008.12.23 12:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Spyware Terminator
[2008.01.27 11:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Sun
[2009.03.04 18:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\SUPERAntiSpyware.com
[2008.01.18 23:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\teamspeak2
[2009.06.21 11:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Teleca
[2010.02.02 11:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Uniblue
[2008.02.01 20:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\WinRAR
[2010.08.20 19:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\ZoomBrowser EX

< %APPDATA%\*.exe /s >

< MD5 for: AGP440.SYS >
[2008.08.27 12:56:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.10.07 09:10:29 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.10.07 09:10:29 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008.08.27 12:56:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.10.07 09:10:29 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.10.07 09:10:29 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.03.02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2006.03.02 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2008.08.27 12:56:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:cdrom.sys
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.10.07 09:10:29 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.10.07 09:10:29 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006.03.02 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2006.03.02 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2006.03.02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006.03.02 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: GRPCONV.EXE >
[2006.03.02 14:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=00D0959D8792A594D2F4B4B61718583C -- C:\WINDOWS\$NtServicePackUninstall$\grpconv.exe
[2008.04.14 05:22:24 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=7EEADACDB8053BEEFC6BE88E691A2BD2 -- C:\WINDOWS\ServicePackFiles\i386\grpconv.exe
[2008.04.14 05:22:24 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=7EEADACDB8053BEEFC6BE88E691A2BD2 -- C:\WINDOWS\system32\grpconv.exe

< MD5 for: HAL.DLL >
[2008.08.27 12:56:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:hal.dll
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.10.07 09:10:29 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.10.07 09:10:29 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2006.03.02 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2008.08.27 12:56:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:Changer.sys
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.10.07 09:10:29 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.10.07 09:10:29 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.08.27 12:56:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:isapnp.sys
[2008.10.07 09:10:29 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.10.07 09:10:29 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2006.03.02 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 04:27:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2006.03.02 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006.03.02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006.03.02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATA.SYS >
[2006.10.18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\Program Files\Setup Files\NVIDIA 650i System Driver v8.43\IDE\WinXP\sata_ide\nvata.sys
[2006.10.18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\system32\drivers\nvata.sys
[2006.10.18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\nvata.sys
[2006.10.18 17:31:00 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006.10.18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\Program Files\Setup Files\NVIDIA 650i System Driver v8.43\IDE\WinXP\sataraid\nvatabus.sys

< MD5 for: NVRAID.SYS >
[2006.10.18 16:31:46 | 000,089,216 | ---- | M] (NVIDIA Corporation) MD5=EA4017441889A7E66D8A77BD41AC11C0 -- C:\Program Files\Setup Files\NVIDIA 650i System Driver v8.43\IDE\WinXP\sataraid\nvraid.sys

< MD5 for: SCECLI.DLL >
[2006.03.02 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2006.03.02 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 16:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2006.03.02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.03.02 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2006.03.02 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006.03.02 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2006.03.02 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007.11.15 17:58:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007.11.15 17:58:08 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007.11.15 17:58:08 | 000,495,616 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0lsdelete\0\0

< %systemroot%\system32\drivers\*.sys /3 >
[2010.09.16 11:22:18 | 000,137,976 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys

< %systemroot%\system32\*.* /3 >
[2010.09.16 22:17:51 | 000,055,300 | ---- | M] () -- C:\WINDOWS\system32\BMXState-{00000004-00000000-00000008-00001102-00000005-00311102}.rfx
[2010.09.16 22:17:51 | 000,055,300 | ---- | M] () -- C:\WINDOWS\system32\BMXStateBkp-{00000004-00000000-00000008-00001102-00000005-00311102}.rfx
[2010.09.16 22:17:51 | 000,000,788 | ---- | M] () -- C:\WINDOWS\system32\DVCState-{00000004-00000000-00000008-00001102-00000005-00311102}.rfx
[2010.09.15 08:50:39 | 035,552,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MRT.exe
[2010.09.16 12:46:43 | 000,234,280 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
[2010.09.16 12:46:43 | 000,234,280 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.xtr
< End of report >

hp184 · #23 Příspěvek od **hp184** » 17 zář 2010 09:06

Nyní ke screenu: Ať jsem dělal co dělal, tlačítko "host it" jsem nenašel. Přikládám proto odkaz na stránku s uloženým screenem z mojí historie:

http://img295.imageshack.us/i/analysiss ... zilla.jpg/

nebo

http://img295.imageshack.us/f/analysiss ... zilla.jpg/

Snad to takhle bude vyhovovat. Pokud ne, zkusím to znovu.
Odkaz na onu problémovou stránku nemám, jen to, co lze přečíst na screenu /to ale bohužel asi není v plném tvaru/

#24 Příspěvek od **stell** » 17 zář 2010 10:49

dikes, uz to google zablokoval, ano je to utocna stranka, ktora instaluje fake programy do pc, ak by si tam pokracoval dalej, tak by si pekne zavaril, no skoda, ze to google tak skoro zablokovalo, nemohol som stiahnut tie fake programy,
ale aj tak dikes.

VIRY.CZ

Backdoor.Win32.Bifrose.cqqy Win32/Sality Packed.Vunt

Re: Backdoor.Win32.Bifrose.cqqy Win32/Sality Packed.Vunt

Re: Backdoor.Win32.Bifrose.cqqy Win32/Sality Packed.Vunt

Re: Backdoor.Win32.Bifrose.cqqy Win32/Sality Packed.Vunt

Re: Backdoor.Win32.Bifrose.cqqy Win32/Sality Packed.Vunt

Re: Backdoor.Win32.Bifrose.cqqy Win32/Sality Packed.Vunt

Re: Backdoor.Win32.Bifrose.cqqy Win32/Sality Packed.Vunt

Re: Backdoor.Win32.Bifrose.cqqy Win32/Sality Packed.Vunt

Re: Backdoor.Win32.Bifrose.cqqy Win32/Sality Packed.Vunt

Re: Backdoor.Win32.Bifrose.cqqy Win32/Sality Packed.Vunt