Prosim o prohlidnuti.Dekuji moc.

Zpráva

#16 Příspěvek od **motji** » 21 zář 2010 15:35

Na ploše? Ale já ho nechci na ploše

, musíte ho dát přímo na disk C, už do žádných složek. Takže cesta bude
C:\winlogon.exe.

pajikus · #17 Příspěvek od **pajikus** » 21 zář 2010 16:05

No ono se to castecne zjednodusilo,padnul comp.
Nastesti mam arconis,tak jsem to z nej obnovil.
Jinymi slovy,znovu na zacatku.
Jestli jsem vas neodradil,posluu report z combofixu.
kdyztak stejne dekuji

#18 Příspěvek od **motji** » 21 zář 2010 16:38

to Vám padnul po tom scriptu na combofix?
Tak pokud to neodradilo Vás

, klidně ho pošlete.

pajikus · #19 Příspěvek od **pajikus** » 21 zář 2010 17:31

vite co?Ja sem na vozejku,tak jsem dost odolny........
tak jestli muzu.................

ComboFix 10-09-17.04 - pajik 21.09.2010 13:30:24.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.664 [GMT 2:00]
Spuštěný z: c:\documents and settings\pajik\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\gendel32.exe
c:\windows\imglib.dll
c:\windows\SNMPAPI.DLL
c:\windows\sysk32.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\sinvfct.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF

((((((((((((((((((((((((( Soubory vytvořené od 2010-08-21 do 2010-09-21 )))))))))))))))))))))))))))))))
.

V tomto časovém úseku nebyly vytvořeny žádné nové soubory.

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-05-03 10:06 . 2008-02-12 11:21 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2008-02-12 11:21 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 13:43 . 2008-02-12 11:22 27648 --sh--w- c:\windows\system32\Smab0.dll
2008-02-04 19:26 . 2008-02-12 11:22 151040 --sh--w- c:\windows\system32\VistaUltm.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-19 1188456]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"AcronisTimounterMonitor"="d:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-19 1962896]
"c:\windows\system32\winlogon.exe"="c:\windows\system32\winlogon.exe" [2008-04-14 507904]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-03-30 917504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\pajik\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - StrongDC.lnk - c:\program files\strong\StrongDC.exe [2010-4-2 3369984]
Z stupce - WinVNC.lnk - d:\program files\TightVNC\WinVNC.exe [2007-5-7 589824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk autopartntautopartnt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\"C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\"C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\"c:\windows\Installer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\"c:\windows\Installer\{A1350B64-1AF8-497B-AC07-307DF67FB8D4}

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\"c:\windows\Installer\{A1350B64-1AF8-497B-AC07-307DF67FB8D4}\egui.exe" /hide /waitservice]
2009-07-11 14:30 140544 ----a-r- c:\windows\Installer\{A1350B64-1AF8-497B-AC07-307DF67FB8D4}\egui.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\strong\\StrongDC.exe"=
"d:\\Program Files\\Miranda IM\\miranda32.exe"=
"d:\\TOTALCMD\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\skype\\Skype.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"27598:TCP"= 27598:TCP:BitComet 27598 TCP
"27598:UDP"= 27598:UDP:BitComet 27598 UDP
"8635:TCP"= 8635:TCP:BitComet 8635 TCP
"8635:UDP"= 8635:UDP:BitComet 8635 UDP

R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [10.12.2006 14:03 76373]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [10.12.2006 14:03 32631]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [10.12.2006 14:03 10005]
S2 SPAMfighter Update Service;SPAMfighter Update Service; [x]
S3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\pfc027.sys [8.4.2005 11:46 162176]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 17:21 30720]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4; [x]
S3 WFIOCTL;WFIOCTL; [x]
.
Obsah adresáře 'Naplánované úlohy'

2007-12-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2004-08-17 03:22]

2010-09-21 c:\windows\Tasks\User_Feed_Synchronization-{DB840A68-7C4D-43C1-A6B8-4409DF16EDC0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: imon.dll
TCP: {B4D0CC8B-D071-4EF4-9393-8CB0754F2390} = 10.93.0.2,10.93.0.1
DPF: {0A6112F2-F9D1-4FBF-A6EC-B67B22915873} - hxxp://foto.ihned.cz/snadno-vlozit-fotografie/ilt/ilikethisPhotoUploader2.dll
DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} - hxxp://192.168.1.12/xplugLite.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-21 13:36
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1180)
c:\windows\system32\relog_ap.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3008)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Eset\nod32krn.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2010-09-21 13:39:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-21 11:39

Před spuštěním: Volných bajtů: 69 745 717 248
Po spuštění: Volných bajtů: 70 048 673 792

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 7659EB69561D84A7142417576520FB15

#20 Příspěvek od **motji** » 21 zář 2010 17:50

Koukám že máte v záloze acronisu taky kupu šmejdů

. Nejlépe je nainstalovat nový systém, vyladit a udělat zálohu.

Zkusím to smazat přes něco jiného, kdyby systém opět klekl, budete se na mě zlobit?

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

pajikus · #21 Příspěvek od **pajikus** » 22 zář 2010 08:05

OTL logfile created on: 22.9.2010 8:58:34 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = D:\Stažené
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 675,00 Mb Available Physical Memory | 66,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72,53 Gb Total Space | 65,06 Gb Free Space | 89,70% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 40,68 Gb Free Space | 17,47% Space Free | Partition Type: NTFS
Drive E: | 49,83 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAJIK
Current User Name: pajik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.09.22 08:52:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Stažené\OTL.exe
PRC - [2010.04.02 16:22:16 | 003,369,984 | ---- | M] () -- C:\Program Files\strong\StrongDC.exe
PRC - [2010.03.30 10:08:48 | 000,917,504 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
PRC - [2010.03.30 10:08:48 | 000,495,616 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.07 20:28:58 | 000,589,824 | ---- | M] (TightVNC Group) -- D:\Program Files\TightVNC\WinVNC.exe
PRC - [2007.02.19 16:38:00 | 001,962,896 | ---- | M] (Acronis) -- D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007.02.19 16:32:48 | 001,188,456 | ---- | M] (Acronis) -- D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2006.10.23 06:55:02 | 000,851,664 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2006.10.17 11:47:22 | 000,087,584 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2006.10.17 11:47:16 | 000,230,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2005.01.14 10:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe

========== Modules (SafeList) ==========

MOD - [2010.09.22 08:52:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Stažené\OTL.exe
MOD - [2008.04.14 05:19:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007.05.07 19:28:54 | 000,077,824 | ---- | M] (TightVNC Group) -- D:\Program Files\TightVNC\VNCHooks.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WinVNC4)
SRV - File not found [Auto | Stopped] -- -- (SPAMfighter Update Service)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (McNASvc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010.03.30 10:08:48 | 000,495,616 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2006.10.17 11:47:16 | 000,230,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2005.01.14 10:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)
SRV - [2003.03.03 14:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2001.04.06 13:57:46 | 000,238,080 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- C:\WINDOWS\System32\OOD2000.exe -- (OOD2000)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010.03.30 10:08:48 | 000,502,208 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2008.04.13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.12.21 08:21:54 | 000,053,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2007.12.21 08:21:52 | 000,030,728 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2007.12.21 08:21:46 | 000,071,176 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2007.12.21 08:20:14 | 000,030,216 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2007.12.21 08:19:54 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007.06.21 17:21:58 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901_2gm.sys -- (tap0901_2gm)
DRV - [2007.04.20 14:50:39 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007.04.20 14:50:39 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007.04.20 14:48:55 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2005.04.08 11:46:18 | 000,162,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc027.sys -- (PAC207)
DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004.08.04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003.12.12 08:52:20 | 000,010,005 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2kXbar.sys -- (Tv2kXbar)
DRV - [2003.12.12 08:52:18 | 000,032,631 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2ktunr.sys -- (tv2ktunr)
DRV - [2003.12.12 08:52:16 | 000,076,373 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2kvcap.sys -- (BT848)
DRV - [2003.08.15 09:53:12 | 000,462,684 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003.08.14 17:16:38 | 000,404,736 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2002.08.14 16:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1060284298-1682526488-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
IE - HKU\S-1-5-21-1060284298-1682526488-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/
IE - HKU\S-1-5-21-1060284298-1682526488-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1060284298-1682526488-682003330-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1060284298-1682526488-682003330-1003\..\URLSearchHook: {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - Reg Error: Value error. File not found
IE - HKU\S-1-5-21-1060284298-1682526488-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010.09.21 13:36:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - No CLSID value found.
O3 - HKU\S-1-5-21-1060284298-1682526488-682003330-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1060284298-1682526488-682003330-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKU\S-1-5-21-1060284298-1682526488-682003330-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-1060284298-1682526488-682003330-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-1060284298-1682526488-682003330-1003\..\Toolbar\WebBrowser: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - Startup: C:\Documents and Settings\pajik\Nabídka Start\Programy\Po spuštění\Zástupce - StrongDC.lnk = C:\Program Files\strong\StrongDC.exe ()
O4 - Startup: C:\Documents and Settings\pajik\Nabídka Start\Programy\Po spuštění\Zástupce - WinVNC.lnk = D:\Program Files\TightVNC\WinVNC.exe (TightVNC Group)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-1682526488-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1060284298-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1060284298-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1060284298-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - Reg Error: Value error. File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O16 - DPF: {0A6112F2-F9D1-4FBF-A6EC-B67B22915873} http://foto.ihned.cz/snadno-vlozit-foto ... oader2.dll (PhotoUploader Control)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.cz/buxus/docs/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} http://192.168.1.12/xplugLite.cab (Gif89 Lite Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} Reg Error: Value error. (McFreeScan Class)
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - Reg Error: Value error. File not found
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - Reg Error: Value error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\pajik\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\pajik\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.12.15 11:26:00 | 000,006,656 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004.12.15 11:26:00 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk autopartntautopartnt) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027075282206720)

========== Files/Folders - Created Within 30 Days ==========

[2010.09.22 08:43:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010.09.22 08:43:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.09.21 16:05:22 | 000,188,416 | ---- | C] (Dundas Software) -- C:\WINDOWS\System32\UTPing.dll
[2010.09.21 16:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\PLANET
[2010.09.21 16:01:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.09.21 13:39:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.09.21 13:29:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.09.21 13:12:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.09.21 13:12:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.09.21 13:12:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.09.21 13:12:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.09.21 13:12:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2006.11.13 13:45:12 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2006.11.13 13:45:12 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.09.22 08:57:44 | 000,000,466 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DB840A68-7C4D-43C1-A6B8-4409DF16EDC0}.job
[2010.09.22 08:54:57 | 000,003,718 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2010.09.22 08:41:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.22 08:40:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.22 08:40:48 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.22 08:40:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.21 20:24:41 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\pajik\ntuser.dat
[2010.09.21 20:24:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\pajik\ntuser.ini
[2010.09.21 20:24:35 | 010,689,154 | -H-- | M] () -- C:\Documents and Settings\pajik\Local Settings\Data aplikací\IconCache.db
[2010.09.21 13:36:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.09.21 13:36:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.09.21 13:29:44 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010.09.19 11:31:24 | 003,846,590 | R--- | M] () -- C:\Documents and Settings\pajik\Plocha\ComboFix.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.09.21 16:05:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\XNetObj.ocx
[2010.09.21 13:29:44 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.09.21 13:29:43 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2010.09.21 13:12:35 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.09.21 13:12:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.09.21 13:12:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.09.21 13:12:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.09.21 13:12:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.09.21 13:10:56 | 003,846,590 | R--- | C] () -- C:\Documents and Settings\pajik\Plocha\ComboFix.exe
[2008.02.12 13:22:36 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008.02.12 13:22:31 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.02.12 13:22:01 | 000,151,040 | -HS- | C] () -- C:\WINDOWS\System32\VistaUltm.dll
[2008.02.12 13:22:00 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\Smab0.dll
[2008.02.03 12:11:45 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2008.01.08 12:00:06 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\THBIni20.dll
[2007.09.19 14:07:01 | 000,000,714 | -H-- | C] () -- C:\Documents and Settings\All Users\Data aplikací\saopts.dat
[2007.09.19 09:58:06 | 000,003,592 | ---- | C] () -- C:\WINDOWS\System32\buttonstudio.ini
[2007.09.06 16:53:21 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007.09.01 21:08:49 | 000,000,270 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2007.08.30 11:47:19 | 000,018,264 | ---- | C] () -- C:\WINDOWS\k-mania.Ini
[2007.08.12 17:04:57 | 000,000,325 | ---- | C] () -- C:\WINDOWS\WaterIllusion.ini
[2007.06.04 11:38:31 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2007.06.01 14:16:19 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ood2kmsg.dll
[2007.06.01 14:16:13 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\OODCSPRO.dll
[2007.05.25 12:53:14 | 000,000,031 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007.05.23 16:15:59 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Speed Video Converter.INI
[2007.05.19 13:42:23 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\pajik\Local Settings\Data aplikací\fusioncache.dat
[2007.02.28 16:43:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007.01.26 18:00:00 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006.12.28 11:51:09 | 000,000,910 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2006.12.26 16:46:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.12.16 18:32:33 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\RTELM.dll
[2006.12.01 17:58:00 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\pajik\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.12.01 17:56:18 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Power Video Converter.INI
[2006.11.26 11:56:06 | 000,000,605 | -H-- | C] () -- C:\Documents and Settings\pajik\Data aplikací\xpy.ini
[2006.11.24 13:26:19 | 000,000,354 | ---- | C] () -- C:\WINDOWS\ff.INI
[2006.11.14 16:17:23 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.11.11 16:45:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EuroExp.INI
[2006.11.09 11:15:58 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006.11.09 11:11:29 | 000,003,718 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.04.08 11:46:18 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\pfc027.sys
[2005.01.25 16:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207Usd.dll
[2004.11.16 19:22:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\Base64.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2008.04.14 12:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Acronis
[2009.07.11 16:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2010.03.29 16:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.06.16 16:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\RFA_Backups
[2010.09.21 16:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.03.29 18:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pajik\Data aplikací\ESET
[2008.04.14 12:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pajik\Data aplikací\GlarySoft
[2010.03.29 17:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pajik\Data aplikací\ICQ
[2008.04.13 13:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pajik\Data aplikací\SPAMfighter
[2009.07.10 11:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pajik\Data aplikací\Spamihilator
[2009.07.09 16:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pajik\Data aplikací\URSoft
[2007.12.15 02:00:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010.09.22 08:57:44 | 000,000,466 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DB840A68-7C4D-43C1-A6B8-4409DF16EDC0}.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >
[5 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008.04.13 12:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pajik\Data aplikací\Adobe
[2010.03.29 18:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pajik\Data aplikací\ESET
[2008.04.14 12:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pajik\Data aplikací\GlarySoft
[2010.03.29 17:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pajik\Data aplikací\ICQ
[2008.04.13 12:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pajik\Data aplikací\Macromedia
[2008.04.14 12:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pajik\Data aplikací\Media Player Classic
[2008.01.25 18:40:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\pajik\Data aplikací\Microsoft
[2010.03.29 16:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pajik\Data aplikací\Mozilla
[2009.07.11 10:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pajik\Data aplikací\Skype
[2008.04.13 13:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pajik\Data aplikací\SPAMfighter
[2009.07.10 11:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pajik\Data aplikací\Spamihilator
[2008.04.13 19:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pajik\Data aplikací\Sun
[2009.07.09 16:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pajik\Data aplikací\URSoft
[2009.07.11 16:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pajik\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2006.12.04 17:07:33 | 000,002,238 | R--- | M] () -- C:\Documents and Settings\pajik\Data aplikací\Microsoft\Installer\{612C79BE-2B36-4D29-A798-F73C66D26C9B}\_18be6784.exe
[2007.05.17 10:47:04 | 000,014,062 | R--- | M] () -- C:\Documents and Settings\pajik\Data aplikací\Microsoft\Installer\{66740D00-FB42-4E34-B1D8-EFE67A282961}\_18be6784.exe
[2007.05.17 10:47:04 | 000,014,062 | R--- | M] () -- C:\Documents and Settings\pajik\Data aplikací\Microsoft\Installer\{66740D00-FB42-4E34-B1D8-EFE67A282961}\_294823.exe
[2007.05.17 10:47:04 | 000,014,062 | R--- | M] () -- C:\Documents and Settings\pajik\Data aplikací\Microsoft\Installer\{66740D00-FB42-4E34-B1D8-EFE67A282961}\_2cd672ae.exe
[2007.05.17 10:47:04 | 000,014,062 | R--- | M] () -- C:\Documents and Settings\pajik\Data aplikací\Microsoft\Installer\{66740D00-FB42-4E34-B1D8-EFE67A282961}\_4ae13d6c.exe

< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.07.10 10:38:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009.07.10 10:38:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.07.10 10:38:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009.07.10 10:38:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2009.07.10 10:38:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2009.07.10 10:38:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2009.07.10 10:38:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2009.07.10 10:38:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2009.07.10 10:38:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2009.07.10 10:38:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2009.07.10 10:38:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2009.07.10 10:38:39 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.24 12:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0024\DriverFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006.11.09 11:45:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.11.09 11:45:39 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.11.09 11:45:39 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
No captured output from command...

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
No captured output from command...

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
No captured output from command...

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.09.22 08:41:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\pajik\Plocha\Zástupce - Norton Commander.pif:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\pajik\Plocha\Vypinac.exe:SummaryInformation
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:B3D74A13
< End of report >

#22 Příspěvek od **motji** » 22 zář 2010 09:00

Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\pajik\Plocha\Zástupce - Norton Commander.pif:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\pajik\Plocha\Vypinac.exe:SummaryInformation
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:B3D74A13
[2007.09.19 14:07:01 | 000,000,714 | -H-- | C] () -- C:\Documents and Settings\All Users\Data aplikací\saopts.dat
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - Reg Error: Value error. File not found
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - Reg Error: Value error. File not found
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.cz/buxus/docs/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-1060284298-1682526488-682003330-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-1060284298-1682526488-682003330-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-1060284298-1682526488-682003330-1003\..\Toolbar\WebBrowser: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - Reg Error: Value error. File not found

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\winlogon.exe"=-

:commands
[emptytemp]
[EMPTYFLASH]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde

Neinstaloval jste si sám program Spytech Software - Spyagent?

pajikus · #23 Příspěvek od **pajikus** » 22 zář 2010 09:35

nic takoveho jsem neinstaloval.....

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
ADS C:\Documents and Settings\pajik\Plocha\Zástupce - Norton Commander.pif:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\pajik\Plocha\Vypinac.exe:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:B3D74A13 deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\saopts.dat moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\copernicagent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6}\ deleted successfully.
File {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - Reg Error: Value error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\copernicagentcache\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D}\ deleted successfully.
File {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - Reg Error: Value error. File not found not found.
Starting removal of ActiveX control {56762DEC-6B0D-4AB4-A8AD-989993B5D08B}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{36ECAF82-3300-8F84-092E-AFF36D6C7040}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36ECAF82-3300-8F84-092E-AFF36D6C7040}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{36ECAF82-3300-8F84-092E-AFF36D6C7040}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36ECAF82-3300-8F84-092E-AFF36D6C7040}\ not found.
Registry value HKEY_USERS\S-1-5-21-1060284298-1682526488-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-21-1060284298-1682526488-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1060284298-1682526488-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}\ deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\system32\SET1DD.tmp moved successfully.
C:\WINDOWS\system32\SET2F.tmp moved successfully.
C:\WINDOWS\system32\SET31.tmp moved successfully.
C:\WINDOWS\system32\SET39.tmp moved successfully.
C:\WINDOWS\000001_.tmp moved successfully.
C:\WINDOWS\003565_.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1F2.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP261.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F5D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3E7.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4E4.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4E7.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP60B.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP62A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP64B.tmp folder moved successfully.
File move failed. C:\WINDOWS\temp\ZLT021bc.TMP scheduled to be moved on reboot.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\c:\windows\system32\winlogon.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 4106 bytes

User: All Users

User: LocalService
->Temp folder emptied: 988856 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 990792 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: pajik
->Temp folder emptied: 42819677 bytes
->Temporary Internet Files folder emptied: 9955676 bytes
->Java cache emptied: 2072958 bytes
->Flash cache emptied: 2742 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1100043 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 55,00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: LocalService

User: NetworkService

User: pajik
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.

OTL by OldTimer - Version 3.2.14.1 log created on 09222010_102343

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\ZLT021bc.TMP not found!
C:\Documents and Settings\pajik\Local Settings\Temp\IswTmp\Logs\ISWSHEX.swl moved successfully.
C:\Documents and Settings\pajik\Local Settings\Temp\Microsoft .NET Framework 3.0-KB977354_20100922_082323656-Msi0.txt moved successfully.
C:\Documents and Settings\pajik\Local Settings\Temp\~DFB6A3.tmp moved successfully.
C:\Documents and Settings\pajik\Local Settings\Temporary Internet Files\Content.IE5\HYOFUR0S\toolbar-welcome[1].htm moved successfully.
File\Folder C:\Documents and Settings\pajik\Local Settings\Temporary Internet Files\Content.IE5\DAIWDSXP\afr[1].htm not found!
C:\Documents and Settings\pajik\Local Settings\Temporary Internet Files\Content.IE5\DAIWDSXP\df949936-2850-4e26-af65-c14d91c5c48b[1].htm moved successfully.
C:\Documents and Settings\pajik\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\pajik\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...

#24 Příspěvek od **motji** » 22 zář 2010 09:48

Poprosím o nový log ze rsitu. Pc se chová jak?

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

pajikus · #25 Příspěvek od **pajikus** » 22 zář 2010 10:40

chova se v poho,nedela nic,co nema.......

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4669

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22.9.2010 11:35:04
mbam-log-2010-09-22 (11-35-04).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 183376
Uplynulý čas: 21 minuta(y), 16 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\System Volume Information\_restore{AEA7ABD9-CEA1-4E2E-B8FE-C296AE406294}\RP531\A0156809.dll (Spyware.NetVizor) -> No action taken.
C:\WINDOWS\system32\VistaUltm.dll (Trojan.Dropper.PGen) -> No action taken.

pajikus · #26 Příspěvek od **pajikus** » 22 zář 2010 11:18

zapomel jsem poslat rsit

Logfile of random's system information tool 1.08 (written by random/random)
Run by pajik at 2010-09-22 12:03:57
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 66 GB (89%) free of 74 GB
Total RAM: 1023 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:15:35, on 22.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\strong\StrongDC.exe
D:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\totalcmd\TOTALCMD.EXE
D:\paja\RSIT.exe
C:\Program Files\trend micro\pajik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
R3 - URLSearchHook: OLE (Teil 1 von 5) - - (no file)
R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: CHelper Class - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - (no file)
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Zástupce - StrongDC.lnk = C:\Program Files\strong\StrongDC.exe
O4 - Startup: Zástupce - WinVNC.lnk = D:\Program Files\TightVNC\WinVNC.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Add to Local Website Archive - {607BFC4C-D3C7-4ED7-B42A-2CA20F7CB4CA} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra button: Start Local Website Archive - {A9D89C37-9D42-445A-B835-FE6EF03FF5F3} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {0A6112F2-F9D1-4FBF-A6EC-B67B22915873} (PhotoUploader Control) - http://foto.ihned.cz/snadno-vlozit-foto ... oader2.dll
O16 - DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} (Gif89 Lite Class) - http://192.168.1.12/xplugLite.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4D0CC8B-D071-4EF4-9393-8CB0754F2390}: NameServer = 10.93.0.2,10.93.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: SPAMfighter Update Service - Acronis - (no file)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7142 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{DB840A68-7C4D-43C1-A6B8-4409DF16EDC0}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
ZoneAlarm Toolbar - C:\Program Files\ZoneAlarm\tbZone.dll [2010-05-09 2517088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-18 591336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99A7C4DD-B2E6-4CA0-BB6E-737A61364155}]
CHelper Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - ZoneAlarm Toolbar - C:\Program Files\ZoneAlarm\tbZone.dll [2010-05-09 2517088]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-18 591336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"=D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-02-19 1188456]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2006-10-17 87584]
"AcronisTimounterMonitor"=D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-02-19 1962896]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2010-03-30 917504]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-05-20 1043968]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2010-05-18 730600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\pajik\Nabídka Start\Programy\Po spuštění
Zástupce - StrongDC.lnk - C:\Program Files\strong\StrongDC.exe
Zástupce - WinVNC.lnk - D:\Program Files\TightVNC\WinVNC.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\strong\StrongDC.exe"="C:\Program Files\strong\StrongDC.exe:*:Enabled:StrongDC++"
"D:\Program Files\Miranda IM\miranda32.exe"="D:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"D:\TOTALCMD\TOTALCMD.EXE"="D:\TOTALCMD\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\skype\Skype.exe"="D:\Program Files\skype\Skype.exe:*:Enabled:Skype"
"D:\Program Files\ICQ6.5\ICQ.exe"="D:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-09-22 12:03:59 ----D---- C:\Program Files\trend micro
2010-09-22 12:03:57 ----D---- C:\rsit
2010-09-22 11:11:32 ----D---- C:\Documents and Settings\pajik\Data aplikací\Malwarebytes
2010-09-22 11:11:16 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-09-22 11:11:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-22 11:11:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-09-22 11:11:14 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-09-22 10:46:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-22 10:30:34 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-09-22 10:30:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-22 10:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-09-22 10:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-09-22 10:24:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-22 10:24:36 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-09-22 10:24:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-09-22 10:23:19 ----D---- C:\17feceb4bd1b92a5ce87de98cb9d588e
2010-09-22 10:19:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-22 10:19:19 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-22 10:11:45 ----D---- C:\Documents and Settings\pajik\Data aplikací\CheckPoint
2010-09-22 10:11:13 ----D---- C:\Program Files\Conduit
2010-09-22 10:11:11 ----D---- C:\Program Files\ZoneAlarm
2010-09-22 10:10:59 ----D---- C:\Program Files\CheckPoint
2010-09-22 10:10:48 ----A---- C:\WINDOWS\system32\vsregexp.dll
2010-09-22 10:10:42 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2010-09-22 10:10:42 ----A---- C:\WINDOWS\system32\zlcomm.dll
2010-09-22 10:10:36 ----A---- C:\WINDOWS\system32\vswmi.dll
2010-09-22 10:10:34 ----D---- C:\061a50966454ec4b9a891b3790a229
2010-09-22 10:10:34 ----A---- C:\WINDOWS\system32\zpeng25.dll
2010-09-22 10:10:33 ----A---- C:\WINDOWS\system32\vsxml.dll
2010-09-22 10:10:31 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-09-22 10:10:31 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-09-22 10:10:31 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2010-09-22 10:10:28 ----A---- C:\WINDOWS\system32\vsdatant.sys
2010-09-22 10:10:27 ----D---- C:\Program Files\Zone Labs
2010-09-22 10:10:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-09-22 10:09:55 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-09-22 10:09:48 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-22 10:09:36 ----D---- C:\WINDOWS\Internet Logs
2010-09-22 10:09:34 ----A---- C:\WINDOWS\system32\vsutil.dll
2010-09-22 10:09:34 ----A---- C:\WINDOWS\system32\vsinit.dll
2010-09-22 10:09:34 ----A---- C:\WINDOWS\system32\vsdata.dll
2010-09-22 10:08:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-09-22 10:07:40 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-09-22 10:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-22 10:07:18 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-09-22 08:43:13 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-21 16:05:22 ----A---- C:\WINDOWS\system32\UTPing.dll
2010-09-21 16:05:17 ----D---- C:\Program Files\PLANET
2010-09-21 16:01:44 ----SHD---- C:\RECYCLER
2010-09-21 13:39:14 ----D---- C:\WINDOWS\temp
2010-09-21 13:39:12 ----A---- C:\ComboFix.txt
2010-09-21 13:29:44 ----A---- C:\Boot.bak
2010-09-21 13:29:41 ----RASHD---- C:\cmdcons
2010-09-21 13:12:35 ----A---- C:\WINDOWS\NIRCMD.exe
2010-09-21 13:12:35 ----A---- C:\WINDOWS\MBR.exe
2010-09-21 13:12:32 ----A---- C:\WINDOWS\PEV.exe
2010-09-21 13:12:31 ----A---- C:\WINDOWS\zip.exe
2010-09-21 13:12:31 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-09-21 13:12:31 ----A---- C:\WINDOWS\SWSC.exe
2010-09-21 13:12:31 ----A---- C:\WINDOWS\SWREG.exe
2010-09-21 13:12:31 ----A---- C:\WINDOWS\sed.exe
2010-09-21 13:12:31 ----A---- C:\WINDOWS\grep.exe
2010-09-21 13:12:17 ----D---- C:\WINDOWS\ERDNT

======List of files/folders modified in the last 1 months======

2010-09-22 12:15:35 ----D---- C:\WINDOWS\Prefetch
2010-09-22 12:03:59 ----D---- C:\Program Files
2010-09-22 11:11:16 ----D---- C:\WINDOWS\system32\drivers
2010-09-22 11:10:04 ----A---- C:\WINDOWS\WINCMD.INI
2010-09-22 11:05:10 ----D---- C:\WINDOWS\Microsoft.NET
2010-09-22 11:04:49 ----RSD---- C:\WINDOWS\assembly
2010-09-22 10:55:49 ----D---- C:\WINDOWS
2010-09-22 10:55:31 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-22 10:55:22 ----D---- C:\WINDOWS\system32
2010-09-22 10:54:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-22 10:47:07 ----D---- C:\WINDOWS\system32\CatRoot
2010-09-22 10:46:15 ----HD---- C:\WINDOWS\inf
2010-09-22 10:46:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-22 10:30:39 ----A---- C:\WINDOWS\imsins.BAK
2010-09-22 10:24:47 ----SHD---- C:\WINDOWS\Installer
2010-09-22 10:24:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-09-22 10:22:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-22 10:22:21 ----D---- C:\WINDOWS\WinSxS
2010-09-22 10:15:43 ----D---- C:\Program Files\Internet Explorer
2010-09-22 10:07:49 ----D---- C:\Program Files\Movie Maker
2010-09-21 16:16:51 ----D---- C:\Program Files\ESET
2010-09-21 16:10:43 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-21 16:07:18 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-09-21 13:38:24 ----SD---- C:\WINDOWS\Tasks
2010-09-21 13:36:43 ----A---- C:\WINDOWS\system.ini
2010-09-21 13:36:23 ----D---- C:\WINDOWS\system32\drivers\etc
2010-09-21 13:35:06 ----D---- C:\WINDOWS\system32\config
2010-09-21 13:32:11 ----D---- C:\WINDOWS\AppPatch
2010-09-21 13:32:08 ----D---- C:\Program Files\Common Files
2010-09-21 13:29:44 ----RASH---- C:\boot.ini
2010-09-10 14:34:30 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2007-04-20 114048]
R0 timounter;Acronis True Image Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2007-04-20 395744]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2007-12-21 53768]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-08-14 17005]
R2 BT848;WinFast TV2000 XP WDM Video Capture; C:\WINDOWS\system32\drivers\wf2kvcap.sys [2003-12-12 76373]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2007-12-21 71176]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2007-04-20 39264]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; C:\WINDOWS\system32\drivers\wf2ktunr.sys [2003-12-12 32631]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; C:\WINDOWS\system32\drivers\wf2kxbar.sys [2003-12-12 10005]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-15 462684]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2007-12-21 30728]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PAC207;VideoCAM GE111; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
S3 pgfilter;pgfilter; C:\WINDOWS\system32\drivers\pgfilter.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tap0901_2gm;VPN Anonymizer Adapter; C:\WINDOWS\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4; C:\WINDOWS\system32\drivers\UfasoftSnifDriver4.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WFIOCTL;WFIOCTL; C:\WINDOWS\system32\drivers\WFIOCTL.sys []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2006-10-17 230944]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-18 493032]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2010-03-30 495616]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-05-20 2437176]
S2 OOD2000;O&O Defrag 2000; C:\WINDOWS\system32\OOD2000.exe [2001-04-06 238080]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#27 Příspěvek od **motji** » 22 zář 2010 12:40

V mbamu vše smažte.

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

***********

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

***********

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

***********

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

***********

:arrow:Za dva tři dny sem vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

A doporučila bych Vám udělat novou zálohu v acronisu, bez virů

.

Měl by jste ještě trpělivost zkusit znovu udělat Gmer? Pro jistotu

VIRY.CZ

Prosim o prohlidnuti.Dekuji moc.

Re: Prosim o prohlidnuti.Dekuji moc.

Re: Prosim o prohlidnuti.Dekuji moc.

Re: Prosim o prohlidnuti.Dekuji moc.

Re: Prosim o prohlidnuti.Dekuji moc.

Re: Prosim o prohlidnuti.Dekuji moc.

Re: Prosim o prohlidnuti.Dekuji moc.

Re: Prosim o prohlidnuti.Dekuji moc.

Re: Prosim o prohlidnuti.Dekuji moc.

Re: Prosim o prohlidnuti.Dekuji moc.

Re: Prosim o prohlidnuti.Dekuji moc.

Re: Prosim o prohlidnuti.Dekuji moc.

Re: Prosim o prohlidnuti.Dekuji moc.