Je uz to slo ted.
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2010-07-05 23:52:32
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwClose [0xF703DF80]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xF703D552]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateKey [0xF7039882]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF748FA20]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xF703CA1A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xF703C910]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xF703CF2A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xF703E034]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xF7039D54]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteValueKey [0xF7039E70]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF74904FC]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF749BE00]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xF703D906]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenKey [0xF7039B78]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF749051C]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF749BD56]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xF703D0DC]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xF703DCE0]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF749B230]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetValueKey [0xF703A038]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xF703DBB2]
---- Kernel code sections - GMER 1.0.14 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 23E9 805012D9 7 Bytes [ CA, 03, F7, 10, C9, 03, F7 ]
? C:\DOCUME~1\MA7581~1\LOCALS~1\Temp\fgtcypow.sys Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.14 ----
.text C:\Documents and Settings\míša\Plocha\gmer\gmer.exe[956] ADVAPI32.dll!RegCreateKeyExW 77DC774C 1 Byte [ E9 ]
.text C:\Documents and Settings\míša\Plocha\gmer\gmer.exe[956] ADVAPI32.dll!RegCreateKeyExW + 2 77DC774E 3 Bytes [ 3B, 28, FA ]
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7031B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7031B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F7031B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F7031B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F7031B86] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7031B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7031B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 844B2BC0
Device \FileSystem\Fastfat \FatCdrom 84055FB0
AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Ip 843A2538
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp 843A2538
Device \Driver\fwdrv \Device\FWDRV 843A2538
Device \Driver\Cdrom \Device\CdRom0 8441CE98
Device \FileSystem\Rdbss \Device\FsWrap 840DD340
Device \Driver\Cdrom \Device\CdRom1 8441CE98
Device \Driver\atapi \Device\Ide\IdeDeviceP4T1L0-16 84431C90
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 84431C90
Device \Driver\atapi \Device\Ide\IdePort0 84431C90
Device \Driver\atapi \Device\Ide\IdePort1 84431C90
Device \Driver\atapi \Device\Ide\IdePort2 84431C90
Device \Driver\atapi \Device\Ide\IdePort3 84431C90
Device \Driver\atapi \Device\Ide\IdePort4 84431C90
Device \Driver\atapi \Device\Ide\IdePort5 84431C90
Device \FileSystem\Srv \Device\LanmanServer 8401A0C8
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp 843A2538
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp 843A2538
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 840DC4C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 840DC4C8
Device \FileSystem\Npfs \Device\NamedPipe 84159318
Device \FileSystem\Msfs \Device\Mailslot 84159780
Device \Driver\d346prt \Device\Scsi\d346prt1 84411D68
Device \Driver\d346prt \Device\Scsi\d346prt1Port6Path0Target0Lun0 84411D68
Device \FileSystem\Fastfat \Fat 84055FB0
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 843A76D0
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 843A76D0
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 843A76D0
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 843A76D0
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 843A76D0
Device \FileSystem\Cdfs \Cdfs 84126E78
---- Modules - GMER 1.0.14 ----
Module _________ F73F2000-F740A000 (98304 bytes)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\d346prt\Cfg\0Jf40
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}@DisplayName DAEMON Tools
Reg HKLM\SOFTWARE\Classes\Installer\Products\B3D5AC652003B7E409EF70D1F8FD8341@ProductName DAEMON Tools
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\17\Shell@WFlags 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\17\Shell@ShowCmd 1
---- EOF - GMER 1.0.14 ----
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
avast-trojskeho kone-log z rsit
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: avast-trojskeho kone-log z rsit
Kouknu na to ráno, ted už na to nevidím 
.
Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
. Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: avast-trojskeho kone-log z rsit
Ještě po mbamu udělejte 
Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:
- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde
Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:
Kód: Vybrat vše
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: avast-trojskeho kone-log z rsit
Dobry den, log z mbam:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4284
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
6.7.2010 21:50:38
mbam-log-2010-07-06 (21-50-38).txt
Typ skenu: Úplný sken (C:\|D:\|E:\|)
Skenované objekty: 187135
Uplynulý čas: 47 minuta(y), 37 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 2
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\System Volume Information\_restore{F5BCAF1B-837D-400F-A398-9030A98DD5BA}\RP282\A0061952.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{F5BCAF1B-837D-400F-A398-9030A98DD5BA}\RP282\A0061958.exe (Trojan.Zapchast) -> No action taken.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4284
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
6.7.2010 21:50:38
mbam-log-2010-07-06 (21-50-38).txt
Typ skenu: Úplný sken (C:\|D:\|E:\|)
Skenované objekty: 187135
Uplynulý čas: 47 minuta(y), 37 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 2
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\System Volume Information\_restore{F5BCAF1B-837D-400F-A398-9030A98DD5BA}\RP282\A0061952.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{F5BCAF1B-837D-400F-A398-9030A98DD5BA}\RP282\A0061958.exe (Trojan.Zapchast) -> No action taken.
Re: avast-trojskeho kone-log z rsit
Co našel mbam, smažte.
A ještě ten log z OTL.
A ještě ten log z OTL.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: avast-trojskeho kone-log z rsit
A ten druhy z OTL na dve casti:
OTL logfile created on: 6.7.2010 21:59:13 - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\míša\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
447,00 Mb Total Physical Memory | 57,00 Mb Available Physical Memory | 13,00% Memory free
1,00 Gb Paging File | 0,00 Gb Available in Paging File | 48,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 23,96 Gb Free Space | 61,34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 88,94 Gb Total Space | 1,75 Gb Free Space | 1,97% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MISA
Current User Name: míša
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.07.06 21:57:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\míša\Plocha\OTL.exe
PRC - [2010.04.29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009.11.25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009.11.25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009.11.25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009.11.25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009.11.25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009.04.23 12:12:28 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008.03.25 04:28:02 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
PRC - [2008.03.25 04:28:02 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
PRC - [2007.08.27 14:38:50 | 000,566,616 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007.08.08 15:53:16 | 000,088,024 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
PRC - [2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.05.22 13:26:00 | 000,694,272 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
PRC - [2005.11.30 11:12:42 | 000,450,560 | ---- | M] (Seznam.cz a.s.) -- C:\Program Files\Seznam\Postak\Postak.exe
PRC - [2005.06.20 15:42:20 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004.08.17 16:49:26 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2004.03.12 22:43:18 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe
PRC - [2003.12.13 02:50:34 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
========== Modules (SafeList) ==========
MOD - [2010.07.06 21:57:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\míša\Plocha\OTL.exe
MOD - [2004.08.17 16:48:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004.08.04 00:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2009.11.25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007.08.27 14:38:50 | 000,566,616 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007.02.20 13:34:14 | 001,222,192 | ---- | M] (Sunbelt Software) [Auto | Stopped] -- C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe -- (KPF4)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender9\bdfdll.sys -- (bdfdll)
DRV - [2010.07.05 23:46:43 | 000,085,969 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer)
DRV - [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009.11.25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.11.25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007.10.25 14:18:11 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2007.02.20 13:34:08 | 000,071,088 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\khips.sys -- (khips)
DRV - [2007.02.20 13:34:02 | 000,302,000 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fwdrv.sys -- (fwdrv)
DRV - [2005.06.20 16:08:44 | 002,324,480 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005.05.13 14:00:00 | 000,068,204 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2005.03.15 04:54:04 | 001,032,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.03.09 08:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004.08.03 22:59:44 | 000,095,360 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi)
DRV - [2004.04.13 14:14:12 | 000,070,144 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004.03.12 22:41:42 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d346prt.sys -- (d346prt)
DRV - [2004.03.12 22:41:28 | 000,156,800 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d346bus.sys -- (d346bus)
DRV - [2004.03.08 13:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2001.08.17 21:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1409082233-879983540-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1409082233-879983540-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1409082233-879983540-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;<local>
IE - HKU\S-1-5-21-1409082233-879983540-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:3128
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1, localhost"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9000
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.05.17 20:34:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.04.23 12:12:54 | 000,000,000 | ---D | M]
[2009.04.23 12:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Extensions
[2009.04.22 20:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\extensions
[2007.10.07 21:20:13 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2008.02.29 10:15:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.09.17 09:17:57 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\searchplugins\icqplugin-1.xml
[2008.04.17 12:40:14 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\searchplugins\icqplugin-2.xml
[2008.07.02 21:48:26 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\searchplugins\icqplugin-3.xml
[2008.07.22 22:25:47 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\searchplugins\icqplugin-4.xml
[2008.11.25 12:02:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\searchplugins\icqplugin-5.xml
[2008.12.18 13:08:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\searchplugins\icqplugin-6.xml
[2009.03.05 16:15:52 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\searchplugins\icqplugin-7.xml
[2008.03.22 11:02:22 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\searchplugins\icqplugin.xml
[2009.04.23 12:13:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007.07.17 17:34:02 | 000,364,544 | ---- | M] (ParallelGraphics) -- C:\Program Files\Mozilla Firefox\plugins\npCortona.dll
[2009.04.23 12:12:38 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.04.23 12:12:38 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.04.23 12:12:38 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.04.23 12:12:38 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.04.23 12:12:38 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.07.05 23:15:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&S-Rank) - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll (Seznam.cz a.s.)
O3 - HKU\S-1-5-21-1409082233-879983540-725345543-1003\..\Toolbar\WebBrowser: (&S-Rank) - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll (Seznam.cz a.s.)
O4 - HKLM..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [SMail] C:\Program Files\Seznam\Postak\Postak.exe (Seznam.cz a.s.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\míša\Nabídka Start\Programy\Po spuštění\_uninst_setup_9.0.0.722_03.07.2010_23-47(2).exe.lnk = C:\Documents and Settings\míša\Local Settings\temp\_uninst_setup_9.0.0.722_03.07.2010_23-47(2).exe.bat File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-879983540-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1409082233-879983540-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1409082233-879983540-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1409082233-879983540-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Eurotran XP - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Eurotran XP\etnxp.dll ()
O9 - Extra 'Tools' menuitem : Eurotran XP... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Eurotran XP\etnxp.dll ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O15 - HKU\S-1-5-21-1409082233-879983540-725345543-1003\..Trusted Domains: ([]msn in Tento počítač)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 169.254.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\míša\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\míša\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.17 23:19:39 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008.05.17 23:19:39 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\Pvmjpg21.dll (Pegasus Imaging Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)
========== Files/Folders - Created Within 30 Days ==========
[2010.07.06 21:57:44 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\míša\Plocha\OTL.exe
[2010.07.06 20:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\míša\Data aplikací\Malwarebytes
[2010.07.06 20:54:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.06 20:54:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.07.06 20:54:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.06 20:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.07.06 20:49:44 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\míša\Plocha\mbam-setup-1.46.exe
[2010.07.05 23:46:43 | 000,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2010.07.05 23:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\míša\Plocha\gmer
[2010.07.05 23:45:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.07.05 21:02:34 | 000,499,712 | ---- | C] (eSage Lab) -- C:\Documents and Settings\míša\Plocha\remover.exe
[2010.07.05 07:55:08 | 000,095,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010.07.04 23:57:40 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010.07.04 23:52:36 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010.07.04 23:00:03 | 000,882,672 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\míša\Plocha\SPTDinst-v169-x86.exe
[2010.07.04 10:12:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010.07.04 08:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\míša\Plocha\Virus Removal Tool
[2010.07.04 00:10:47 | 074,186,112 | ---- | C] ( ) -- C:\Documents and Settings\míša\Plocha\setup_9.0.0.722_03.07.2010_23-47(2).exe
[2010.07.03 23:58:39 | 074,186,112 | ---- | C] ( ) -- C:\Documents and Settings\míša\Plocha\setup_9.0.0.722_03.07.2010_23-47.exe
[2010.07.03 23:56:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\míša\Recent
[2010.07.03 23:46:57 | 003,165,824 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\míša\Plocha\ccleaner.exe
[2010.07.03 21:54:03 | 000,000,000 | ---D | C] -- C:\Avenger
[2010.07.02 23:31:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.07.02 23:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.07.02 23:02:21 | 000,000,000 | ---D | C] -- C:\rsit
[2010.07.02 23:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\míša\Plocha\Nová složka (2)
[2010.06.30 14:19:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\míša\Plocha\Kopie - amigo fotky
[2010.06.27 12:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\míša\Plocha\Kopie - Nová složka
[2010.06.22 15:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\míša\Plocha\241442.Ło
[2010.06.13 21:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\míša\Plocha\Nová složka
[2007.10.07 20:57:18 | 000,156,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346bus.sys
[2007.10.07 20:57:18 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346prt.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[39 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[19 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.07.06 21:57:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\míša\Plocha\OTL.exe
[2010.07.06 20:57:15 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\míša\ntuser.dat
[2010.07.06 20:54:52 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.07.06 20:50:46 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\míša\Plocha\mbam-setup-1.46.exe
[2010.07.06 20:34:06 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010.07.06 20:33:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.06 20:33:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.05 23:55:39 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\míša\ntuser.ini
[2010.07.05 23:46:44 | 000,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2010.07.05 23:46:43 | 000,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2010.07.05 23:46:43 | 000,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2010.07.05 23:46:43 | 000,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2010.07.05 23:45:44 | 000,747,873 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\gmer.zip
[2010.07.05 23:16:36 | 000,000,264 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.05 23:15:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.07.05 22:02:22 | 003,726,382 | R--- | M] () -- C:\Documents and Settings\míša\Plocha\ComboFix.exe
[2010.07.05 09:41:32 | 000,001,086 | ---- | M] () -- C:\Documents and Settings\míša\Nabídka Start\Programy\Po spuštění\_uninst_setup_9.0.0.722_03.07.2010_23-47(2).exe.lnk
[2010.07.05 09:06:44 | 000,000,051 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\fix.bat
[2010.07.05 08:30:17 | 000,478,504 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\bootkit_remover.rar
[2010.07.04 23:23:30 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\mbr.exe
[2010.07.04 23:00:04 | 000,882,672 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\míša\Plocha\SPTDinst-v169-x86.exe
[2010.07.04 00:14:42 | 074,186,112 | ---- | M] ( ) -- C:\Documents and Settings\míša\Plocha\setup_9.0.0.722_03.07.2010_23-47(2).exe
[2010.07.04 00:02:41 | 074,186,112 | ---- | M] ( ) -- C:\Documents and Settings\míša\Plocha\setup_9.0.0.722_03.07.2010_23-47.exe
[2010.07.03 23:51:47 | 000,001,623 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\CCleaner.lnk
[2010.07.03 23:47:11 | 003,165,824 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\míša\Plocha\ccleaner.exe
[2010.07.03 23:40:29 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\antiTDL3.bat
[2010.07.03 22:50:10 | 000,981,780 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\tdsskiller.zip
[2010.07.03 21:49:27 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\avenger.exe
[2010.07.02 23:31:55 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.07.02 23:01:51 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\RSIT(2).exe
[2010.07.02 22:59:07 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\RSIT.exe
[2010.07.01 21:53:01 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.07.01 21:46:53 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\Ahoj Madli.doc
[2010.06.30 21:46:09 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\míša\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.30 14:48:01 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.06.30 07:58:56 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\Nový objekt - WinRAR archive.rar
[2010.06.29 18:30:33 | 000,000,192 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010.06.29 07:16:38 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\míša\Data aplikací\vso_ts_preview.xml
[2010.06.27 20:27:03 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.26 18:31:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.06.23 20:07:04 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\míša\intlname.ols
[2010.06.22 20:48:28 | 000,014,710 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\c53_s.jpg
[2010.06.22 20:47:43 | 000,063,817 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\c52_b.jpg
[2010.06.21 14:50:01 | 000,001,531 | ---- | M] () -- C:\Documents and Settings\míša\Dokumenty\PDVD_MediaDisc.PlayList
[2010.06.16 12:13:10 | 000,000,778 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.10 22:24:04 | 000,008,445 | ---- | M] () -- C:\Documents and Settings\míša\Dokumenty\m.eml
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[39 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[19 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.07.06 20:54:52 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.07.05 23:46:44 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2010.07.05 23:46:43 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2010.07.05 23:46:43 | 000,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2010.07.05 23:46:43 | 000,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2010.07.05 23:45:44 | 000,747,873 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\gmer.zip
[2010.07.05 09:41:32 | 000,001,086 | ---- | C] () -- C:\Documents and Settings\míša\Nabídka Start\Programy\Po spuštění\_uninst_setup_9.0.0.722_03.07.2010_23-47(2).exe.lnk
[2010.07.05 09:06:44 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\fix.bat
[2010.07.05 08:30:16 | 000,478,504 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\bootkit_remover.rar
[2010.07.05 07:55:08 | 000,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2010.07.04 23:31:26 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\gmer.exe
[2010.07.04 23:23:30 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\mbr.exe
[2010.07.03 23:51:47 | 000,001,623 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\CCleaner.lnk
[2010.07.03 23:40:29 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\antiTDL3.bat
[2010.07.03 22:50:08 | 000,981,780 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\tdsskiller.zip
[2010.07.03 21:49:26 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\avenger.exe
[2010.07.02 23:31:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.07.02 23:31:50 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.07.02 23:25:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.07.02 23:25:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.07.02 23:24:14 | 003,726,382 | R--- | C] () -- C:\Documents and Settings\míša\Plocha\ComboFix.exe
[2010.07.02 23:01:51 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\RSIT(2).exe
[2010.07.02 22:59:06 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\RSIT.exe
[2010.06.30 07:58:56 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\Nový objekt - WinRAR archive.rar
[2010.06.22 20:48:27 | 000,014,710 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\c53_s.jpg
[2010.06.22 20:47:41 | 000,063,817 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\c52_b.jpg
[2010.06.21 14:50:01 | 000,001,531 | ---- | C] () -- C:\Documents and Settings\míša\Dokumenty\PDVD_MediaDisc.PlayList
[2010.06.13 22:12:12 | 002,794,685 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\P1060201.JPG
[2010.06.12 23:45:49 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\Ahoj Madli.doc
[2010.06.10 22:24:04 | 000,008,445 | ---- | C] () -- C:\Documents and Settings\míša\Dokumenty\m.eml
[2009.04.15 13:45:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009.01.24 23:06:52 | 000,000,408 | ---- | C] () -- C:\WINDOWS\BestRecord.ini
[2008.03.15 22:08:47 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.03.15 22:08:43 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.03.15 22:08:43 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.03.15 22:08:43 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007.11.20 23:43:48 | 000,133,120 | ---- | C] () -- C:\WINDOWS\System32\cp211_vrml1to2.dll
[2007.11.20 23:43:47 | 000,779,776 | ---- | C] () -- C:\WINDOWS\System32\cp211_main.dll
[2007.11.20 23:43:47 | 000,226,304 | ---- | C] () -- C:\WINDOWS\System32\cp211_msjava.dll
[2007.11.20 23:43:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\cp211_lang.dll
[2007.11.20 23:43:46 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\cp211_javascript.dll
[2007.11.20 23:43:46 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\cp211_graphicsmed8.dll
[2007.11.20 23:43:46 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\cp211_graphicssmall8.dll
[2007.11.20 23:43:46 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\cp211_graphicssmall16.dll
[2007.11.20 23:43:46 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\cp211_graphicspos.dll
[2007.11.20 23:43:45 | 000,285,184 | ---- | C] () -- C:\WINDOWS\System32\cp211_graphicslarge8.dll
[2007.11.20 23:43:45 | 000,285,184 | ---- | C] () -- C:\WINDOWS\System32\cp211_graphicslarge16.dll
[2007.11.20 23:43:45 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\cp211_graphicsmed16.dll
[2007.11.20 23:43:45 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\cp211_basic.dll
[2007.08.21 02:26:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007.08.21 02:26:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007.08.16 00:33:14 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007.08.16 00:30:26 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007.08.08 17:30:12 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007.08.02 19:11:28 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2007.08.02 19:11:14 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2007.07.27 16:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007.07.27 16:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007.01.20 17:33:00 | 000,000,169 | ---- | C] () -- C:\WINDOWS\Visen.ini
[2007.01.20 17:30:53 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Vanilka.ini
[2007.01.20 17:28:58 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Jahoda.ini
[2007.01.20 17:27:31 | 000,000,160 | ---- | C] () -- C:\WINDOWS\Citron.ini
[2007.01.20 17:23:33 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Pomeranc.ini
[2007.01.20 17:18:58 | 000,000,160 | ---- | C] () -- C:\WINDOWS\Jablko.ini
[2006.05.01 19:22:34 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006.05.01 19:22:34 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\2534FE75F5.sys
[2006.05.01 19:14:04 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006.04.03 22:27:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.03.23 17:52:16 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006.03.22 04:45:27 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.03.22 04:30:31 | 000,000,094 | ---- | C] () -- C:\WINDOWS\SCS.INI
[2005.12.05 21:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005.12.05 14:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2004.10.27 00:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004.03.01 08:53:21 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2003.09.30 12:47:47 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2003.09.30 12:47:47 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003.09.30 12:47:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003.09.30 12:47:46 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2003.09.30 12:47:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003.08.07 15:01:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003.04.09 16:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2006.10.17 21:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\BitDefender
[2007.06.27 21:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\EnterNHelp
[2007.12.04 22:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Escape From Paradise
[2007.06.29 12:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\muvee Technologies
[2007.06.27 20:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Nikon
[2007.06.27 20:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PrintingModule
[2007.12.04 22:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2007.06.27 21:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ultima_T15
[2009.02.08 21:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\AIMP
[2006.10.17 21:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Bitdefender
[2006.07.26 20:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Desktop Sidebar
[2008.09.20 17:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\ICQ
[2008.10.19 22:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Miranda
[2007.06.29 12:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\muvee Technologies
[2007.08.26 17:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Nikon
[2007.01.30 17:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\OLYMPUS
[2006.03.22 04:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Opera
[2010.06.29 07:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Vso
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2004.10.13 18:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation)
< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.04.10 22:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Adobe
[2006.10.18 13:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\AdobeUM
[2009.02.08 21:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\AIMP
[2007.01.30 18:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Apple Computer
[2006.10.17 21:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Bitdefender
[2006.04.01 22:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\CyberLink
[2006.07.26 20:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Desktop Sidebar
[2008.02.20 23:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\DivX
[2006.03.22 03:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Help
[2008.09.20 17:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\ICQ
[2006.11.20 21:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Identities
[2007.09.05 15:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Lavasoft
[2006.04.15 22:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Macromedia
[2010.07.06 20:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Malwarebytes
[2008.02.21 12:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Media Player Classic
[2009.09.03 19:51:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\míša\Data aplikací\Microsoft
[2008.10.19 22:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Miranda
[2009.04.23 12:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Mozilla
[2006.04.19 10:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\MSN6
[2007.06.29 12:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\muvee Technologies
[2007.08.26 17:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Nikon
[2007.01.30 17:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\OLYMPUS
[2006.03.22 04:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Opera
[2008.08.03 23:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Real
[2010.07.01 23:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Skype
[2010.01.09 22:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\skypePM
[2006.03.22 04:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Sun
[2010.06.29 07:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Vso
< %APPDATA%\*.exe /s >
< MD5 for: AGP440.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\erdnt\cache\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004.08.04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002.08.29 02:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2001.10.25 14:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CDROM.SYS >
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:cdrom.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\cdrom.sys
[2002.08.29 02:27:56 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=6506E033AD04CFEC9EE56DBEFD1083DD -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
[2004.08.03 23:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2004.08.04 07:59:52 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\cdrom.sys
[2004.08.03 23:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2002.09.20 19:03:40 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2004.08.17 16:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\erdnt\cache\cryptsvc.dll
[2004.08.17 16:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2004.08.18 00:49:03 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\cryptsvc.dll
[2004.08.17 16:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\eventlog.dll
[2004.08.17 16:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2004.08.17 16:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004.08.18 00:49:06 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\eventlog.dll
[2004.08.17 16:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
[2002.09.20 19:03:50 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2002.09.20 19:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\explorer.exe
[2004.08.17 16:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004.08.17 16:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.18 00:49:22 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\explorer.exe
[2007.06.13 15:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:hal.dll
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\hal.dll
[2004.08.03 23:59:20 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=C321C95318495909A0066FB0EDC97287 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.04 07:59:19 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=C321C95318495909A0066FB0EDC97287 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\hal.dll
[2002.08.29 02:05:04 | 000,127,872 | ---- | M] (Microsoft Corporation) MD5=E8D2B5D5186A9B93D7019D7A74D77A1E -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
[2004.08.03 23:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\HAL.DLL
< MD5 for: CHANGER.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\changer.sys
[2004.08.04 00:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2004.08.04 08:00:12 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\changer.sys
< MD5 for: ISAPNP.SYS >
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\isapnp.sys
< MD5 for: LSASS.EXE >
[2002.09.20 19:05:32 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=32F7074BAC9A5F899CCA9C046C9FA6EB -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2004.08.17 16:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\erdnt\cache\lsass.exe
[2004.08.17 16:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2004.08.18 00:49:23 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\lsass.exe
[2004.08.17 16:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\lsass.exe
OTL logfile created on: 6.7.2010 21:59:13 - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\míša\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
447,00 Mb Total Physical Memory | 57,00 Mb Available Physical Memory | 13,00% Memory free
1,00 Gb Paging File | 0,00 Gb Available in Paging File | 48,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 23,96 Gb Free Space | 61,34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 88,94 Gb Total Space | 1,75 Gb Free Space | 1,97% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MISA
Current User Name: míša
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.07.06 21:57:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\míša\Plocha\OTL.exe
PRC - [2010.04.29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009.11.25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009.11.25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009.11.25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009.11.25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009.11.25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009.04.23 12:12:28 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008.03.25 04:28:02 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
PRC - [2008.03.25 04:28:02 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
PRC - [2007.08.27 14:38:50 | 000,566,616 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007.08.08 15:53:16 | 000,088,024 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
PRC - [2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.05.22 13:26:00 | 000,694,272 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
PRC - [2005.11.30 11:12:42 | 000,450,560 | ---- | M] (Seznam.cz a.s.) -- C:\Program Files\Seznam\Postak\Postak.exe
PRC - [2005.06.20 15:42:20 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004.08.17 16:49:26 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2004.03.12 22:43:18 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe
PRC - [2003.12.13 02:50:34 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
========== Modules (SafeList) ==========
MOD - [2010.07.06 21:57:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\míša\Plocha\OTL.exe
MOD - [2004.08.17 16:48:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004.08.04 00:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2009.11.25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007.08.27 14:38:50 | 000,566,616 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007.02.20 13:34:14 | 001,222,192 | ---- | M] (Sunbelt Software) [Auto | Stopped] -- C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe -- (KPF4)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender9\bdfdll.sys -- (bdfdll)
DRV - [2010.07.05 23:46:43 | 000,085,969 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer)
DRV - [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009.11.25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.11.25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007.10.25 14:18:11 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2007.02.20 13:34:08 | 000,071,088 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\khips.sys -- (khips)
DRV - [2007.02.20 13:34:02 | 000,302,000 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fwdrv.sys -- (fwdrv)
DRV - [2005.06.20 16:08:44 | 002,324,480 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005.05.13 14:00:00 | 000,068,204 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2005.03.15 04:54:04 | 001,032,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.03.09 08:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004.08.03 22:59:44 | 000,095,360 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi)
DRV - [2004.04.13 14:14:12 | 000,070,144 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004.03.12 22:41:42 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d346prt.sys -- (d346prt)
DRV - [2004.03.12 22:41:28 | 000,156,800 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d346bus.sys -- (d346bus)
DRV - [2004.03.08 13:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2001.08.17 21:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1409082233-879983540-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1409082233-879983540-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1409082233-879983540-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;<local>
IE - HKU\S-1-5-21-1409082233-879983540-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:3128
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1, localhost"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9000
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.05.17 20:34:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.04.23 12:12:54 | 000,000,000 | ---D | M]
[2009.04.23 12:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Extensions
[2009.04.22 20:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\extensions
[2007.10.07 21:20:13 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2008.02.29 10:15:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.09.17 09:17:57 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\searchplugins\icqplugin-1.xml
[2008.04.17 12:40:14 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\searchplugins\icqplugin-2.xml
[2008.07.02 21:48:26 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\searchplugins\icqplugin-3.xml
[2008.07.22 22:25:47 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\searchplugins\icqplugin-4.xml
[2008.11.25 12:02:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\searchplugins\icqplugin-5.xml
[2008.12.18 13:08:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\searchplugins\icqplugin-6.xml
[2009.03.05 16:15:52 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\searchplugins\icqplugin-7.xml
[2008.03.22 11:02:22 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\searchplugins\icqplugin.xml
[2009.04.23 12:13:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007.07.17 17:34:02 | 000,364,544 | ---- | M] (ParallelGraphics) -- C:\Program Files\Mozilla Firefox\plugins\npCortona.dll
[2009.04.23 12:12:38 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.04.23 12:12:38 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.04.23 12:12:38 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.04.23 12:12:38 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.04.23 12:12:38 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.07.05 23:15:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&S-Rank) - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll (Seznam.cz a.s.)
O3 - HKU\S-1-5-21-1409082233-879983540-725345543-1003\..\Toolbar\WebBrowser: (&S-Rank) - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll (Seznam.cz a.s.)
O4 - HKLM..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [SMail] C:\Program Files\Seznam\Postak\Postak.exe (Seznam.cz a.s.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\míša\Nabídka Start\Programy\Po spuštění\_uninst_setup_9.0.0.722_03.07.2010_23-47(2).exe.lnk = C:\Documents and Settings\míša\Local Settings\temp\_uninst_setup_9.0.0.722_03.07.2010_23-47(2).exe.bat File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-879983540-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1409082233-879983540-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1409082233-879983540-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1409082233-879983540-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Eurotran XP - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Eurotran XP\etnxp.dll ()
O9 - Extra 'Tools' menuitem : Eurotran XP... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Eurotran XP\etnxp.dll ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O15 - HKU\S-1-5-21-1409082233-879983540-725345543-1003\..Trusted Domains: ([]msn in Tento počítač)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 169.254.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\míša\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\míša\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.17 23:19:39 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008.05.17 23:19:39 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\Pvmjpg21.dll (Pegasus Imaging Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)
========== Files/Folders - Created Within 30 Days ==========
[2010.07.06 21:57:44 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\míša\Plocha\OTL.exe
[2010.07.06 20:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\míša\Data aplikací\Malwarebytes
[2010.07.06 20:54:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.06 20:54:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.07.06 20:54:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.06 20:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.07.06 20:49:44 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\míša\Plocha\mbam-setup-1.46.exe
[2010.07.05 23:46:43 | 000,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2010.07.05 23:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\míša\Plocha\gmer
[2010.07.05 23:45:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.07.05 21:02:34 | 000,499,712 | ---- | C] (eSage Lab) -- C:\Documents and Settings\míša\Plocha\remover.exe
[2010.07.05 07:55:08 | 000,095,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010.07.04 23:57:40 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010.07.04 23:52:36 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010.07.04 23:00:03 | 000,882,672 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\míša\Plocha\SPTDinst-v169-x86.exe
[2010.07.04 10:12:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010.07.04 08:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\míša\Plocha\Virus Removal Tool
[2010.07.04 00:10:47 | 074,186,112 | ---- | C] ( ) -- C:\Documents and Settings\míša\Plocha\setup_9.0.0.722_03.07.2010_23-47(2).exe
[2010.07.03 23:58:39 | 074,186,112 | ---- | C] ( ) -- C:\Documents and Settings\míša\Plocha\setup_9.0.0.722_03.07.2010_23-47.exe
[2010.07.03 23:56:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\míša\Recent
[2010.07.03 23:46:57 | 003,165,824 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\míša\Plocha\ccleaner.exe
[2010.07.03 21:54:03 | 000,000,000 | ---D | C] -- C:\Avenger
[2010.07.02 23:31:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.07.02 23:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.07.02 23:02:21 | 000,000,000 | ---D | C] -- C:\rsit
[2010.07.02 23:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\míša\Plocha\Nová složka (2)
[2010.06.30 14:19:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\míša\Plocha\Kopie - amigo fotky
[2010.06.27 12:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\míša\Plocha\Kopie - Nová složka
[2010.06.22 15:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\míša\Plocha\241442.Ło
[2010.06.13 21:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\míša\Plocha\Nová složka
[2007.10.07 20:57:18 | 000,156,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346bus.sys
[2007.10.07 20:57:18 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346prt.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[39 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[19 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.07.06 21:57:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\míša\Plocha\OTL.exe
[2010.07.06 20:57:15 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\míša\ntuser.dat
[2010.07.06 20:54:52 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.07.06 20:50:46 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\míša\Plocha\mbam-setup-1.46.exe
[2010.07.06 20:34:06 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010.07.06 20:33:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.06 20:33:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.05 23:55:39 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\míša\ntuser.ini
[2010.07.05 23:46:44 | 000,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2010.07.05 23:46:43 | 000,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2010.07.05 23:46:43 | 000,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2010.07.05 23:46:43 | 000,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2010.07.05 23:45:44 | 000,747,873 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\gmer.zip
[2010.07.05 23:16:36 | 000,000,264 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.05 23:15:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.07.05 22:02:22 | 003,726,382 | R--- | M] () -- C:\Documents and Settings\míša\Plocha\ComboFix.exe
[2010.07.05 09:41:32 | 000,001,086 | ---- | M] () -- C:\Documents and Settings\míša\Nabídka Start\Programy\Po spuštění\_uninst_setup_9.0.0.722_03.07.2010_23-47(2).exe.lnk
[2010.07.05 09:06:44 | 000,000,051 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\fix.bat
[2010.07.05 08:30:17 | 000,478,504 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\bootkit_remover.rar
[2010.07.04 23:23:30 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\mbr.exe
[2010.07.04 23:00:04 | 000,882,672 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\míša\Plocha\SPTDinst-v169-x86.exe
[2010.07.04 00:14:42 | 074,186,112 | ---- | M] ( ) -- C:\Documents and Settings\míša\Plocha\setup_9.0.0.722_03.07.2010_23-47(2).exe
[2010.07.04 00:02:41 | 074,186,112 | ---- | M] ( ) -- C:\Documents and Settings\míša\Plocha\setup_9.0.0.722_03.07.2010_23-47.exe
[2010.07.03 23:51:47 | 000,001,623 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\CCleaner.lnk
[2010.07.03 23:47:11 | 003,165,824 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\míša\Plocha\ccleaner.exe
[2010.07.03 23:40:29 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\antiTDL3.bat
[2010.07.03 22:50:10 | 000,981,780 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\tdsskiller.zip
[2010.07.03 21:49:27 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\avenger.exe
[2010.07.02 23:31:55 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.07.02 23:01:51 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\RSIT(2).exe
[2010.07.02 22:59:07 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\RSIT.exe
[2010.07.01 21:53:01 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.07.01 21:46:53 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\Ahoj Madli.doc
[2010.06.30 21:46:09 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\míša\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.30 14:48:01 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.06.30 07:58:56 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\Nový objekt - WinRAR archive.rar
[2010.06.29 18:30:33 | 000,000,192 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010.06.29 07:16:38 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\míša\Data aplikací\vso_ts_preview.xml
[2010.06.27 20:27:03 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.26 18:31:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.06.23 20:07:04 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\míša\intlname.ols
[2010.06.22 20:48:28 | 000,014,710 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\c53_s.jpg
[2010.06.22 20:47:43 | 000,063,817 | ---- | M] () -- C:\Documents and Settings\míša\Plocha\c52_b.jpg
[2010.06.21 14:50:01 | 000,001,531 | ---- | M] () -- C:\Documents and Settings\míša\Dokumenty\PDVD_MediaDisc.PlayList
[2010.06.16 12:13:10 | 000,000,778 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.10 22:24:04 | 000,008,445 | ---- | M] () -- C:\Documents and Settings\míša\Dokumenty\m.eml
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[39 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[19 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.07.06 20:54:52 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.07.05 23:46:44 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2010.07.05 23:46:43 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2010.07.05 23:46:43 | 000,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2010.07.05 23:46:43 | 000,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2010.07.05 23:45:44 | 000,747,873 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\gmer.zip
[2010.07.05 09:41:32 | 000,001,086 | ---- | C] () -- C:\Documents and Settings\míša\Nabídka Start\Programy\Po spuštění\_uninst_setup_9.0.0.722_03.07.2010_23-47(2).exe.lnk
[2010.07.05 09:06:44 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\fix.bat
[2010.07.05 08:30:16 | 000,478,504 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\bootkit_remover.rar
[2010.07.05 07:55:08 | 000,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2010.07.04 23:31:26 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\gmer.exe
[2010.07.04 23:23:30 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\mbr.exe
[2010.07.03 23:51:47 | 000,001,623 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\CCleaner.lnk
[2010.07.03 23:40:29 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\antiTDL3.bat
[2010.07.03 22:50:08 | 000,981,780 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\tdsskiller.zip
[2010.07.03 21:49:26 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\avenger.exe
[2010.07.02 23:31:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.07.02 23:31:50 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.07.02 23:25:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.07.02 23:25:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.07.02 23:24:14 | 003,726,382 | R--- | C] () -- C:\Documents and Settings\míša\Plocha\ComboFix.exe
[2010.07.02 23:01:51 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\RSIT(2).exe
[2010.07.02 22:59:06 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\RSIT.exe
[2010.06.30 07:58:56 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\Nový objekt - WinRAR archive.rar
[2010.06.22 20:48:27 | 000,014,710 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\c53_s.jpg
[2010.06.22 20:47:41 | 000,063,817 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\c52_b.jpg
[2010.06.21 14:50:01 | 000,001,531 | ---- | C] () -- C:\Documents and Settings\míša\Dokumenty\PDVD_MediaDisc.PlayList
[2010.06.13 22:12:12 | 002,794,685 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\P1060201.JPG
[2010.06.12 23:45:49 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\míša\Plocha\Ahoj Madli.doc
[2010.06.10 22:24:04 | 000,008,445 | ---- | C] () -- C:\Documents and Settings\míša\Dokumenty\m.eml
[2009.04.15 13:45:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009.01.24 23:06:52 | 000,000,408 | ---- | C] () -- C:\WINDOWS\BestRecord.ini
[2008.03.15 22:08:47 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.03.15 22:08:43 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.03.15 22:08:43 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.03.15 22:08:43 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007.11.20 23:43:48 | 000,133,120 | ---- | C] () -- C:\WINDOWS\System32\cp211_vrml1to2.dll
[2007.11.20 23:43:47 | 000,779,776 | ---- | C] () -- C:\WINDOWS\System32\cp211_main.dll
[2007.11.20 23:43:47 | 000,226,304 | ---- | C] () -- C:\WINDOWS\System32\cp211_msjava.dll
[2007.11.20 23:43:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\cp211_lang.dll
[2007.11.20 23:43:46 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\cp211_javascript.dll
[2007.11.20 23:43:46 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\cp211_graphicsmed8.dll
[2007.11.20 23:43:46 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\cp211_graphicssmall8.dll
[2007.11.20 23:43:46 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\cp211_graphicssmall16.dll
[2007.11.20 23:43:46 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\cp211_graphicspos.dll
[2007.11.20 23:43:45 | 000,285,184 | ---- | C] () -- C:\WINDOWS\System32\cp211_graphicslarge8.dll
[2007.11.20 23:43:45 | 000,285,184 | ---- | C] () -- C:\WINDOWS\System32\cp211_graphicslarge16.dll
[2007.11.20 23:43:45 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\cp211_graphicsmed16.dll
[2007.11.20 23:43:45 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\cp211_basic.dll
[2007.08.21 02:26:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007.08.21 02:26:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007.08.16 00:33:14 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007.08.16 00:30:26 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007.08.08 17:30:12 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007.08.02 19:11:28 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2007.08.02 19:11:14 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2007.07.27 16:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007.07.27 16:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007.01.20 17:33:00 | 000,000,169 | ---- | C] () -- C:\WINDOWS\Visen.ini
[2007.01.20 17:30:53 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Vanilka.ini
[2007.01.20 17:28:58 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Jahoda.ini
[2007.01.20 17:27:31 | 000,000,160 | ---- | C] () -- C:\WINDOWS\Citron.ini
[2007.01.20 17:23:33 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Pomeranc.ini
[2007.01.20 17:18:58 | 000,000,160 | ---- | C] () -- C:\WINDOWS\Jablko.ini
[2006.05.01 19:22:34 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006.05.01 19:22:34 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\2534FE75F5.sys
[2006.05.01 19:14:04 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006.04.03 22:27:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.03.23 17:52:16 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006.03.22 04:45:27 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.03.22 04:30:31 | 000,000,094 | ---- | C] () -- C:\WINDOWS\SCS.INI
[2005.12.05 21:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005.12.05 14:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2004.10.27 00:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004.03.01 08:53:21 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2003.09.30 12:47:47 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2003.09.30 12:47:47 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003.09.30 12:47:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003.09.30 12:47:46 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2003.09.30 12:47:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003.08.07 15:01:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003.04.09 16:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2006.10.17 21:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\BitDefender
[2007.06.27 21:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\EnterNHelp
[2007.12.04 22:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Escape From Paradise
[2007.06.29 12:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\muvee Technologies
[2007.06.27 20:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Nikon
[2007.06.27 20:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PrintingModule
[2007.12.04 22:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2007.06.27 21:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ultima_T15
[2009.02.08 21:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\AIMP
[2006.10.17 21:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Bitdefender
[2006.07.26 20:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Desktop Sidebar
[2008.09.20 17:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\ICQ
[2008.10.19 22:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Miranda
[2007.06.29 12:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\muvee Technologies
[2007.08.26 17:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Nikon
[2007.01.30 17:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\OLYMPUS
[2006.03.22 04:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Opera
[2010.06.29 07:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Vso
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2004.10.13 18:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation)
< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.04.10 22:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Adobe
[2006.10.18 13:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\AdobeUM
[2009.02.08 21:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\AIMP
[2007.01.30 18:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Apple Computer
[2006.10.17 21:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Bitdefender
[2006.04.01 22:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\CyberLink
[2006.07.26 20:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Desktop Sidebar
[2008.02.20 23:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\DivX
[2006.03.22 03:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Help
[2008.09.20 17:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\ICQ
[2006.11.20 21:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Identities
[2007.09.05 15:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Lavasoft
[2006.04.15 22:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Macromedia
[2010.07.06 20:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Malwarebytes
[2008.02.21 12:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Media Player Classic
[2009.09.03 19:51:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\míša\Data aplikací\Microsoft
[2008.10.19 22:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Miranda
[2009.04.23 12:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Mozilla
[2006.04.19 10:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\MSN6
[2007.06.29 12:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\muvee Technologies
[2007.08.26 17:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Nikon
[2007.01.30 17:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\OLYMPUS
[2006.03.22 04:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Opera
[2008.08.03 23:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Real
[2010.07.01 23:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Skype
[2010.01.09 22:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\skypePM
[2006.03.22 04:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Sun
[2010.06.29 07:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\míša\Data aplikací\Vso
< %APPDATA%\*.exe /s >
< MD5 for: AGP440.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\erdnt\cache\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004.08.04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002.08.29 02:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2001.10.25 14:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CDROM.SYS >
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:cdrom.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\cdrom.sys
[2002.08.29 02:27:56 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=6506E033AD04CFEC9EE56DBEFD1083DD -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
[2004.08.03 23:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2004.08.04 07:59:52 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\cdrom.sys
[2004.08.03 23:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2002.09.20 19:03:40 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2004.08.17 16:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\erdnt\cache\cryptsvc.dll
[2004.08.17 16:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2004.08.18 00:49:03 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\cryptsvc.dll
[2004.08.17 16:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\eventlog.dll
[2004.08.17 16:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2004.08.17 16:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004.08.18 00:49:06 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\eventlog.dll
[2004.08.17 16:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
[2002.09.20 19:03:50 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2002.09.20 19:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\explorer.exe
[2004.08.17 16:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004.08.17 16:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.18 00:49:22 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\explorer.exe
[2007.06.13 15:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:hal.dll
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\hal.dll
[2004.08.03 23:59:20 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=C321C95318495909A0066FB0EDC97287 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.04 07:59:19 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=C321C95318495909A0066FB0EDC97287 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\hal.dll
[2002.08.29 02:05:04 | 000,127,872 | ---- | M] (Microsoft Corporation) MD5=E8D2B5D5186A9B93D7019D7A74D77A1E -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
[2004.08.03 23:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\HAL.DLL
< MD5 for: CHANGER.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\changer.sys
[2004.08.04 00:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2004.08.04 08:00:12 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\changer.sys
< MD5 for: ISAPNP.SYS >
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\isapnp.sys
< MD5 for: LSASS.EXE >
[2002.09.20 19:05:32 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=32F7074BAC9A5F899CCA9C046C9FA6EB -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2004.08.17 16:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\erdnt\cache\lsass.exe
[2004.08.17 16:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2004.08.18 00:49:23 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\lsass.exe
[2004.08.17 16:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\lsass.exe
Re: avast-trojskeho kone-log z rsit
< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ndis.sys
[2002.08.29 03:09:26 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\erdnt\cache\ndis.sys
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2004.08.04 08:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\ndis.sys
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.17 16:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2004.08.17 16:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004.08.18 00:49:13 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\netlogon.dll
[2004.08.17 16:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\netlogon.dll
[2002.09.20 19:04:34 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CF03E300B5CEEFFEFBE6F67532BD0EF1 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 16:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2004.08.17 16:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004.08.18 00:49:16 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\scecli.dll
[2004.08.17 16:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\scecli.dll
[2002.09.20 19:04:42 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B2666CAB5E8C8A741D63F18D551A47FB -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 16:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2004.08.18 00:49:27 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\smss.exe
[2004.08.17 16:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2002.09.20 19:05:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7763D73255AD4046FA999D42EAF22C26 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\smss.exe
< MD5 for: SVCHOST.EXE >
[2001.10.25 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\svchost.exe
[2004.08.17 16:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\erdnt\cache\svchost.exe
[2004.08.17 16:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004.08.18 00:49:27 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\svchost.exe
[2004.08.17 16:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2GDR\tcpip.sys
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2002.08.29 02:58:12 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\WINDOWS\$NtUninstallKB917953_0$\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\erdnt\cache\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.01.13 19:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\SoftwareDistribution\Download\88b61d8186801830b4c7eb1666dbe60c\SP2QFE\tcpip.sys
[2006.01.13 04:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\SoftwareDistribution\Download\88b61d8186801830b4c7eb1666dbe60c\SP2GDR\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2006.01.13 03:13:17 | 000,340,480 | ---- | M] (Microsoft Corporation) MD5=8C101C9C566E2384AF28EF7C1DE4A36E -- C:\WINDOWS\SoftwareDistribution\Download\88b61d8186801830b4c7eb1666dbe60c\SP1QFE\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2004.08.04 00:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2004.08.04 00:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2004.08.04 08:14:40 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[2006.04.20 13:38:44 | 000,340,480 | ---- | M] (Microsoft Corporation) MD5=B8158E2A6112C0A5CA67BC158FC70218 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\userinit.exe
[2004.08.17 16:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\erdnt\cache\userinit.exe
[2004.08.17 16:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004.08.18 00:49:27 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\userinit.exe
[2004.08.17 16:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
[2002.09.20 19:05:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B26871B5CE92F9D95AE6E62119799EB9 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 16:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2004.08.17 16:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004.08.18 00:49:27 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\winlogon.exe
[2004.08.17 16:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\winlogon.exe
[2002.09.20 19:05:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=FF8857D1AF59071F172C0FAD0FD33E87 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 16:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\erdnt\cache\ws2_32.dll
[2004.08.17 16:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2004.08.18 00:49:20 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\ws2_32.dll
[2004.08.17 16:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
[2006.05.19 14:40:46 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=3F8C60A9CBE3BA6B163E51A4D4397090 -- C:\WINDOWS\$NtUninstallKB922819_0$\ws2_32.dll
[2001.10.25 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\$NtUninstallKB914388_0$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ws2_32.dll
[2006.08.16 14:16:16 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=D23E4E91AB6A1D922F6F1BFE81F56589 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[39 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys
< %systemroot%\System32\config\*.sav >
[2006.03.22 04:27:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.03.22 04:27:32 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.03.22 04:27:32 | 000,409,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[39 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
[2010.07.05 23:46:43 | 000,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys
< %systemroot%\system32\*.* /3 >
[39 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:AA0E2C50
< End of report >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ndis.sys
[2002.08.29 03:09:26 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\erdnt\cache\ndis.sys
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2004.08.04 08:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\ndis.sys
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.17 16:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2004.08.17 16:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004.08.18 00:49:13 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\netlogon.dll
[2004.08.17 16:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\netlogon.dll
[2002.09.20 19:04:34 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CF03E300B5CEEFFEFBE6F67532BD0EF1 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 16:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2004.08.17 16:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004.08.18 00:49:16 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\scecli.dll
[2004.08.17 16:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\scecli.dll
[2002.09.20 19:04:42 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B2666CAB5E8C8A741D63F18D551A47FB -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 16:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2004.08.18 00:49:27 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\smss.exe
[2004.08.17 16:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2002.09.20 19:05:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7763D73255AD4046FA999D42EAF22C26 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\smss.exe
< MD5 for: SVCHOST.EXE >
[2001.10.25 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\svchost.exe
[2004.08.17 16:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\erdnt\cache\svchost.exe
[2004.08.17 16:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004.08.18 00:49:27 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\svchost.exe
[2004.08.17 16:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2GDR\tcpip.sys
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2002.08.29 02:58:12 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\WINDOWS\$NtUninstallKB917953_0$\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\erdnt\cache\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.01.13 19:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\SoftwareDistribution\Download\88b61d8186801830b4c7eb1666dbe60c\SP2QFE\tcpip.sys
[2006.01.13 04:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\SoftwareDistribution\Download\88b61d8186801830b4c7eb1666dbe60c\SP2GDR\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2006.01.13 03:13:17 | 000,340,480 | ---- | M] (Microsoft Corporation) MD5=8C101C9C566E2384AF28EF7C1DE4A36E -- C:\WINDOWS\SoftwareDistribution\Download\88b61d8186801830b4c7eb1666dbe60c\SP1QFE\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2004.08.04 00:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2004.08.04 00:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2004.08.04 08:14:40 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[2006.04.20 13:38:44 | 000,340,480 | ---- | M] (Microsoft Corporation) MD5=B8158E2A6112C0A5CA67BC158FC70218 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\userinit.exe
[2004.08.17 16:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\erdnt\cache\userinit.exe
[2004.08.17 16:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004.08.18 00:49:27 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\userinit.exe
[2004.08.17 16:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
[2002.09.20 19:05:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B26871B5CE92F9D95AE6E62119799EB9 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 16:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2004.08.17 16:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004.08.18 00:49:27 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\winlogon.exe
[2004.08.17 16:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\winlogon.exe
[2002.09.20 19:05:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=FF8857D1AF59071F172C0FAD0FD33E87 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 16:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\erdnt\cache\ws2_32.dll
[2004.08.17 16:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2004.08.18 00:49:20 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\ws2_32.dll
[2004.08.17 16:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
[2006.05.19 14:40:46 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=3F8C60A9CBE3BA6B163E51A4D4397090 -- C:\WINDOWS\$NtUninstallKB922819_0$\ws2_32.dll
[2001.10.25 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\$NtUninstallKB914388_0$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ws2_32.dll
[2006.08.16 14:16:16 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=D23E4E91AB6A1D922F6F1BFE81F56589 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[39 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys
< %systemroot%\System32\config\*.sav >
[2006.03.22 04:27:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.03.22 04:27:32 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.03.22 04:27:32 | 000,409,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[39 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
[2010.07.05 23:46:43 | 000,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys
< %systemroot%\system32\*.* /3 >
[39 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:AA0E2C50
< End of report >
Re: avast-trojskeho kone-log z rsit
mam provest ten otl jeste jednou -ted po smazani toho, co nasel ten mbam?
Re: avast-trojskeho kone-log z rsit
Ne, nedělejte.
Běžte do nouzového režimu
Start - spustit - do příkazového řádku zadejte
enter
Stáhněte Avenger
http://swandog46.geekstogo.com/avenger.exe
-spustíte program a potvrdíte kliknutím na ok,tím potvrzujete, že všechny činnosti s tím spojené činíte na vlastní riziko.
-Po odkliknutí se objeví hlavní okno programu,do bílého okna něj zkopírujte tento skript:
-zaškrtněte políčko scan for rootkits
a klikněte na tlačítko Execute.
-Potom se objeví okno,kde kliknutím Yes potvrdíte spuštění skriptu. Pak znovu tlačítkem yes potvrdíte restart počítače.
-Po restartu by se měl otevřít poznámkový blok s logem o vykonání skriptu, bude také uložený v C:\avenger.txt.
-Log vložte sem
Pak znovu spusťte combofix
Běžte do nouzového režimu Start - spustit - do příkazového řádku zadejte
Kód: Vybrat vše
extrac32 /L %systemdrive%\ "C:\WINDOWS\Driver Cache\i386\sp2.cab" atapi.sys
http://swandog46.geekstogo.com/avenger.exe
-spustíte program a potvrdíte kliknutím na ok,tím potvrzujete, že všechny činnosti s tím spojené činíte na vlastní riziko.
-Po odkliknutí se objeví hlavní okno programu,do bílého okna něj zkopírujte tento skript:
Kód: Vybrat vše
Begin copying here:
Files to move:
C:\atapi.sys | C:\WINDOWS\system32\drivers\atapi.sys
a klikněte na tlačítko Execute.
-Potom se objeví okno,kde kliknutím Yes potvrdíte spuštění skriptu. Pak znovu tlačítkem yes potvrdíte restart počítače.
-Po restartu by se měl otevřít poznámkový blok s logem o vykonání skriptu, bude také uložený v C:\avenger.txt.
-Log vložte sem
Pak znovu spusťte combofixNepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: avast-trojskeho kone-log z rsit
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File move operation "C:\atapi.sys|C:\WINDOWS\system32\drivers\atapi.sys" completed successfully.
Completed script processing.
*******************
Finished! Terminate.
..ted jdu pustit ten combofix
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File move operation "C:\atapi.sys|C:\WINDOWS\system32\drivers\atapi.sys" completed successfully.
Completed script processing.
*******************
Finished! Terminate.
..ted jdu pustit ten combofix
Re: avast-trojskeho kone-log z rsit
a z combofixu:
ComboFix 10-07-06.02 - míša 06.07.2010 23:08:56.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.447.60 [GMT 2:00]
Spuštěný z: c:\documents and settings\míša\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100706-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Kerio Personal Firewall *enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-06 do 2010-07-06 )))))))))))))))))))))))))))))))
.
2010-07-06 18:54 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-06 18:54 . 2010-07-06 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-06 18:54 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-05 03:55 . 2004-08-03 18:59 95360 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2010-07-05 03:55 . 2004-08-03 18:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-07-04 21:52 . 2010-07-04 21:52 -------- d-----w- C:\spoolerlogs
2010-07-04 08:12 . 2010-07-04 08:12 -------- d--h--w- c:\windows\PIF
2010-07-02 21:02 . 2010-07-02 21:03 -------- d-----w- c:\program files\trend micro
2010-07-02 21:02 . 2010-07-02 21:04 -------- d-----w- C:\rsit
2010-06-27 18:25 . 2010-06-27 18:25 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-13 19:39 . 2008-02-21 19:46 -------- d-----w- c:\program files\rajce
2010-05-24 20:26 . 2001-10-25 12:00 49452 ----a-w- c:\windows\system32\perfc005.dat
2010-05-24 20:26 . 2001-10-25 12:00 318304 ----a-w- c:\windows\system32\perfh005.dat
2004-12-03 08:49 . 2006-05-01 17:26 9409536 -c----w- c:\program files\sidebarb75.exe
2004-12-02 13:31 . 2006-05-01 17:19 7741336 -c----w- c:\program files\DivX521XP2K.exe
2004-11-30 12:11 . 2006-05-01 17:12 4567928 -c----w- c:\program files\winamp506_full.exe
2004-11-30 11:37 . 2006-05-01 17:07 12717056 -c----w- c:\program files\MP10Setup.exe
2006-05-01 17:22 . 2006-05-01 17:22 56 --sh--r- c:\windows\system32\2534FE75F5.sys
2006-05-01 17:22 . 2006-05-01 17:22 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-03 18:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2001-10-25 . A64013E98426E1877CB653685C5C0009 . 86656 . . [5.1.2600.0] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 339968]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2005-11-30 450560]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"AAWTray"="c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-03-12 81920]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-3-22 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-6-27 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [7.10.2007 20:57 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [7.10.2007 20:57 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.4.2009 19:37 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 13:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 13:34 71088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2009 19:37 20560]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = 127.0.0.1:3128
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;<local>
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Eurotran XP\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Eurotran XP\etnxp.dll
FF - ProfilePath - c:\documents and settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9000
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npdrmv2.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npdsplay.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Opera75\Program\Plugins\nppl3260.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npwmsdrm.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 23:19
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll dvd43llh.sys >>UNKNOWN [0x8412C470]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf761afc3
\Driver\ACPI -> ACPI.sys @ 0xf7466cb8
\Driver\atapi -> dvd43llh.sys @ 0xf7937b20
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="?\11\09"
"DeviceDesc"="?\11\09"
"ProviderName"="???\11??H\11??"
"MFG"="???"
"ReinstallString"=".10.1000.5"
"DeviceInstanceIds"=multi:"d:\\ati\\rs480\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2852)
c:\progra~1\WINDOW~3\wmpband.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\wdfmgr.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Java\jre1.6.0_06\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2010-07-06 23:28:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-06 21:28
ComboFix2.txt 2010-07-05 21:24
ComboFix3.txt 2010-07-05 06:22
ComboFix4.txt 2010-07-03 20:29
ComboFix5.txt 2010-07-06 20:59
Před spuštěním: Volných bajtů: 25 649 377 280
Po spuštění: Volných bajtů: 25 671 880 704
- - End Of File - - 869BF0634A77D22CA9BA497FB2EB43ED
ComboFix 10-07-06.02 - míša 06.07.2010 23:08:56.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.447.60 [GMT 2:00]
Spuštěný z: c:\documents and settings\míša\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100706-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Kerio Personal Firewall *enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-06 do 2010-07-06 )))))))))))))))))))))))))))))))
.
2010-07-06 18:54 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-06 18:54 . 2010-07-06 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-06 18:54 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-05 03:55 . 2004-08-03 18:59 95360 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2010-07-05 03:55 . 2004-08-03 18:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-07-04 21:52 . 2010-07-04 21:52 -------- d-----w- C:\spoolerlogs
2010-07-04 08:12 . 2010-07-04 08:12 -------- d--h--w- c:\windows\PIF
2010-07-02 21:02 . 2010-07-02 21:03 -------- d-----w- c:\program files\trend micro
2010-07-02 21:02 . 2010-07-02 21:04 -------- d-----w- C:\rsit
2010-06-27 18:25 . 2010-06-27 18:25 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-13 19:39 . 2008-02-21 19:46 -------- d-----w- c:\program files\rajce
2010-05-24 20:26 . 2001-10-25 12:00 49452 ----a-w- c:\windows\system32\perfc005.dat
2010-05-24 20:26 . 2001-10-25 12:00 318304 ----a-w- c:\windows\system32\perfh005.dat
2004-12-03 08:49 . 2006-05-01 17:26 9409536 -c----w- c:\program files\sidebarb75.exe
2004-12-02 13:31 . 2006-05-01 17:19 7741336 -c----w- c:\program files\DivX521XP2K.exe
2004-11-30 12:11 . 2006-05-01 17:12 4567928 -c----w- c:\program files\winamp506_full.exe
2004-11-30 11:37 . 2006-05-01 17:07 12717056 -c----w- c:\program files\MP10Setup.exe
2006-05-01 17:22 . 2006-05-01 17:22 56 --sh--r- c:\windows\system32\2534FE75F5.sys
2006-05-01 17:22 . 2006-05-01 17:22 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-03 18:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2001-10-25 . A64013E98426E1877CB653685C5C0009 . 86656 . . [5.1.2600.0] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 339968]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2005-11-30 450560]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"AAWTray"="c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-03-12 81920]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-3-22 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-6-27 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [7.10.2007 20:57 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [7.10.2007 20:57 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.4.2009 19:37 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 13:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 13:34 71088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2009 19:37 20560]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = 127.0.0.1:3128
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;<local>
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Eurotran XP\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Eurotran XP\etnxp.dll
FF - ProfilePath - c:\documents and settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9000
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npdrmv2.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npdsplay.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Opera75\Program\Plugins\nppl3260.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npwmsdrm.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 23:19
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll dvd43llh.sys >>UNKNOWN [0x8412C470]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf761afc3
\Driver\ACPI -> ACPI.sys @ 0xf7466cb8
\Driver\atapi -> dvd43llh.sys @ 0xf7937b20
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="?\11\09"
"DeviceDesc"="?\11\09"
"ProviderName"="???\11??H\11??"
"MFG"="???"
"ReinstallString"=".10.1000.5"
"DeviceInstanceIds"=multi:"d:\\ati\\rs480\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2852)
c:\progra~1\WINDOW~3\wmpband.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\wdfmgr.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Java\jre1.6.0_06\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2010-07-06 23:28:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-06 21:28
ComboFix2.txt 2010-07-05 21:24
ComboFix3.txt 2010-07-05 06:22
ComboFix4.txt 2010-07-03 20:29
ComboFix5.txt 2010-07-06 20:59
Před spuštěním: Volných bajtů: 25 649 377 280
Po spuštění: Volných bajtů: 25 671 880 704
- - End Of File - - 869BF0634A77D22CA9BA497FB2EB43ED
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: avast-trojskeho kone-log z rsit
Treba odinstalovat Daemon tools.
Stahni dle ze stranek SPTD http://www.duplexsecure.com/en/downloads verzi dle sveho operacniho systemu. SPTD for Windows (32 bit) nebo (64b) na plochu
- spust
- zvol moznost Uninstall
- restart PC.
http://jpshortstuff.247fixes.com/beta/Defogger.exe , spust, nech disablovat, vloz log, ktery se vytvori, samozrejmne nech restartovat pc.
Pri tejto akcii je nutné mať ComboFix na ploche.
Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.
Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:
Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Po skonceni skenu vlož log čo ComboFix vytvorí
Stahni dle ze stranek SPTD http://www.duplexsecure.com/en/downloads verzi dle sveho operacniho systemu. SPTD for Windows (32 bit) nebo (64b) na plochu- spust
- zvol moznost Uninstall
- restart PC.
http://jpshortstuff.247fixes.com/beta/Defogger.exe , spust, nech disablovat, vloz log, ktery se vytvori, samozrejmne nech restartovat pc.Pri tejto akcii je nutné mať ComboFix na ploche.
Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.
Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:
Kód: Vybrat vše
KILLALL::
FCOPY::
c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\atapi.sys | c:\windows\system32\drivers\atapi.sys
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Po skonceni skenu vlož log čo ComboFix vytvorí
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: avast-trojskeho kone-log z rsit
To s tim odinstalovani daemonu uz jsme zkouseli predtim. Zkusila jsem to ted znovu, ale nejde zvolit moznost uninstall.
log z defoggeru:
defogger_disable by jpshortstuff (25.01.10.1)
Log created at 09:05 on 07/07/2010 (míša)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read atapi.sys
d346prt -> Disabled (Service running -> reboot required)
SPTD -> Already disabled
Log z combofix je zde.Ta resid. ochrana avastu se po kazdym restartu spusti, tak jsem to pak v prubehu zase vypla,ale nevim,jestli to tomu nemohlo nejak vadit,ze ten avast behem toho scanu zase na chvili nabehl. Firewall jsem predtim vypla,ale taky nevim, jestli po tech restartech nenabehl.Mozna bude lepsi ty programy na ty scany odinstalovat?
ComboFix 10-07-06.03 - míša 07.07.2010 9:25.9.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.447.60 [GMT 2:00]
Spuštěný z: c:\documents and settings\míša\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\míša\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100706-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Kerio Personal Firewall *enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--------------- FCopy ---------------
c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-07 do 2010-07-07 )))))))))))))))))))))))))))))))
.
2010-07-06 18:54 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-06 18:54 . 2010-07-06 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-06 18:54 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-05 01:55 . 2004-08-04 05:59 95360 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2010-07-05 01:55 . 2004-08-04 05:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-07-04 21:52 . 2010-07-04 21:52 -------- d-----w- C:\spoolerlogs
2010-07-04 08:12 . 2010-07-04 08:12 -------- d--h--w- c:\windows\PIF
2010-07-02 21:02 . 2010-07-02 21:03 -------- d-----w- c:\program files\trend micro
2010-07-02 21:02 . 2010-07-02 21:04 -------- d-----w- C:\rsit
2010-06-27 18:25 . 2010-06-27 18:25 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-13 19:39 . 2008-02-21 19:46 -------- d-----w- c:\program files\rajce
2010-05-24 20:26 . 2001-10-25 12:00 49452 ----a-w- c:\windows\system32\perfc005.dat
2010-05-24 20:26 . 2001-10-25 12:00 318304 ----a-w- c:\windows\system32\perfh005.dat
2004-12-03 08:49 . 2006-05-01 17:26 9409536 -c----w- c:\program files\sidebarb75.exe
2004-12-02 13:31 . 2006-05-01 17:19 7741336 -c----w- c:\program files\DivX521XP2K.exe
2004-11-30 12:11 . 2006-05-01 17:12 4567928 -c----w- c:\program files\winamp506_full.exe
2004-11-30 11:37 . 2006-05-01 17:07 12717056 -c----w- c:\program files\MP10Setup.exe
2006-05-01 17:22 . 2006-05-01 17:22 56 --sh--r- c:\windows\system32\2534FE75F5.sys
2006-05-01 17:22 . 2006-05-01 17:22 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-04 05:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[7] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2001-10-25 . A64013E98426E1877CB653685C5C0009 . 86656 . . [5.1.2600.0] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 339968]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2005-11-30 450560]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"AAWTray"="c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-03-12 81920]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-3-22 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-6-27 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [7.10.2007 20:57 156800]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.4.2009 19:37 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 13:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 13:34 71088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2009 19:37 20560]
S4 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [7.10.2007 20:57 5248]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = 127.0.0.1:3128
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;<local>
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Eurotran XP\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Eurotran XP\etnxp.dll
FF - ProfilePath - c:\documents and settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9000
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npdrmv2.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npdsplay.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Opera75\Program\Plugins\nppl3260.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npwmsdrm.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 09:35
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll dvd43llh.sys >>UNKNOWN [0x8428BB00]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf761afc3
\Driver\ACPI -> ACPI.sys @ 0xf7466cb8
\Driver\atapi -> dvd43llh.sys @ 0xf7917b20
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="?\11\09"
"DeviceDesc"="?\11\09"
"ProviderName"="???\11??H\11??"
"MFG"="???"
"ReinstallString"=".10.1000.5"
"DeviceInstanceIds"=multi:"d:\\ati\\rs480\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2008)
c:\progra~1\WINDOW~3\wmpband.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\System32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Java\jre1.6.0_06\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2010-07-07 09:43:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-07 07:43
ComboFix2.txt 2010-07-06 21:28
ComboFix3.txt 2010-07-05 21:24
ComboFix4.txt 2010-07-05 06:22
ComboFix5.txt 2010-07-07 07:18
Před spuštěním: Volných bajtů: 25 884 057 600
Po spuštění: Volných bajtů: 25 868 029 952
- - End Of File - - B5A00B0315E7E9E793FB9829247EC726
log z defoggeru:
defogger_disable by jpshortstuff (25.01.10.1)
Log created at 09:05 on 07/07/2010 (míša)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read atapi.sys
d346prt -> Disabled (Service running -> reboot required)
SPTD -> Already disabled
Log z combofix je zde.Ta resid. ochrana avastu se po kazdym restartu spusti, tak jsem to pak v prubehu zase vypla,ale nevim,jestli to tomu nemohlo nejak vadit,ze ten avast behem toho scanu zase na chvili nabehl. Firewall jsem predtim vypla,ale taky nevim, jestli po tech restartech nenabehl.Mozna bude lepsi ty programy na ty scany odinstalovat?
ComboFix 10-07-06.03 - míša 07.07.2010 9:25.9.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.447.60 [GMT 2:00]
Spuštěný z: c:\documents and settings\míša\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\míša\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100706-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Kerio Personal Firewall *enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--------------- FCopy ---------------
c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-07 do 2010-07-07 )))))))))))))))))))))))))))))))
.
2010-07-06 18:54 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-06 18:54 . 2010-07-06 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-06 18:54 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-05 01:55 . 2004-08-04 05:59 95360 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2010-07-05 01:55 . 2004-08-04 05:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-07-04 21:52 . 2010-07-04 21:52 -------- d-----w- C:\spoolerlogs
2010-07-04 08:12 . 2010-07-04 08:12 -------- d--h--w- c:\windows\PIF
2010-07-02 21:02 . 2010-07-02 21:03 -------- d-----w- c:\program files\trend micro
2010-07-02 21:02 . 2010-07-02 21:04 -------- d-----w- C:\rsit
2010-06-27 18:25 . 2010-06-27 18:25 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-13 19:39 . 2008-02-21 19:46 -------- d-----w- c:\program files\rajce
2010-05-24 20:26 . 2001-10-25 12:00 49452 ----a-w- c:\windows\system32\perfc005.dat
2010-05-24 20:26 . 2001-10-25 12:00 318304 ----a-w- c:\windows\system32\perfh005.dat
2004-12-03 08:49 . 2006-05-01 17:26 9409536 -c----w- c:\program files\sidebarb75.exe
2004-12-02 13:31 . 2006-05-01 17:19 7741336 -c----w- c:\program files\DivX521XP2K.exe
2004-11-30 12:11 . 2006-05-01 17:12 4567928 -c----w- c:\program files\winamp506_full.exe
2004-11-30 11:37 . 2006-05-01 17:07 12717056 -c----w- c:\program files\MP10Setup.exe
2006-05-01 17:22 . 2006-05-01 17:22 56 --sh--r- c:\windows\system32\2534FE75F5.sys
2006-05-01 17:22 . 2006-05-01 17:22 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-04 05:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[7] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2001-10-25 . A64013E98426E1877CB653685C5C0009 . 86656 . . [5.1.2600.0] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 339968]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2005-11-30 450560]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"AAWTray"="c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-03-12 81920]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-3-22 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-6-27 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [7.10.2007 20:57 156800]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.4.2009 19:37 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 13:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 13:34 71088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2009 19:37 20560]
S4 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [7.10.2007 20:57 5248]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = 127.0.0.1:3128
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;<local>
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Eurotran XP\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Eurotran XP\etnxp.dll
FF - ProfilePath - c:\documents and settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9000
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npdrmv2.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npdsplay.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Opera75\Program\Plugins\nppl3260.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npwmsdrm.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 09:35
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll dvd43llh.sys >>UNKNOWN [0x8428BB00]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf761afc3
\Driver\ACPI -> ACPI.sys @ 0xf7466cb8
\Driver\atapi -> dvd43llh.sys @ 0xf7917b20
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="?\11\09"
"DeviceDesc"="?\11\09"
"ProviderName"="???\11??H\11??"
"MFG"="???"
"ReinstallString"=".10.1000.5"
"DeviceInstanceIds"=multi:"d:\\ati\\rs480\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2008)
c:\progra~1\WINDOW~3\wmpband.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\System32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Java\jre1.6.0_06\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2010-07-07 09:43:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-07 07:43
ComboFix2.txt 2010-07-06 21:28
ComboFix3.txt 2010-07-05 21:24
ComboFix4.txt 2010-07-05 06:22
ComboFix5.txt 2010-07-07 07:18
Před spuštěním: Volných bajtů: 25 884 057 600
Po spuštění: Volných bajtů: 25 868 029 952
- - End Of File - - B5A00B0315E7E9E793FB9829247EC726
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: avast-trojskeho kone-log z rsit
ok,zatial atapi odolova
odinstaluj aj tento program.
c:\program files\dvd43
Pri tejto akcii je nutné mať ComboFix na ploche.
Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.
Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:
Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Po skonceni skenu vlož log čo ComboFix vytvorí
odinstaluj aj tento program.
c:\program files\dvd43
Pri tejto akcii je nutné mať ComboFix na ploche.
Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.
Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:
Kód: Vybrat vše
KILLALL::
SRPeek::
c:\windows\system32\drivers\atapi.sys
RESTORE::
c:\windows\system32\drivers\atapi.sys
RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Po skonceni skenu vlož log čo ComboFix vytvorí
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: avast-trojskeho kone-log z rsit
ComboFix 10-07-06.03 - míša 07.07.2010 11:34:28.10.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.447.182 [GMT 2:00]
Spuštěný z: c:\documents and settings\míša\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\míša\Plocha\CFScript.txt
FW: Sunbelt Kerio Personal Firewall *disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
Nakažená kopie c:\windows\system32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-07 do 2010-07-07 )))))))))))))))))))))))))))))))
.
2010-07-06 18:54 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-06 18:54 . 2010-07-06 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-06 18:54 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-04 23:55 . 2004-08-04 05:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-07-04 21:52 . 2010-07-04 21:52 -------- d-----w- C:\spoolerlogs
2010-07-04 08:12 . 2010-07-04 08:12 -------- d--h--w- c:\windows\PIF
2010-07-02 21:02 . 2010-07-02 21:03 -------- d-----w- c:\program files\trend micro
2010-07-02 21:02 . 2010-07-02 21:04 -------- d-----w- C:\rsit
2010-06-27 18:25 . 2010-06-27 18:25 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-13 19:39 . 2008-02-21 19:46 -------- d-----w- c:\program files\rajce
2010-05-24 20:26 . 2001-10-25 12:00 49452 ----a-w- c:\windows\system32\perfc005.dat
2010-05-24 20:26 . 2001-10-25 12:00 318304 ----a-w- c:\windows\system32\perfh005.dat
2004-12-03 08:49 . 2006-05-01 17:26 9409536 -c----w- c:\program files\sidebarb75.exe
2004-12-02 13:31 . 2006-05-01 17:19 7741336 -c----w- c:\program files\DivX521XP2K.exe
2004-11-30 12:11 . 2006-05-01 17:12 4567928 -c----w- c:\program files\winamp506_full.exe
2004-11-30 11:37 . 2006-05-01 17:07 12717056 -c----w- c:\program files\MP10Setup.exe
2006-05-01 17:22 . 2006-05-01 17:22 56 --sh--r- c:\windows\system32\2534FE75F5.sys
2006-05-01 17:22 . 2006-05-01 17:22 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
c:\avenger\atapi.sys [x]
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 \RP282\A0061956.sys
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 \RP285\A0064274.sys
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 c:\combofix\atapi.sys
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 \RP282\A0061710.sys
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 \RP285\A0064822.sys
c:\qoobox\32788R22FWJFW\atapi.sys [x]
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 \RP284\A0064109.sys
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 c:\windows\system32\dllcache\atapi.sys
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 \RP282\A0061841.sys
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 \RP285\A0065075.sys
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 c:\windows\system32\drivers\atapi.sys
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 \RP282\A0061634.sys
[-] 92FB5DE727AB5CB84E120C17C4CF7197 95360 \RP285\A0065049.sys
.
------- Sigcheck -------
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\atapi.sys
[-] 2004-08-04 05:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[7] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2001-10-25 . A64013E98426E1877CB653685C5C0009 . 86656 . . [5.1.2600.0] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-07-03_08.01.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-05 21:46 . 2010-07-05 21:46 85969 c:\windows\system32\drivers\gmer.sys
+ 2010-07-05 21:46 . 2008-04-17 19:13 811008 c:\windows\gmer.exe
+ 2010-07-05 21:46 . 2010-07-05 21:46 884736 c:\windows\gmer.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 339968]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2005-11-30 450560]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"AAWTray"="c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-03-12 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-3-22 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-6-27 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [7.10.2007 20:57 156800]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 13:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 13:34 71088]
S4 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [7.10.2007 20:57 5248]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = 127.0.0.1:3128
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;<local>
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Eurotran XP\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Eurotran XP\etnxp.dll
FF - ProfilePath - c:\documents and settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9000
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npdrmv2.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npdsplay.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Opera75\Program\Plugins\nppl3260.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npwmsdrm.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 11:43
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x842B6B00]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf761afc3
\Driver\ACPI -> ACPI.sys @ 0xf7466cb8
\Driver\atapi -> 0x842b6b00
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="?\11\09"
"DeviceDesc"="?\11\09"
"ProviderName"="???\11??H\11??"
"MFG"="???"
"ReinstallString"=".10.1000.5"
"DeviceInstanceIds"=multi:"d:\\ati\\rs480\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2940)
c:\progra~1\WINDOW~3\wmpband.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Java\jre1.6.0_06\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2010-07-07 11:49:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-07 09:49
ComboFix2.txt 2010-07-07 07:43
ComboFix3.txt 2010-07-06 21:28
ComboFix4.txt 2010-07-05 21:24
ComboFix5.txt 2010-07-07 09:06
Před spuštěním: Volných bajtů: 25 982 099 456
Po spuštění: Volných bajtů: 25 971 757 056
- - End Of File - - 50510572ED360A2514DF266005D2C523
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.447.182 [GMT 2:00]
Spuštěný z: c:\documents and settings\míša\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\míša\Plocha\CFScript.txt
FW: Sunbelt Kerio Personal Firewall *disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
Nakažená kopie c:\windows\system32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-07 do 2010-07-07 )))))))))))))))))))))))))))))))
.
2010-07-06 18:54 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-06 18:54 . 2010-07-06 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-06 18:54 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-04 23:55 . 2004-08-04 05:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-07-04 21:52 . 2010-07-04 21:52 -------- d-----w- C:\spoolerlogs
2010-07-04 08:12 . 2010-07-04 08:12 -------- d--h--w- c:\windows\PIF
2010-07-02 21:02 . 2010-07-02 21:03 -------- d-----w- c:\program files\trend micro
2010-07-02 21:02 . 2010-07-02 21:04 -------- d-----w- C:\rsit
2010-06-27 18:25 . 2010-06-27 18:25 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-13 19:39 . 2008-02-21 19:46 -------- d-----w- c:\program files\rajce
2010-05-24 20:26 . 2001-10-25 12:00 49452 ----a-w- c:\windows\system32\perfc005.dat
2010-05-24 20:26 . 2001-10-25 12:00 318304 ----a-w- c:\windows\system32\perfh005.dat
2004-12-03 08:49 . 2006-05-01 17:26 9409536 -c----w- c:\program files\sidebarb75.exe
2004-12-02 13:31 . 2006-05-01 17:19 7741336 -c----w- c:\program files\DivX521XP2K.exe
2004-11-30 12:11 . 2006-05-01 17:12 4567928 -c----w- c:\program files\winamp506_full.exe
2004-11-30 11:37 . 2006-05-01 17:07 12717056 -c----w- c:\program files\MP10Setup.exe
2006-05-01 17:22 . 2006-05-01 17:22 56 --sh--r- c:\windows\system32\2534FE75F5.sys
2006-05-01 17:22 . 2006-05-01 17:22 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
c:\avenger\atapi.sys [x]
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 \RP282\A0061956.sys
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 \RP285\A0064274.sys
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 c:\combofix\atapi.sys
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 \RP282\A0061710.sys
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 \RP285\A0064822.sys
c:\qoobox\32788R22FWJFW\atapi.sys [x]
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 \RP284\A0064109.sys
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 c:\windows\system32\dllcache\atapi.sys
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 \RP282\A0061841.sys
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 \RP285\A0065075.sys
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 c:\windows\system32\drivers\atapi.sys
[7] CDFE4411A69C224BD1D11B2DA92DAC51 95360 \RP282\A0061634.sys
[-] 92FB5DE727AB5CB84E120C17C4CF7197 95360 \RP285\A0065049.sys
.
------- Sigcheck -------
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\atapi.sys
[-] 2004-08-04 05:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[7] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2001-10-25 . A64013E98426E1877CB653685C5C0009 . 86656 . . [5.1.2600.0] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-07-03_08.01.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-05 21:46 . 2010-07-05 21:46 85969 c:\windows\system32\drivers\gmer.sys
+ 2010-07-05 21:46 . 2008-04-17 19:13 811008 c:\windows\gmer.exe
+ 2010-07-05 21:46 . 2010-07-05 21:46 884736 c:\windows\gmer.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 339968]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2005-11-30 450560]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"AAWTray"="c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-03-12 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-3-22 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-6-27 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [7.10.2007 20:57 156800]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 13:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 13:34 71088]
S4 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [7.10.2007 20:57 5248]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = 127.0.0.1:3128
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;<local>
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Eurotran XP\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Eurotran XP\etnxp.dll
FF - ProfilePath - c:\documents and settings\míša\Data aplikací\Mozilla\Firefox\Profiles\s2ullyll.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9000
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npdrmv2.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npdsplay.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Opera75\Program\Plugins\nppl3260.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npwmsdrm.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 11:43
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x842B6B00]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf761afc3
\Driver\ACPI -> ACPI.sys @ 0xf7466cb8
\Driver\atapi -> 0x842b6b00
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="?\11\09"
"DeviceDesc"="?\11\09"
"ProviderName"="???\11??H\11??"
"MFG"="???"
"ReinstallString"=".10.1000.5"
"DeviceInstanceIds"=multi:"d:\\ati\\rs480\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2940)
c:\progra~1\WINDOW~3\wmpband.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Java\jre1.6.0_06\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2010-07-07 11:49:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-07 09:49
ComboFix2.txt 2010-07-07 07:43
ComboFix3.txt 2010-07-06 21:28
ComboFix4.txt 2010-07-05 21:24
ComboFix5.txt 2010-07-07 09:06
Před spuštěním: Volných bajtů: 25 982 099 456
Po spuštění: Volných bajtů: 25 971 757 056
- - End Of File - - 50510572ED360A2514DF266005D2C523
Přispějete na provoz fóra?