Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
tak MBAM už nic nenašel, aspon něco..
ale ty aktualizace jsou mi divný.. googlim googlím a moc problémů podobných není. A už vůbec ne na Win Serveru.
V posledních dnes se stala i nepříjemná věc. Někdo tolik SPAMoval, že poskytovatel SMTP i POP serveru nám bloknul všechny porty (celou IP), tudíž nešlo ani stahovat maily a to ani zabezpečen. Ale ty aktualizace mě trápí čím dál víc
každopádně díky moc za pomoc.. .Ale kdyby něco někoho napadlo, šup sem s tím... zkusit se má všechno
ale ty aktualizace jsou mi divný.. googlim googlím a moc problémů podobných není. A už vůbec ne na Win Serveru.
V posledních dnes se stala i nepříjemná věc. Někdo tolik SPAMoval, že poskytovatel SMTP i POP serveru nám bloknul všechny porty (celou IP), tudíž nešlo ani stahovat maily a to ani zabezpečen. Ale ty aktualizace mě trápí čím dál víc
každopádně díky moc za pomoc.. .Ale kdyby něco někoho napadlo, šup sem s tím...
zkusit se má všechno Re: Prosím o kontrolu logu
Spamoval Vám tento počítač nebo jiný?
Na ty aktualizace se zkusím ještě zeptat kolegu, ale jde o server, a stím nemám vůbec žádné zkušenosti . Nezkoušel jste opravu z inst. cd?
Na ty aktualizace se zkusím ještě zeptat kolegu, ale jde o server, a stím nemám vůbec žádné zkušenosti
. Nezkoušel jste opravu z inst. cd?Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
jsem projistotu pustil AVP... no, hned něco našel, zatím furt to samý... tak jsem to hodil do virustotal...
a zde je drastickej výsledek:
AhnLab-V3 2010.11.10.00 2010.11.09 Win-Trojan/Magania.10619453
AntiVir 7.10.13.196 2010.11.09 TR/PSW.Magania.dnwp
Antiy-AVL 2.0.3.7 2010.11.10 Trojan/Win32.Magania.gen
Authentium 5.2.0.5 2010.11.10 W32/Redosdru.D.gen!Eldorado
Avast 4.8.1351.0 2010.11.09 Win32:Malware-gen
Avast5 5.0.594.0 2010.11.09 Win32:Malware-gen
AVG 9.0.0.851 2010.11.09 PSW.OnlineGames3.ARLR
BitDefender 7.2 2010.11.10 Trojan.Generic.4602268
CAT-QuickHeal 11.00 2010.11.09 -
ClamAV 0.96.4.0 2010.11.09 -
Comodo 6670 2010.11.10 TrojWare.Win32.Dialer.J
DrWeb 5.0.2.03300 2010.11.10 Trojan.PWS.Stealer.311
Emsisoft 5.0.0.50 2010.11.10 Backdoor.Win32.Inject!IK
eSafe 7.0.17.0 2010.11.09 -
eTrust-Vet 36.1.7966 2010.11.10 Win32/Gosht.AY
F-Prot 4.6.2.117 2010.11.09 W32/Redosdru.D.gen!Eldorado
F-Secure 9.0.16160.0 2010.11.10 Trojan.Generic.4602268
Fortinet 4.2.249.0 2010.11.09 -
GData 21 2010.11.10 Trojan.Generic.4602268
Ikarus T3.1.1.90.0 2010.11.10 Backdoor.Win32.Inject
Jiangmin 13.0.900 2010.11.10 Trojan/PSW.Magania.apne
K7AntiVirus 9.67.2940 2010.11.09 Riskware
Kaspersky 7.0.0.125 2010.11.10 Trojan-GameThief.Win32.Magania.dnwp
McAfee 5.400.0.1158 2010.11.10 -
McAfee-GW-Edition 2010.1C 2010.11.10 -
Microsoft 1.6301 2010.11.10 Trojan:Win32/AgentBypass.gen!K
NOD32 5605 2010.11.09 probably a variant of Win32/Farfli.AW
Norman 6.06.10 2010.11.09 -
nProtect 2010-11-10.01 2010.11.10 Trojan.Generic.4602268
Panda 10.0.2.7 2010.11.09 -
PCTools 7.0.3.5 2010.11.10 -
Prevx 3.0 2010.11.10 -
Rising 22.73.01.01 2010.11.10 -
Sophos 4.59.0 2010.11.10 -
Sunbelt 7269 2010.11.10 -
SUPERAntiSpyware 4.40.0.1006 2010.11.10 -
Symantec 20101.2.0.161 2010.11.10 -
TheHacker 6.7.0.1.081 2010.11.10 Trojan/Magania.dnwp
TrendMicro 9.120.0.1004 2010.11.10 TROJ_GEN.R47C2K9
TrendMicro-HouseCall 9.120.0.1004 2010.11.10 TROJ_GEN.R47C2K9
VBA32 3.12.14.1 2010.11.09 TrojanPSW.Magania.dnwp
ViRobot 2010.10.30.4121 2010.11.10 -
VirusBuster 12.72.5.0 2010.11.09 Trojan.Magania.AMYZ
a zde je drastickej výsledek:
AhnLab-V3 2010.11.10.00 2010.11.09 Win-Trojan/Magania.10619453
AntiVir 7.10.13.196 2010.11.09 TR/PSW.Magania.dnwp
Antiy-AVL 2.0.3.7 2010.11.10 Trojan/Win32.Magania.gen
Authentium 5.2.0.5 2010.11.10 W32/Redosdru.D.gen!Eldorado
Avast 4.8.1351.0 2010.11.09 Win32:Malware-gen
Avast5 5.0.594.0 2010.11.09 Win32:Malware-gen
AVG 9.0.0.851 2010.11.09 PSW.OnlineGames3.ARLR
BitDefender 7.2 2010.11.10 Trojan.Generic.4602268
CAT-QuickHeal 11.00 2010.11.09 -
ClamAV 0.96.4.0 2010.11.09 -
Comodo 6670 2010.11.10 TrojWare.Win32.Dialer.J
DrWeb 5.0.2.03300 2010.11.10 Trojan.PWS.Stealer.311
Emsisoft 5.0.0.50 2010.11.10 Backdoor.Win32.Inject!IK
eSafe 7.0.17.0 2010.11.09 -
eTrust-Vet 36.1.7966 2010.11.10 Win32/Gosht.AY
F-Prot 4.6.2.117 2010.11.09 W32/Redosdru.D.gen!Eldorado
F-Secure 9.0.16160.0 2010.11.10 Trojan.Generic.4602268
Fortinet 4.2.249.0 2010.11.09 -
GData 21 2010.11.10 Trojan.Generic.4602268
Ikarus T3.1.1.90.0 2010.11.10 Backdoor.Win32.Inject
Jiangmin 13.0.900 2010.11.10 Trojan/PSW.Magania.apne
K7AntiVirus 9.67.2940 2010.11.09 Riskware
Kaspersky 7.0.0.125 2010.11.10 Trojan-GameThief.Win32.Magania.dnwp
McAfee 5.400.0.1158 2010.11.10 -
McAfee-GW-Edition 2010.1C 2010.11.10 -
Microsoft 1.6301 2010.11.10 Trojan:Win32/AgentBypass.gen!K
NOD32 5605 2010.11.09 probably a variant of Win32/Farfli.AW
Norman 6.06.10 2010.11.09 -
nProtect 2010-11-10.01 2010.11.10 Trojan.Generic.4602268
Panda 10.0.2.7 2010.11.09 -
PCTools 7.0.3.5 2010.11.10 -
Prevx 3.0 2010.11.10 -
Rising 22.73.01.01 2010.11.10 -
Sophos 4.59.0 2010.11.10 -
Sunbelt 7269 2010.11.10 -
SUPERAntiSpyware 4.40.0.1006 2010.11.10 -
Symantec 20101.2.0.161 2010.11.10 -
TheHacker 6.7.0.1.081 2010.11.10 Trojan/Magania.dnwp
TrendMicro 9.120.0.1004 2010.11.10 TROJ_GEN.R47C2K9
TrendMicro-HouseCall 9.120.0.1004 2010.11.10 TROJ_GEN.R47C2K9
VBA32 3.12.14.1 2010.11.09 TrojanPSW.Magania.dnwp
ViRobot 2010.10.30.4121 2010.11.10 -
VirusBuster 12.72.5.0 2010.11.09 Trojan.Magania.AMYZ
Re: Prosím o kontrolu logu
Tohle je prosím co za soubor?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
to jsem se snažil zjistit, neznám ho..
ale našel jsem tohle:
http://www.online-armor.com/oasis2/file ... dll/121110
ale našel jsem tohle:
http://www.online-armor.com/oasis2/file ... dll/121110
Re: Prosím o kontrolu logu
jinak jsem se snažil pomoci wiresharku zjistit, zda nespamuje nějaký počítač, ale nic na 25ce nenašel... na 99.9 to spamuje server
Re: Prosím o kontrolu logu
Smažte ho.
U Vás mám problém jaký dát program, kdyby Vám restartoval počítač, asi by bylo zle, že?
U Vás mám problém jaký dát program, kdyby Vám restartoval počítač, asi by bylo zle, že?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
v tuhle chvíli jo, ale večer není problém. sice je to vše vzdáleně a bojím se, že nenajede a nedostanu se tam, ale kdo se bojí, nesmí do lesa 
soubor je používán....
soubor je používán....
Re: Prosím o kontrolu logu
Dobře, můžete po 21. hodině? Měla bych tu být, minimálně do 11 večer
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
udělal jsem restart ted. tak čekám, až najede. .10 minut se bez práce obejdou. Tohle je důležitý
soubor už je fuč... dám ještě AVPtool jednou... radši
soubor už je fuč... dám ještě AVPtool jednou... radši
Re: Prosím o kontrolu logu
Dobře, pak poprosím o nový OTL, ale s tímto skriptem
Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:
- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde
Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:
Kód: Vybrat vše
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
zde je log:
OTL logfile created on: 10.11.2010 11:59:47 - Run 5
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\Plocha
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 7,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 43,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 6,08 Gb Free Space | 24,91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 207,48 Gb Total Space | 91,72 Gb Free Space | 44,21% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SERVERSJG
Current User Name: administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.09.27 08:23:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2010.03.30 10:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010.03.30 10:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010.02.18 10:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009.10.01 13:55:56 | 000,330,256 | ---- | M] (Kaspersky Lab) -- g:\Virus Removal Tool\setup_9.0.0.722_08.11.2010_16-14\setup_9.0.0.722_08.11.2010_16-14.exe
PRC - [2009.05.28 18:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wins.exe
PRC - [2009.02.17 09:19:33 | 000,449,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
PRC - [2008.08.08 07:04:10 | 001,091,768 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2008.04.28 09:10:44 | 000,423,184 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe
PRC - [2008.04.28 09:08:34 | 000,552,208 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe
PRC - [2008.04.16 08:45:56 | 000,466,944 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe
PRC - [2008.04.15 07:55:12 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe
PRC - [2007.05.21 19:39:26 | 001,415,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe
PRC - [2007.05.21 19:39:26 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.21 19:39:26 | 000,792,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe
PRC - [2007.05.21 19:39:26 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2007.05.21 19:39:26 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe
PRC - [2007.05.21 19:39:26 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\llssrv.exe
PRC - [2007.05.21 19:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2007.05.21 19:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
PRC - [2007.05.21 19:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2007.05.21 19:39:26 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sbscrexe.exe
PRC - [2007.05.21 19:39:26 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2007.05.21 19:39:26 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scrnsave.scr
PRC - [2007.05.21 19:39:26 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\w3wp.exe
PRC - [2007.04.19 13:08:48 | 000,031,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\web server extensions\60\BIN\OWSTIMER.EXE
PRC - [2007.02.09 10:34:02 | 000,024,576 | ---- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHILDCS.EXE
PRC - [2006.09.27 13:05:24 | 000,270,336 | ---- | M] () -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe
PRC - [2006.09.27 13:05:24 | 000,069,632 | ---- | M] (LSI Logic Corporation) -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe
PRC - [2006.05.12 14:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2005.10.14 02:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2005.10.14 02:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2005.10.14 02:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2005.10.14 02:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2005.10.04 20:17:18 | 005,227,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\store.exe
PRC - [2005.08.25 18:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\mad.exe
PRC - [2005.08.25 18:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe
PRC - [2005.05.25 01:43:16 | 000,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe
PRC - [2003.06.03 08:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\events.exe
========== Modules (SafeList) ==========
MOD - [2010.09.27 08:23:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
MOD - [2007.05.21 19:39:26 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007.05.21 19:39:26 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2007.02.17 08:28:52 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (WinHttpAutoProxySvc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\WinHelp32.exe -- (WigfgnHelp32)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Storm\update\%SESSIONNAME%\udvre.cc3 -- (Themes)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\bits.dll -- (BITS)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.03.30 10:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009.05.28 18:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wins.exe -- (WINS)
SRV - [2009.02.17 09:19:33 | 000,449,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS)
SRV - [2008.07.29 18:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.28 09:10:44 | 000,423,184 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe -- (RemoteConnector)
SRV - [2008.04.28 09:08:34 | 000,552,208 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe -- (SrvCtrl)
SRV - [2008.04.16 08:45:56 | 000,466,944 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe -- (OfflineFlash)
SRV - [2008.04.15 07:55:12 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe -- (amService)
SRV - [2007.05.21 19:39:26 | 000,792,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007.05.21 19:39:26 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2007.05.21 19:39:26 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007.05.21 19:39:26 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007.05.21 19:39:26 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007.05.21 19:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH)
SRV - [2007.05.21 19:39:26 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007.05.21 19:39:26 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2007.05.21 19:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2007.05.21 19:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007.05.21 19:39:26 | 000,037,888 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\WINDOWS\system32\sbscrexe.exe -- (SBCore)
SRV - [2007.05.21 19:39:26 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (DHCPServer)
SRV - [2007.05.21 19:39:26 | 000,014,848 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\\System32\\svchost.exe -- (Ias)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) SMTP (Simple Mail Transfer Protocol)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (RESvc)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (POP3Svc)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (NntpSvc) NNTP (Network News Transfer Protocol)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IMAP4Svc)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007.05.21 19:39:26 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
SRV - [2007.04.19 13:08:48 | 000,031,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\OWSTIMER.EXE -- (SPTimer)
SRV - [2007.02.09 10:34:02 | 000,024,576 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHILDCS.EXE -- (OKI OPHI DCS Loader)
SRV - [2006.09.27 13:05:24 | 000,270,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe -- (SpySer)
SRV - [2006.09.27 13:05:24 | 000,069,632 | ---- | M] (LSI Logic Corporation) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe -- (mr2kserv)
SRV - [2006.05.12 14:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2005.10.14 02:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.10.14 02:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2005.10.14 02:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2005.10.14 02:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005.10.14 02:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005.10.04 20:17:18 | 005,227,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\store.exe -- (MSExchangeIS)
SRV - [2005.08.25 18:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\mad.exe -- (MSExchangeSA)
SRV - [2005.08.25 18:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\exmgmt.exe -- (MSExchangeMGMT)
SRV - [2005.08.25 17:34:34 | 003,592,704 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Exchsrvr\bin\emsmta.exe -- (MSExchangeMTA)
SRV - [2005.08.25 17:29:52 | 000,339,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Exchsrvr\bin\srsmain.exe -- (MSExchangeSRS)
SRV - [2005.05.25 01:43:16 | 000,033,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe -- (MSPOP3Connector)
SRV - [2003.06.03 08:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\events.exe -- (MSExchangeES)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\twju.sys -- (adjf)
DRV - [2010.11.08 18:27:45 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utq0nze4.sys -- (utq0nze4)
DRV - [2010.06.25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009.10.22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\40073382.sys -- (40073382)
DRV - [2009.10.09 22:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\4007338.sys -- (setup_9.0.0.722_08.11.2010_16-14drv)
DRV - [2009.09.25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\40073381.sys -- (40073381)
DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.04.28 09:09:34 | 000,025,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Stopped] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ImbDrvNT.sys -- (ImbDrvNT)
DRV - [2008.04.28 09:09:32 | 000,089,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ScSBB.sys -- (ScSBB)
DRV - [2007.09.14 16:15:00 | 000,392,192 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2007.06.24 23:00:00 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007.05.21 19:39:26 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ClusDisk.sys -- (ClusDisk)
DRV - [2007.05.21 19:39:26 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver)
DRV - [2007.04.13 12:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007.02.17 07:45:56 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2005.12.06 22:44:42 | 001,379,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.08.25 16:29:06 | 000,196,192 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\exifs.sys -- (EXIFS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.08 15:51:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.08 15:51:12 | 000,000,000 | ---D | M]
[2010.03.03 16:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2010.11.09 15:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4x73brg9.default\extensions
[2010.03.16 15:13:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4x73brg9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.09 13:30:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.10.20 08:28:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.20 08:28:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.26 12:42:21 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.09.26 12:42:21 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.09.26 12:42:22 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.09.26 12:42:22 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.09.26 12:42:22 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
Hosts file not found
O4 - HKLM..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\setup_9.0.0.722_08.11.2010_16-14.lnk = G:\Virus Removal Tool\setup_9.0.0.722_08.11.2010_16-14\startup.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\slapakova\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\stavinoha\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SJGFinancial.local
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O27 - HKLM IFEO\cacls.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\ftp.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\reg.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\sethc.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.13 14:34:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0946dc2e-ca93-11dd-a646-0008543fac18}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDEULA.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: Ias - C:\WINDOWS\\System32\\svchost.exe ()
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sacsvr - C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)
NetSvcs: Themes - C:\Documents and Settings\All Users\Application Data\Storm\update\%SESSIONNAME%\udvre.cc3 File not found
NetSvcs: TrkSvr - C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: BITS - C:\WINDOWS\System32\bits.dll File not found
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
SystemRestore not available.
========== Files/Folders - Created Within 30 Days ==========
[2010.11.10 10:04:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010.11.10 06:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Yamicsoft
[2010.11.09 20:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2010.11.09 16:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\gtk-2.0
[2010.11.08 15:00:41 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\4007338.sys
[2010.11.08 15:00:41 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\40073381.sys
[2010.11.08 15:00:41 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\40073382.sys
[2010.10.26 12:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Infineon
[2010.10.26 11:59:30 | 000,041,216 | ---- | C] (Infineon Technologies AG) -- C:\WINDOWS\System32\drivers\ifxtpm.sys
[2010.10.22 10:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Sun
[2010.10.22 10:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.10.20 08:28:38 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.10.20 08:28:38 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.10.20 08:28:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.10.20 08:28:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.10.20 08:28:38 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.10.20 08:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010.09.21 08:29:28 | 001,441,369 | ---- | C] (EFD Software ) -- C:\Documents and Settings\Administrator\Data aplikací\hdtunepro_460_trial.exe
========== Files - Modified Within 30 Days ==========
[2010.11.10 12:00:00 | 000,000,750 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{040918b8-50ef-11dd-866e-806e6f6e6963}.job
[2010.11.10 11:52:10 | 000,002,586 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa
[2010.11.10 10:45:44 | 000,000,086 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_08.11.2010_16-14drv.spi
[2010.11.10 10:34:22 | 000,001,216 | -H-- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\Default.rdp
[2010.11.10 10:19:30 | 000,003,755 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2010.11.10 10:14:03 | 000,005,953 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010.11.10 10:11:23 | 000,000,163 | ---- | M] () -- C:\WINDOWS\System32\arcconfig.xml
[2010.11.10 10:10:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.11.10 10:10:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.10 10:08:53 | 002,359,296 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.11.10 10:06:51 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.11.10 10:06:47 | 002,535,124 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\IconCache.db
[2010.11.10 06:45:45 | 000,012,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.11.10 06:45:16 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\1-Click Cleaner.lnk
[2010.11.10 06:45:16 | 000,001,916 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\WinXP Manager.lnk
[2010.11.09 21:00:43 | 000,000,812 | ---- | M] () -- C:\WINDOWS\tasks\Backup.job
[2010.11.09 20:41:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.09 17:00:10 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010.11.09 16:40:54 | 101,251,468 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\wirelogg.pcap
[2010.11.09 16:39:15 | 176,706,052 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\wirelog
[2010.11.08 18:27:45 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utq0nze4.sys
[2010.11.08 15:02:24 | 000,001,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\setup_9.0.0.722_08.11.2010_16-14.lnk
[2010.11.08 10:18:34 | 001,087,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.08 10:18:33 | 001,095,518 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.11.08 10:18:33 | 000,330,820 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.11.08 10:18:33 | 000,308,132 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.08 10:18:32 | 002,876,270 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.10.28 16:50:24 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Ekonomický systém POHODA 2010 Komplet.lnk
[2010.10.20 08:28:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.10.20 08:28:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.10.20 08:28:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.10.20 08:28:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.10.20 08:28:21 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.10.13 09:03:25 | 000,006,570 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== Files Created - No Company Name ==========
[2010.11.10 10:45:44 | 000,000,086 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_08.11.2010_16-14drv.spi
[2010.11.10 06:45:16 | 000,001,919 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\1-Click Cleaner.lnk
[2010.11.10 06:45:16 | 000,001,916 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\WinXP Manager.lnk
[2010.11.09 17:00:10 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010.11.09 16:40:39 | 101,251,468 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\wirelogg.pcap
[2010.11.09 16:38:26 | 176,706,052 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\wirelog
[2010.11.08 15:48:41 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utq0nze4.sys
[2010.11.08 15:02:24 | 000,001,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\setup_9.0.0.722_08.11.2010_16-14.lnk
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.11.23 15:49:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NICSettingTool.INI
[2009.11.23 15:16:26 | 000,000,251 | ---- | C] () -- C:\WINDOWS\OPHI.INI
[2009.09.11 21:37:27 | 000,000,263 | ---- | C] () -- C:\WINDOWS\HELIQMR.INI
[2009.08.28 09:34:18 | 000,003,355 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2009.02.11 13:08:20 | 000,000,685 | ---- | C] () -- C:\WINDOWS\eporadce_0811.ini
[2009.01.23 13:41:41 | 000,000,272 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008.07.16 18:46:59 | 000,003,755 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2008.07.13 15:57:31 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
[2008.07.13 15:33:55 | 000,003,526 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008.07.13 15:24:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008.07.13 15:23:07 | 000,044,291 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008.07.13 15:23:06 | 000,035,920 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini
[2008.07.13 15:23:06 | 000,002,069 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008.07.13 15:23:04 | 000,078,484 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008.07.13 15:23:04 | 000,015,645 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008.07.13 15:23:03 | 000,018,184 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008.07.13 15:17:34 | 000,024,120 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
[2008.07.13 15:14:25 | 000,004,626 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2008.07.13 14:07:03 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2008.07.13 14:06:50 | 000,051,600 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2008.07.13 14:06:50 | 000,039,968 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2008.07.13 14:06:50 | 000,010,209 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2008.07.13 14:06:25 | 000,022,725 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2008.07.13 14:06:21 | 000,022,854 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
========== LOP Check ==========
[2010.11.09 16:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\gtk-2.0
[2009.10.23 12:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Leadertech
[2009.12.30 16:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Wireshark
[2009.10.30 07:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Seagate
[2010.03.01 20:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\STORMWARE
[2010.10.13 20:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\remote\Data aplikací\STORMWARE
[2010.11.07 01:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\remote\Data aplikací\uTorrent
[2010.10.23 09:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\remote\Data aplikací\Zoiper
[2009.04.22 06:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stavinoha\Data aplikací\STORMWARE
[2010.11.09 21:00:43 | 000,000,812 | ---- | M] () -- C:\WINDOWS\Tasks\Backup.job
[2010.11.10 10:07:23 | 000,032,186 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
[2010.11.10 12:00:00 | 000,000,750 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{040918b8-50ef-11dd-866e-806e6f6e6963}.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2007.05.21 19:39:26 | 000,015,360 | ---- | M] (Microsoft Corporation)
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
[2010.09.09 05:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Storm
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.11.09 16:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\gtk-2.0
[2009.10.31 12:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Hamachi
[2009.05.21 14:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Help
[2008.07.13 14:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Identities
[2009.10.23 12:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Leadertech
[2009.10.23 12:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
[2009.08.19 09:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
[2010.11.10 06:45:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2010.03.03 16:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
[2008.07.13 14:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Sun
[2009.08.28 09:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\WinRAR
[2009.12.30 16:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Wireshark
< %APPDATA%\*.exe /s >
[2010.09.21 08:29:28 | 001,441,369 | ---- | M] (EFD Software ) -- C:\Documents and Settings\Administrator\Data aplikací\hdtunepro_460_trial.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\ClearMem.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\ClickCleaner.exe
[2010.11.10 06:45:19 | 000,017,542 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\ContextMenuManager.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\DesktopCleaner.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\DiskAnalyzer.exe
[2010.11.10 06:45:19 | 000,013,262 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\DuplicateFilesFinder.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\FileSecurity.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\FileSplitter.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\IconManager.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\IEManager.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\JunkFileCleaner.exe
[2010.11.10 06:45:19 | 000,005,430 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\LiveUpdate.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\OptimizationWizard.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\PrivacyProtector.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\ProcessManager.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\RegistryCleaner.exe
[2010.11.10 06:45:19 | 000,009,662 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\RegistryDefrag.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\RepairCenter.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\RunShortcutCreator.exe
[2010.11.10 06:45:19 | 000,005,430 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\ServiceManager.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\Shutdown.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\StartupManager.exe
[2010.11.10 06:45:19 | 000,014,534 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\SystemFolder_msiexec.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\SystemInfo.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\Uninstaller.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\WallpaperChanger.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\WinXP_Manager.exe
< MD5 for: AGP440.SYS >
[2003.08.09 21:00:35 | 006,579,059 | R--- | M] () .cab file -- C:\ClientApps\w2ksp4\i386\NEW\sp4.cab:AGP440.sys
[2004.08.17 23:57:26 | 018,786,869 | R--- | M] () .cab file -- C:\ClientApps\wxpsp2\i386\sp2.cab:AGP440.sys
[2007.05.21 19:39:26 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2003.08.09 21:00:35 | 006,579,059 | R--- | M] () .cab file -- C:\ClientApps\w2ksp4\i386\NEW\sp4.cab:atapi.sys
[2004.08.17 23:57:26 | 018,786,869 | R--- | M] () .cab file -- C:\ClientApps\wxpsp2\i386\sp2.cab:atapi.sys
[2007.05.21 19:39:26 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2007.05.21 19:39:26 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=FF953A8F08CA3F822127654375786BBE -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CDROM.SYS >
[2003.08.09 21:00:35 | 006,579,059 | R--- | M] () .cab file -- C:\ClientApps\w2ksp4\i386\NEW\sp4.cab:cdrom.sys
[2004.08.17 23:57:26 | 018,786,869 | R--- | M] () .cab file -- C:\ClientApps\wxpsp2\i386\sp2.cab:cdrom.sys
[2007.05.21 19:39:26 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2007.05.21 19:39:26 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=825AA877A852ECC731FA0C39C8C37744 -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2007.05.21 19:39:26 | 000,056,320 | ---- | M] (Společnost Microsoft) MD5=0DB8AE9DB459A146788E32F4B0DAFF83 -- C:\WINDOWS\system32\cryptsvc.dll
[2007.05.21 19:39:26 | 000,056,320 | ---- | M] (Společnost Microsoft) MD5=0DB8AE9DB459A146788E32F4B0DAFF83 -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2007.05.21 19:39:26 | 000,068,608 | ---- | M] (Microsoft Corporation) MD5=0BC23215395B93E3F9FBC035192BEDE1 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2007.05.21 19:39:26 | 000,068,608 | ---- | M] (Microsoft Corporation) MD5=0BC23215395B93E3F9FBC035192BEDE1 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2007.05.21 19:39:26 | 001,054,208 | ---- | M] (Microsoft Corporation) MD5=8A981A02DCAEAF5CDCCBB23924322B19 -- C:\WINDOWS\explorer.exe
[2007.05.21 19:39:26 | 001,054,208 | ---- | M] (Microsoft Corporation) MD5=8A981A02DCAEAF5CDCCBB23924322B19 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2003.08.09 21:00:35 | 006,579,059 | R--- | M] () .cab file -- C:\ClientApps\w2ksp4\i386\NEW\sp4.cab:hal.dll
[2004.08.17 23:57:26 | 018,786,869 | R--- | M] () .cab file -- C:\ClientApps\wxpsp2\i386\sp2.cab:hal.dll
[2007.05.21 19:39:26 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2007.05.21 19:39:26 | 000,119,808 | ---- | M] (Microsoft Corporation) MD5=E209A057AB4D30EABF19CA71FE36A6B6 -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 23:57:26 | 018,786,869 | R--- | M] () .cab file -- C:\ClientApps\wxpsp2\i386\sp2.cab:Changer.sys
[2007.05.21 19:39:26 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2003.08.09 21:00:35 | 006,579,059 | R--- | M] () .cab file -- C:\ClientApps\w2ksp4\i386\NEW\sp4.cab:isapnp.sys
[2007.05.21 19:39:26 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:isapnp.sys
[2007.02.17 06:04:10 | 000,038,912 | ---- | M] (Microsoft Corporation) MD5=594B3575841CCE2D61FB1378D4D21C4B -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2007.02.17 06:04:10 | 000,038,912 | ---- | M] (Microsoft Corporation) MD5=594B3575841CCE2D61FB1378D4D21C4B -- C:\WINDOWS\system32\drivers\isapnp.sys
[2007.05.21 19:39:26 | 000,038,912 | ---- | M] (Microsoft Corporation) MD5=594B3575841CCE2D61FB1378D4D21C4B -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\isapnp.sys
< MD5 for: LSASS.EXE >
[2007.05.21 19:39:26 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=AB43A68417864C942222BC64CE5932B3 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2007.05.21 19:39:26 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=AB43A68417864C942222BC64CE5932B3 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2007.05.21 19:39:26 | 000,210,432 | ---- | M] (Microsoft Corporation) MD5=33739AB31D36184772AF1EE132D5C2E2 -- C:\WINDOWS\system32\dllcache\ndis.sys
[2007.05.21 19:39:26 | 000,210,432 | ---- | M] (Microsoft Corporation) MD5=33739AB31D36184772AF1EE132D5C2E2 -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2007.05.21 19:39:26 | 000,431,104 | ---- | M] (Microsoft Corporation) MD5=EBBB6B80D84736D6E5D7F79BC777B9A9 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2007.05.21 19:39:26 | 000,431,104 | ---- | M] (Microsoft Corporation) MD5=EBBB6B80D84736D6E5D7F79BC777B9A9 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2007.05.21 19:39:26 | 000,195,072 | ---- | M] (Microsoft Corporation) MD5=A1D694FAC77753536E8D7FD87EABE5CB -- C:\WINDOWS\system32\dllcache\scecli.dll
[2007.05.21 19:39:26 | 000,195,072 | ---- | M] (Microsoft Corporation) MD5=A1D694FAC77753536E8D7FD87EABE5CB -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2007.05.21 19:39:26 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=96DB9FDEDA11EBAB8BCFE72AA90DE632 -- C:\WINDOWS\system32\dllcache\smss.exe
[2007.05.21 19:39:26 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=96DB9FDEDA11EBAB8BCFE72AA90DE632 -- C:\WINDOWS\system32\smss.exe
[2004.08.17 23:49:27 | 000,481,792 | R--- | M] (Microsoft Corporation) MD5=CB56F803D2CAF6B3F32E82D2F73F4B3A -- C:\ClientApps\wxpsp2\i386\SYSTEM32\SMSS.EXE
< MD5 for: SVCHOST.EXE >
[2007.05.21 19:39:26 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=979D1325D4A7E827638991D3CDDB497A -- C:\WINDOWS\system32\dllcache\svchost.exe
[2007.05.21 19:39:26 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=979D1325D4A7E827638991D3CDDB497A -- C:\WINDOWS\system32\svchost.exe
< MD5 for: SYMMPI.SYS >
[2007.05.21 19:39:26 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:symmpi.sys
< MD5 for: TCPIP.SYS >
[2009.08.15 10:57:09 | 000,393,216 | ---- | M] (Microsoft Corporation) MD5=238DC2B879D1B37B91F8D5D44F3815D3 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2009.08.15 10:57:09 | 000,393,216 | ---- | M] (Microsoft Corporation) MD5=238DC2B879D1B37B91F8D5D44F3815D3 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2009.08.15 09:27:57 | 000,400,896 | ---- | M] (Microsoft Corporation) MD5=2617E35A208F1570D6928C13E63019FF -- C:\WINDOWS\$hf_mig$\KB967723\SP2QFE\tcpip.sys
[2008.06.20 12:01:56 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=2639B8D757793C4BF30B237C8FEF877C -- C:\WINDOWS\$hf_mig$\KB951746\SP2QFE\tcpip.sys
[2008.06.20 12:01:56 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=2639B8D757793C4BF30B237C8FEF877C -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.06.20 12:01:56 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=2639B8D757793C4BF30B237C8FEF877C -- C:\WINDOWS\$hf_mig$\KB961063\SP2QFE\tcpip.sys
[2008.06.20 15:22:43 | 000,384,000 | ---- | M] (Microsoft Corporation) MD5=52205475542A4505A6298A76245E3656 -- C:\WINDOWS\$NtUninstallKB967723$\tcpip.sys
[2007.05.21 19:39:26 | 000,383,488 | ---- | M] (Microsoft Corporation) MD5=76788FA017C0FD42E32D21555AB4FD89 -- C:\WINDOWS\$NtUninstallKB951746$\tcpip.sys
< MD5 for: USERINIT.EXE >
[2007.05.21 19:39:26 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=65DED424F5F46CF4073D656AC853CE3C -- C:\WINDOWS\system32\dllcache\userinit.exe
[2007.05.21 19:39:26 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=65DED424F5F46CF4073D656AC853CE3C -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2007.05.21 19:39:26 | 000,528,384 | ---- | M] (Microsoft Corporation) MD5=06B5C31D008FACD5B33C5EF7C1AE4DE0 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2007.05.21 19:39:26 | 000,528,384 | ---- | M] (Microsoft Corporation) MD5=06B5C31D008FACD5B33C5EF7C1AE4DE0 -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2007.05.21 19:39:26 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=0388CBD8E2E0575AC917C8419E263416 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2007.05.21 19:39:26 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=0388CBD8E2E0575AC917C8419E263416 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 03:33:06 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.07.13 16:20:50 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.07.13 16:20:50 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.07.13 16:20:50 | 000,495,616 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 03:33:06 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
< %systemroot%\system32\drivers\*.sys /3 >
[2010.11.08 18:27:45 | 000,007,168 | ---- | M] () -- C:\WINDOWS\system32\drivers\utq0nze4.sys
< %systemroot%\system32\*.* /3 >
[2010.11.10 10:11:23 | 000,000,163 | ---- | M] () -- C:\WINDOWS\system32\arcconfig.xml
[2010.11.10 10:11:23 | 000,027,700 | ---- | M] () -- C:\WINDOWS\system32\arcerror.txt
[2010.11.10 07:05:53 | 000,020,984 | ---- | M] () -- C:\WINDOWS\system32\hmdebug.log
[2010.11.10 11:52:10 | 000,002,586 | ---- | M] () -- C:\WINDOWS\system32\licstr.cpa
[2010.11.10 10:14:03 | 000,005,953 | ---- | M] () -- C:\WINDOWS\system32\mapisvc.inf
[2010.11.10 10:11:23 | 000,028,300 | ---- | M] () -- C:\WINDOWS\system32\MemDebugSVR.txt
[2010.11.08 10:18:33 | 000,330,820 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2010.11.08 10:18:33 | 000,308,132 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010.11.08 10:18:33 | 001,095,518 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2010.11.08 10:18:34 | 001,087,838 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010.11.08 10:18:32 | 002,876,270 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010.11.10 07:06:40 | 000,000,011 | ---- | M] () -- C:\WINDOWS\system32\WinX86.log
[2010.11.09 20:41:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
< End of report >
OTL logfile created on: 10.11.2010 11:59:47 - Run 5
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\Plocha
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 7,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 43,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 6,08 Gb Free Space | 24,91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 207,48 Gb Total Space | 91,72 Gb Free Space | 44,21% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SERVERSJG
Current User Name: administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.09.27 08:23:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2010.03.30 10:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010.03.30 10:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010.02.18 10:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009.10.01 13:55:56 | 000,330,256 | ---- | M] (Kaspersky Lab) -- g:\Virus Removal Tool\setup_9.0.0.722_08.11.2010_16-14\setup_9.0.0.722_08.11.2010_16-14.exe
PRC - [2009.05.28 18:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wins.exe
PRC - [2009.02.17 09:19:33 | 000,449,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
PRC - [2008.08.08 07:04:10 | 001,091,768 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2008.04.28 09:10:44 | 000,423,184 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe
PRC - [2008.04.28 09:08:34 | 000,552,208 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe
PRC - [2008.04.16 08:45:56 | 000,466,944 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe
PRC - [2008.04.15 07:55:12 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe
PRC - [2007.05.21 19:39:26 | 001,415,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe
PRC - [2007.05.21 19:39:26 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.21 19:39:26 | 000,792,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe
PRC - [2007.05.21 19:39:26 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2007.05.21 19:39:26 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe
PRC - [2007.05.21 19:39:26 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\llssrv.exe
PRC - [2007.05.21 19:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2007.05.21 19:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
PRC - [2007.05.21 19:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2007.05.21 19:39:26 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sbscrexe.exe
PRC - [2007.05.21 19:39:26 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2007.05.21 19:39:26 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scrnsave.scr
PRC - [2007.05.21 19:39:26 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\w3wp.exe
PRC - [2007.04.19 13:08:48 | 000,031,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\web server extensions\60\BIN\OWSTIMER.EXE
PRC - [2007.02.09 10:34:02 | 000,024,576 | ---- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHILDCS.EXE
PRC - [2006.09.27 13:05:24 | 000,270,336 | ---- | M] () -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe
PRC - [2006.09.27 13:05:24 | 000,069,632 | ---- | M] (LSI Logic Corporation) -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe
PRC - [2006.05.12 14:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2005.10.14 02:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2005.10.14 02:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2005.10.14 02:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2005.10.14 02:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2005.10.04 20:17:18 | 005,227,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\store.exe
PRC - [2005.08.25 18:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\mad.exe
PRC - [2005.08.25 18:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe
PRC - [2005.05.25 01:43:16 | 000,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe
PRC - [2003.06.03 08:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\events.exe
========== Modules (SafeList) ==========
MOD - [2010.09.27 08:23:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
MOD - [2007.05.21 19:39:26 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007.05.21 19:39:26 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2007.02.17 08:28:52 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (WinHttpAutoProxySvc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\WinHelp32.exe -- (WigfgnHelp32)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Storm\update\%SESSIONNAME%\udvre.cc3 -- (Themes)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\bits.dll -- (BITS)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.03.30 10:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009.05.28 18:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wins.exe -- (WINS)
SRV - [2009.02.17 09:19:33 | 000,449,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS)
SRV - [2008.07.29 18:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.28 09:10:44 | 000,423,184 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe -- (RemoteConnector)
SRV - [2008.04.28 09:08:34 | 000,552,208 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe -- (SrvCtrl)
SRV - [2008.04.16 08:45:56 | 000,466,944 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\GlobalFlash\gf_agent.exe -- (OfflineFlash)
SRV - [2008.04.15 07:55:12 | 000,016,384 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\amService.exe -- (amService)
SRV - [2007.05.21 19:39:26 | 000,792,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007.05.21 19:39:26 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2007.05.21 19:39:26 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007.05.21 19:39:26 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007.05.21 19:39:26 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007.05.21 19:39:26 | 000,069,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH)
SRV - [2007.05.21 19:39:26 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007.05.21 19:39:26 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2007.05.21 19:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2007.05.21 19:39:26 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007.05.21 19:39:26 | 000,037,888 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\WINDOWS\system32\sbscrexe.exe -- (SBCore)
SRV - [2007.05.21 19:39:26 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (DHCPServer)
SRV - [2007.05.21 19:39:26 | 000,014,848 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\\System32\\svchost.exe -- (Ias)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) SMTP (Simple Mail Transfer Protocol)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (RESvc)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (POP3Svc)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (NntpSvc) NNTP (Network News Transfer Protocol)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IMAP4Svc)
SRV - [2007.05.21 19:39:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007.05.21 19:39:26 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
SRV - [2007.04.19 13:08:48 | 000,031,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\OWSTIMER.EXE -- (SPTimer)
SRV - [2007.02.09 10:34:02 | 000,024,576 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHILDCS.EXE -- (OKI OPHI DCS Loader)
SRV - [2006.09.27 13:05:24 | 000,270,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\SpySer.exe -- (SpySer)
SRV - [2006.09.27 13:05:24 | 000,069,632 | ---- | M] (LSI Logic Corporation) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\RAID\bin\mr2kserv.exe -- (mr2kserv)
SRV - [2006.05.12 14:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2005.10.14 02:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.10.14 02:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2005.10.14 02:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2005.10.14 02:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005.10.14 02:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005.10.04 20:17:18 | 005,227,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\store.exe -- (MSExchangeIS)
SRV - [2005.08.25 18:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\mad.exe -- (MSExchangeSA)
SRV - [2005.08.25 18:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\exmgmt.exe -- (MSExchangeMGMT)
SRV - [2005.08.25 17:34:34 | 003,592,704 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Exchsrvr\bin\emsmta.exe -- (MSExchangeMTA)
SRV - [2005.08.25 17:29:52 | 000,339,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Exchsrvr\bin\srsmain.exe -- (MSExchangeSRS)
SRV - [2005.05.25 01:43:16 | 000,033,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe -- (MSPOP3Connector)
SRV - [2003.06.03 08:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\events.exe -- (MSExchangeES)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\twju.sys -- (adjf)
DRV - [2010.11.08 18:27:45 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utq0nze4.sys -- (utq0nze4)
DRV - [2010.06.25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009.10.22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\40073382.sys -- (40073382)
DRV - [2009.10.09 22:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\4007338.sys -- (setup_9.0.0.722_08.11.2010_16-14drv)
DRV - [2009.09.25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\40073381.sys -- (40073381)
DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.04.28 09:09:34 | 000,025,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Stopped] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ImbDrvNT.sys -- (ImbDrvNT)
DRV - [2008.04.28 09:09:32 | 000,089,104 | ---- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ScSBB.sys -- (ScSBB)
DRV - [2007.09.14 16:15:00 | 000,392,192 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2007.06.24 23:00:00 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007.05.21 19:39:26 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ClusDisk.sys -- (ClusDisk)
DRV - [2007.05.21 19:39:26 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver)
DRV - [2007.04.13 12:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007.02.17 07:45:56 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2005.12.06 22:44:42 | 001,379,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.08.25 16:29:06 | 000,196,192 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\exifs.sys -- (EXIFS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.08 15:51:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.08 15:51:12 | 000,000,000 | ---D | M]
[2010.03.03 16:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2010.11.09 15:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4x73brg9.default\extensions
[2010.03.16 15:13:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4x73brg9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.09 13:30:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.10.20 08:28:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.20 08:28:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.26 12:42:21 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.09.26 12:42:21 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.09.26 12:42:22 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.09.26 12:42:22 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.09.26 12:42:22 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
Hosts file not found
O4 - HKLM..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\setup_9.0.0.722_08.11.2010_16-14.lnk = G:\Virus Removal Tool\setup_9.0.0.722_08.11.2010_16-14\startup.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\slapakova\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\stavinoha\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\S-1-5-21-2158042360-509897017-4234702055-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SJGFinancial.local
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O27 - HKLM IFEO\cacls.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\ftp.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\reg.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O27 - HKLM IFEO\sethc.exe: Debugger - ctfmon.exe (Microsoft Corporation)
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.13 14:34:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0946dc2e-ca93-11dd-a646-0008543fac18}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDEULA.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: Ias - C:\WINDOWS\\System32\\svchost.exe ()
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sacsvr - C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)
NetSvcs: Themes - C:\Documents and Settings\All Users\Application Data\Storm\update\%SESSIONNAME%\udvre.cc3 File not found
NetSvcs: TrkSvr - C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: BITS - C:\WINDOWS\System32\bits.dll File not found
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
SystemRestore not available.
========== Files/Folders - Created Within 30 Days ==========
[2010.11.10 10:04:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010.11.10 06:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Yamicsoft
[2010.11.09 20:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2010.11.09 16:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\gtk-2.0
[2010.11.08 15:00:41 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\4007338.sys
[2010.11.08 15:00:41 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\40073381.sys
[2010.11.08 15:00:41 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\40073382.sys
[2010.10.26 12:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Infineon
[2010.10.26 11:59:30 | 000,041,216 | ---- | C] (Infineon Technologies AG) -- C:\WINDOWS\System32\drivers\ifxtpm.sys
[2010.10.22 10:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Sun
[2010.10.22 10:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.10.20 08:28:38 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.10.20 08:28:38 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.10.20 08:28:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.10.20 08:28:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.10.20 08:28:38 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.10.20 08:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010.09.21 08:29:28 | 001,441,369 | ---- | C] (EFD Software ) -- C:\Documents and Settings\Administrator\Data aplikací\hdtunepro_460_trial.exe
========== Files - Modified Within 30 Days ==========
[2010.11.10 12:00:00 | 000,000,750 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{040918b8-50ef-11dd-866e-806e6f6e6963}.job
[2010.11.10 11:52:10 | 000,002,586 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa
[2010.11.10 10:45:44 | 000,000,086 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_08.11.2010_16-14drv.spi
[2010.11.10 10:34:22 | 000,001,216 | -H-- | M] () -- C:\Documents and Settings\Administrator\Dokumenty\Default.rdp
[2010.11.10 10:19:30 | 000,003,755 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2010.11.10 10:14:03 | 000,005,953 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010.11.10 10:11:23 | 000,000,163 | ---- | M] () -- C:\WINDOWS\System32\arcconfig.xml
[2010.11.10 10:10:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.11.10 10:10:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.10 10:08:53 | 002,359,296 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.11.10 10:06:51 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.11.10 10:06:47 | 002,535,124 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\IconCache.db
[2010.11.10 06:45:45 | 000,012,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.11.10 06:45:16 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\1-Click Cleaner.lnk
[2010.11.10 06:45:16 | 000,001,916 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\WinXP Manager.lnk
[2010.11.09 21:00:43 | 000,000,812 | ---- | M] () -- C:\WINDOWS\tasks\Backup.job
[2010.11.09 20:41:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.09 17:00:10 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010.11.09 16:40:54 | 101,251,468 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\wirelogg.pcap
[2010.11.09 16:39:15 | 176,706,052 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\wirelog
[2010.11.08 18:27:45 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utq0nze4.sys
[2010.11.08 15:02:24 | 000,001,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\setup_9.0.0.722_08.11.2010_16-14.lnk
[2010.11.08 10:18:34 | 001,087,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.08 10:18:33 | 001,095,518 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.11.08 10:18:33 | 000,330,820 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.11.08 10:18:33 | 000,308,132 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.08 10:18:32 | 002,876,270 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.10.28 16:50:24 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Ekonomický systém POHODA 2010 Komplet.lnk
[2010.10.20 08:28:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.10.20 08:28:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.10.20 08:28:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.10.20 08:28:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.10.20 08:28:21 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.10.13 09:03:25 | 000,006,570 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== Files Created - No Company Name ==========
[2010.11.10 10:45:44 | 000,000,086 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_08.11.2010_16-14drv.spi
[2010.11.10 06:45:16 | 000,001,919 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\1-Click Cleaner.lnk
[2010.11.10 06:45:16 | 000,001,916 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\WinXP Manager.lnk
[2010.11.09 17:00:10 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010.11.09 16:40:39 | 101,251,468 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\wirelogg.pcap
[2010.11.09 16:38:26 | 176,706,052 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\wirelog
[2010.11.08 15:48:41 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utq0nze4.sys
[2010.11.08 15:02:24 | 000,001,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\setup_9.0.0.722_08.11.2010_16-14.lnk
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.11.23 15:49:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NICSettingTool.INI
[2009.11.23 15:16:26 | 000,000,251 | ---- | C] () -- C:\WINDOWS\OPHI.INI
[2009.09.11 21:37:27 | 000,000,263 | ---- | C] () -- C:\WINDOWS\HELIQMR.INI
[2009.08.28 09:34:18 | 000,003,355 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2009.02.11 13:08:20 | 000,000,685 | ---- | C] () -- C:\WINDOWS\eporadce_0811.ini
[2009.01.23 13:41:41 | 000,000,272 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008.07.16 18:46:59 | 000,003,755 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2008.07.13 15:57:31 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
[2008.07.13 15:33:55 | 000,003,526 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008.07.13 15:24:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008.07.13 15:23:07 | 000,044,291 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008.07.13 15:23:06 | 000,035,920 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini
[2008.07.13 15:23:06 | 000,002,069 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008.07.13 15:23:04 | 000,078,484 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008.07.13 15:23:04 | 000,015,645 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008.07.13 15:23:03 | 000,018,184 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008.07.13 15:17:34 | 000,024,120 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
[2008.07.13 15:14:25 | 000,004,626 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2008.07.13 14:07:03 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2008.07.13 14:06:50 | 000,051,600 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2008.07.13 14:06:50 | 000,039,968 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2008.07.13 14:06:50 | 000,010,209 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2008.07.13 14:06:25 | 000,022,725 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2008.07.13 14:06:21 | 000,022,854 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
========== LOP Check ==========
[2010.11.09 16:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\gtk-2.0
[2009.10.23 12:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Leadertech
[2009.12.30 16:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Wireshark
[2009.10.30 07:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Seagate
[2010.03.01 20:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\STORMWARE
[2010.10.13 20:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\remote\Data aplikací\STORMWARE
[2010.11.07 01:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\remote\Data aplikací\uTorrent
[2010.10.23 09:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\remote\Data aplikací\Zoiper
[2009.04.22 06:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stavinoha\Data aplikací\STORMWARE
[2010.11.09 21:00:43 | 000,000,812 | ---- | M] () -- C:\WINDOWS\Tasks\Backup.job
[2010.11.10 10:07:23 | 000,032,186 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
[2010.11.10 12:00:00 | 000,000,750 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{040918b8-50ef-11dd-866e-806e6f6e6963}.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2007.05.21 19:39:26 | 000,015,360 | ---- | M] (Microsoft Corporation)
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
[2010.09.09 05:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Storm
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.11.09 16:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\gtk-2.0
[2009.10.31 12:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Hamachi
[2009.05.21 14:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Help
[2008.07.13 14:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Identities
[2009.10.23 12:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Leadertech
[2009.10.23 12:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
[2009.08.19 09:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
[2010.11.10 06:45:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2010.03.03 16:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
[2008.07.13 14:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Sun
[2009.08.28 09:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\WinRAR
[2009.12.30 16:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Wireshark
< %APPDATA%\*.exe /s >
[2010.09.21 08:29:28 | 001,441,369 | ---- | M] (EFD Software ) -- C:\Documents and Settings\Administrator\Data aplikací\hdtunepro_460_trial.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\ClearMem.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\ClickCleaner.exe
[2010.11.10 06:45:19 | 000,017,542 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\ContextMenuManager.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\DesktopCleaner.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\DiskAnalyzer.exe
[2010.11.10 06:45:19 | 000,013,262 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\DuplicateFilesFinder.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\FileSecurity.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\FileSplitter.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\IconManager.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\IEManager.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\JunkFileCleaner.exe
[2010.11.10 06:45:19 | 000,005,430 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\LiveUpdate.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\OptimizationWizard.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\PrivacyProtector.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\ProcessManager.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\RegistryCleaner.exe
[2010.11.10 06:45:19 | 000,009,662 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\RegistryDefrag.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\RepairCenter.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\RunShortcutCreator.exe
[2010.11.10 06:45:19 | 000,005,430 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\ServiceManager.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\Shutdown.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\StartupManager.exe
[2010.11.10 06:45:19 | 000,014,534 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\SystemFolder_msiexec.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\SystemInfo.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\Uninstaller.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\WallpaperChanger.exe
[2010.11.10 06:45:19 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{5C8D2CE7-7A95-4932-85DE-BC0CA4087E6F}\WinXP_Manager.exe
< MD5 for: AGP440.SYS >
[2003.08.09 21:00:35 | 006,579,059 | R--- | M] () .cab file -- C:\ClientApps\w2ksp4\i386\NEW\sp4.cab:AGP440.sys
[2004.08.17 23:57:26 | 018,786,869 | R--- | M] () .cab file -- C:\ClientApps\wxpsp2\i386\sp2.cab:AGP440.sys
[2007.05.21 19:39:26 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2003.08.09 21:00:35 | 006,579,059 | R--- | M] () .cab file -- C:\ClientApps\w2ksp4\i386\NEW\sp4.cab:atapi.sys
[2004.08.17 23:57:26 | 018,786,869 | R--- | M] () .cab file -- C:\ClientApps\wxpsp2\i386\sp2.cab:atapi.sys
[2007.05.21 19:39:26 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2007.05.21 19:39:26 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=FF953A8F08CA3F822127654375786BBE -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CDROM.SYS >
[2003.08.09 21:00:35 | 006,579,059 | R--- | M] () .cab file -- C:\ClientApps\w2ksp4\i386\NEW\sp4.cab:cdrom.sys
[2004.08.17 23:57:26 | 018,786,869 | R--- | M] () .cab file -- C:\ClientApps\wxpsp2\i386\sp2.cab:cdrom.sys
[2007.05.21 19:39:26 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2007.05.21 19:39:26 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=825AA877A852ECC731FA0C39C8C37744 -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2007.05.21 19:39:26 | 000,056,320 | ---- | M] (Společnost Microsoft) MD5=0DB8AE9DB459A146788E32F4B0DAFF83 -- C:\WINDOWS\system32\cryptsvc.dll
[2007.05.21 19:39:26 | 000,056,320 | ---- | M] (Společnost Microsoft) MD5=0DB8AE9DB459A146788E32F4B0DAFF83 -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2007.05.21 19:39:26 | 000,068,608 | ---- | M] (Microsoft Corporation) MD5=0BC23215395B93E3F9FBC035192BEDE1 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2007.05.21 19:39:26 | 000,068,608 | ---- | M] (Microsoft Corporation) MD5=0BC23215395B93E3F9FBC035192BEDE1 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2007.05.21 19:39:26 | 001,054,208 | ---- | M] (Microsoft Corporation) MD5=8A981A02DCAEAF5CDCCBB23924322B19 -- C:\WINDOWS\explorer.exe
[2007.05.21 19:39:26 | 001,054,208 | ---- | M] (Microsoft Corporation) MD5=8A981A02DCAEAF5CDCCBB23924322B19 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2003.08.09 21:00:35 | 006,579,059 | R--- | M] () .cab file -- C:\ClientApps\w2ksp4\i386\NEW\sp4.cab:hal.dll
[2004.08.17 23:57:26 | 018,786,869 | R--- | M] () .cab file -- C:\ClientApps\wxpsp2\i386\sp2.cab:hal.dll
[2007.05.21 19:39:26 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2007.05.21 19:39:26 | 000,119,808 | ---- | M] (Microsoft Corporation) MD5=E209A057AB4D30EABF19CA71FE36A6B6 -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 23:57:26 | 018,786,869 | R--- | M] () .cab file -- C:\ClientApps\wxpsp2\i386\sp2.cab:Changer.sys
[2007.05.21 19:39:26 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2003.08.09 21:00:35 | 006,579,059 | R--- | M] () .cab file -- C:\ClientApps\w2ksp4\i386\NEW\sp4.cab:isapnp.sys
[2007.05.21 19:39:26 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:isapnp.sys
[2007.02.17 06:04:10 | 000,038,912 | ---- | M] (Microsoft Corporation) MD5=594B3575841CCE2D61FB1378D4D21C4B -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2007.02.17 06:04:10 | 000,038,912 | ---- | M] (Microsoft Corporation) MD5=594B3575841CCE2D61FB1378D4D21C4B -- C:\WINDOWS\system32\drivers\isapnp.sys
[2007.05.21 19:39:26 | 000,038,912 | ---- | M] (Microsoft Corporation) MD5=594B3575841CCE2D61FB1378D4D21C4B -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\isapnp.sys
< MD5 for: LSASS.EXE >
[2007.05.21 19:39:26 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=AB43A68417864C942222BC64CE5932B3 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2007.05.21 19:39:26 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=AB43A68417864C942222BC64CE5932B3 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2007.05.21 19:39:26 | 000,210,432 | ---- | M] (Microsoft Corporation) MD5=33739AB31D36184772AF1EE132D5C2E2 -- C:\WINDOWS\system32\dllcache\ndis.sys
[2007.05.21 19:39:26 | 000,210,432 | ---- | M] (Microsoft Corporation) MD5=33739AB31D36184772AF1EE132D5C2E2 -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2007.05.21 19:39:26 | 000,431,104 | ---- | M] (Microsoft Corporation) MD5=EBBB6B80D84736D6E5D7F79BC777B9A9 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2007.05.21 19:39:26 | 000,431,104 | ---- | M] (Microsoft Corporation) MD5=EBBB6B80D84736D6E5D7F79BC777B9A9 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2007.05.21 19:39:26 | 000,195,072 | ---- | M] (Microsoft Corporation) MD5=A1D694FAC77753536E8D7FD87EABE5CB -- C:\WINDOWS\system32\dllcache\scecli.dll
[2007.05.21 19:39:26 | 000,195,072 | ---- | M] (Microsoft Corporation) MD5=A1D694FAC77753536E8D7FD87EABE5CB -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2007.05.21 19:39:26 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=96DB9FDEDA11EBAB8BCFE72AA90DE632 -- C:\WINDOWS\system32\dllcache\smss.exe
[2007.05.21 19:39:26 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=96DB9FDEDA11EBAB8BCFE72AA90DE632 -- C:\WINDOWS\system32\smss.exe
[2004.08.17 23:49:27 | 000,481,792 | R--- | M] (Microsoft Corporation) MD5=CB56F803D2CAF6B3F32E82D2F73F4B3A -- C:\ClientApps\wxpsp2\i386\SYSTEM32\SMSS.EXE
< MD5 for: SVCHOST.EXE >
[2007.05.21 19:39:26 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=979D1325D4A7E827638991D3CDDB497A -- C:\WINDOWS\system32\dllcache\svchost.exe
[2007.05.21 19:39:26 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=979D1325D4A7E827638991D3CDDB497A -- C:\WINDOWS\system32\svchost.exe
< MD5 for: SYMMPI.SYS >
[2007.05.21 19:39:26 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:symmpi.sys
< MD5 for: TCPIP.SYS >
[2009.08.15 10:57:09 | 000,393,216 | ---- | M] (Microsoft Corporation) MD5=238DC2B879D1B37B91F8D5D44F3815D3 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2009.08.15 10:57:09 | 000,393,216 | ---- | M] (Microsoft Corporation) MD5=238DC2B879D1B37B91F8D5D44F3815D3 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2009.08.15 09:27:57 | 000,400,896 | ---- | M] (Microsoft Corporation) MD5=2617E35A208F1570D6928C13E63019FF -- C:\WINDOWS\$hf_mig$\KB967723\SP2QFE\tcpip.sys
[2008.06.20 12:01:56 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=2639B8D757793C4BF30B237C8FEF877C -- C:\WINDOWS\$hf_mig$\KB951746\SP2QFE\tcpip.sys
[2008.06.20 12:01:56 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=2639B8D757793C4BF30B237C8FEF877C -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.06.20 12:01:56 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=2639B8D757793C4BF30B237C8FEF877C -- C:\WINDOWS\$hf_mig$\KB961063\SP2QFE\tcpip.sys
[2008.06.20 15:22:43 | 000,384,000 | ---- | M] (Microsoft Corporation) MD5=52205475542A4505A6298A76245E3656 -- C:\WINDOWS\$NtUninstallKB967723$\tcpip.sys
[2007.05.21 19:39:26 | 000,383,488 | ---- | M] (Microsoft Corporation) MD5=76788FA017C0FD42E32D21555AB4FD89 -- C:\WINDOWS\$NtUninstallKB951746$\tcpip.sys
< MD5 for: USERINIT.EXE >
[2007.05.21 19:39:26 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=65DED424F5F46CF4073D656AC853CE3C -- C:\WINDOWS\system32\dllcache\userinit.exe
[2007.05.21 19:39:26 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=65DED424F5F46CF4073D656AC853CE3C -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2007.05.21 19:39:26 | 000,528,384 | ---- | M] (Microsoft Corporation) MD5=06B5C31D008FACD5B33C5EF7C1AE4DE0 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2007.05.21 19:39:26 | 000,528,384 | ---- | M] (Microsoft Corporation) MD5=06B5C31D008FACD5B33C5EF7C1AE4DE0 -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2007.05.21 19:39:26 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=0388CBD8E2E0575AC917C8419E263416 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2007.05.21 19:39:26 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=0388CBD8E2E0575AC917C8419E263416 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 03:33:06 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.07.13 16:20:50 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.07.13 16:20:50 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.07.13 16:20:50 | 000,495,616 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 03:33:06 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
< %systemroot%\system32\drivers\*.sys /3 >
[2010.11.08 18:27:45 | 000,007,168 | ---- | M] () -- C:\WINDOWS\system32\drivers\utq0nze4.sys
< %systemroot%\system32\*.* /3 >
[2010.11.10 10:11:23 | 000,000,163 | ---- | M] () -- C:\WINDOWS\system32\arcconfig.xml
[2010.11.10 10:11:23 | 000,027,700 | ---- | M] () -- C:\WINDOWS\system32\arcerror.txt
[2010.11.10 07:05:53 | 000,020,984 | ---- | M] () -- C:\WINDOWS\system32\hmdebug.log
[2010.11.10 11:52:10 | 000,002,586 | ---- | M] () -- C:\WINDOWS\system32\licstr.cpa
[2010.11.10 10:14:03 | 000,005,953 | ---- | M] () -- C:\WINDOWS\system32\mapisvc.inf
[2010.11.10 10:11:23 | 000,028,300 | ---- | M] () -- C:\WINDOWS\system32\MemDebugSVR.txt
[2010.11.08 10:18:33 | 000,330,820 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2010.11.08 10:18:33 | 000,308,132 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010.11.08 10:18:33 | 001,095,518 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2010.11.08 10:18:34 | 001,087,838 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010.11.08 10:18:32 | 002,876,270 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010.11.10 07:06:40 | 000,000,011 | ---- | M] () -- C:\WINDOWS\system32\WinX86.log
[2010.11.09 20:41:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
< End of report >
Re: Prosím o kontrolu logu
Říkal jste, že máte ještě jeden pc se Serverem2003. Je v něm tento soubor?C:\WINDOWS\System32\bits.dll
Mrkněte, zda twento soubor máte fyzicky v pc, a pokud ano, otestujte na www.virustotal.comC:\WINDOWS\System32\drivers\twju.sys
Teď se počítač chová jak, kromě těch aktualizací?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
bits.dll ani na jiným serveru není... koukal jsem na dva Win Srv 2003
soubor C:\WINDOWS\System32\drivers\twju.sys fyzicky neexistuje
soubor C:\WINDOWS\System32\drivers\twju.sys fyzicky neexistuje
Přispějete na provoz fóra?