VIRY.CZ

Zdravím, měl jsem problém s virem Security Tool, na vašem webu jsem ale našel návod jak se ho zbavit. Stáhl jsem si Malwarebytes' Anti-Malware, který mi našel několik infikovaných položek. K odstranění některých bylo potřeba PC restartovat, načež jsem tak učinil, ale po restartu mi naběhla na počítači pouze černá obrazovka. Zkoušel jsem F8 a poté PC spustit běžným způsobem, poslední známou konfiguraci nebo třeba nouzový režim ale vždy poté zase naskočí černá obrazovka a nevím co dál. Díky za případnou pomoc

Ani kurzor není vidět. Vypálit CD na jiném PC by neměl být problém

Ok, díky za rychlou odpověď, zkusím to

Promiň, že odepisuju až teď, měl jsem ještě nějaký zařizování.

Udělal jsem vše jak jsi psal, ale v průběhu prohledávání mi vyskočila chybová hláška Cannot create file X:/Programs/OTLPE/cmd/.bat.

Ok, nic se neděje, udělám to znova Verzi mám ENG

OTL logfile created on: 4/17/2010 12:33:59 PM - Run
OTLPE by OldTimer - Version 3.1.28.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 191.00 Mb Available Physical Memory | 37.00% Memory free
459.00 Mb Paging File | 246.00 Mb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 3.93 Gb Free Space | 3.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - [2009/11/28 03:42:16 | 000,268,288 | ---- | M] () [Auto] -- C:\WINDOWS\system32\nycygajoos.exe -- (eoreatzwazjy)
SRV - [2009/11/23 14:22:41 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (tuneup.defrag)
SRV - [2009/11/12 11:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand] -- C:\Program Files\iPod\bin\iPodService.exe -- (ipod service)
SRV - [2009/10/30 10:05:48 | 001,021,256 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (tuneup.utilitiessvc)
SRV - [2009/10/30 10:01:00 | 000,030,024 | ---- | M] (TuneUp Software) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (uxtuneup)
SRV - [2009/09/11 07:02:16 | 000,133,104 | ---- | M] (Google Inc.) [Auto] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca32cf61c5923c) Služba Google Update (gupdate1ca32cf61c5923c)
SRV - [2009/08/28 14:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (apple mobile device)
SRV - [2008/12/12 06:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/19 08:30:02 | 000,222,456 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008/07/23 10:25:45 | 000,348,344 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008/07/19 10:38:28 | 000,147,640 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008/07/19 10:38:04 | 000,250,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008/07/19 10:25:06 | 000,016,056 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007/10/25 09:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 05:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/03/26 07:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/08/05 15:05:00 | 000,516,096 | ---- | M] () [Auto] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2005/08/03 23:02:57 | 000,380,928 | ---- | M] (ATI Technologies Inc.) [Auto] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/04/03 19:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 14:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/04/15 06:24:57 | 000,054,016 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\fyixcrn.sys -- (jtkmmwbd)
DRV - [2010/04/15 03:03:42 | 000,000,000 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\njgyycjk.sys -- (njgyycjk)
DRV - [2009/10/14 02:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (tuneuputilitiesdrv)
DRV - [2009/08/28 14:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (usbaapl)
DRV - [2009/05/18 09:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (gearaspiwdm)
DRV - [2008/09/24 06:29:25 | 000,029,184 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2008/09/05 15:15:22 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/07/28 11:07:54 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/07/21 08:11:58 | 000,024,392 | ---- | M] (Elaborate Bytes AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/07/19 10:37:42 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/07/19 10:37:21 | 000,094,416 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2008/07/19 10:35:18 | 000,078,416 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2008/07/19 10:33:42 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/07/19 10:32:36 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008/07/19 10:32:15 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007/11/13 06:25:52 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/11/03 06:21:00 | 000,068,096 | ---- | M] (EZB Systems, Inc.) [File_System | System] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2005/11/21 01:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/08/22 10:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 10:06:16 | 000,244,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/08/22 10:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/03 23:10:16 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/10 18:33:12 | 000,032,256 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2004/10/25 14:02:00 | 000,021,664 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH)
DRV - [2004/08/03 17:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 16:41:56 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys -- (HSF_DP)
DRV - [2004/03/17 05:04:14 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/06/17 10:24:00 | 000,286,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2003/06/17 10:24:00 | 000,030,336 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2003/03/19 09:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2002/11/27 14:52:00 | 000,080,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2002/09/23 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/09/23 06:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2002/09/23 06:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2001/08/17 18:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 17:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 17:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 17:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 17:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 17:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 17:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 17:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 17:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 17:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2001/08/17 16:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://google.icq.com
IE - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
IE - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fmko.cz/
IE - HKU\Administrator_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\Administrator_ON_C\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Kristýnka_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\mozilla firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 12:28:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 12:28:14 | 000,000,000 | ---D | M]

[2010/04/15 05:08:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/07 11:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008/01/23 02:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/03/16 14:34:36 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010/03/16 14:34:36 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010/03/16 14:34:36 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010/03/16 14:34:36 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010/03/16 14:34:36 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2002/09/23 06:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\Administrator\Dokumenty\BitComet\tools\BitCometBHO_1.2.1.2.dll (BitComet)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nForce Tray Options] C:\WINDOWS\System32\sstray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [noozou] C:\WINDOWS\system32\tigoob.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe (WildTangent, Inc.)
O4 - HKLM..\Run: [zitof] C:\WINDOWS\system32\bugyco.exe ()
O4 - HKU\Administrator_ON_C..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\Administrator_ON_C..\Run: [DAEMON Tools Lite] C:\Documents and Settings\Administrator\Dokumenty\DAEMON Tools Lite\daemon.exe File not found
O4 - HKU\Administrator_ON_C..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe File not found
O4 - HKU\Administrator_ON_C..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\Kristýnka_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe File not found
O4 - HKU\Kristýnka_ON_C..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKU\Kristýnka_ON_C..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\Kristýnka_ON_C..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe File not found
O4 - HKU\User_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe File not found
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Kristýnka_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Documents and Settings\Administrator\Dokumenty\BitComet\tools\BitCometBHO_1.2.1.2.dll (BitComet)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00aa00389b71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/07 12:23:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/10/07 12:23:14 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\Pvmjpg21.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.VP31 - C:\WINDOWS\System32\vp31vfw.dll (On2.com)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

========== Files/Folders - Created Within 7 Days ==========

[2010/04/15 05:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
[2010/04/15 05:04:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/15 05:04:14 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/15 05:04:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/15 05:03:27 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Plocha\mbam-setup-1.45.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010/04/15 06:25:10 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/15 06:25:10 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/04/15 06:25:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/15 06:25:03 | 011,272,192 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/04/15 06:25:03 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/04/15 06:24:57 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\fyixcrn.sys
[2010/04/15 05:03:40 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Plocha\mbam-setup-1.45.exe
[2010/04/15 04:59:49 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\rkill.exe
[2010/04/15 04:58:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/15 04:52:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/15 04:29:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2010/04/15 04:28:57 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/15 04:13:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/15 03:03:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\njgyycjk.sys
[2010/04/13 06:31:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/15 06:24:57 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\fyixcrn.sys
[2010/04/15 04:59:53 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\rkill.exe
[2010/04/13 03:58:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\njgyycjk.sys
[2010/01/23 16:07:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lqacrd.sys
[2009/09/11 07:13:45 | 000,000,023 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/02 12:10:20 | 000,155,216 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2007/11/21 10:46:13 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/04/09 16:36:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/09 16:36:06 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/09 16:32:03 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/09/18 03:52:23 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\.zreglib
[2006/05/27 15:59:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/03/12 05:45:42 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
[2006/03/11 07:23:58 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\nLame.dll
[2006/03/11 07:23:58 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll
[2006/03/09 19:49:21 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/03/09 19:49:17 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/03/09 19:49:17 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/03/09 19:49:14 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006/03/09 19:49:14 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/02/02 06:11:01 | 000,000,953 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2005/10/08 15:05:46 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/08 09:37:09 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/08 09:35:12 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2003/06/17 10:34:16 | 000,018,253 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2003/04/09 09:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2006/07/19 10:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Azureus
[2008/11/16 02:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Canneverbe_Limited
[2006/07/20 12:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ConvertTemp
[2008/09/05 15:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools
[2006/11/24 11:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Elaborate Bytes
[2010/03/19 12:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ICQ
[2008/03/19 13:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar
[2005/10/19 13:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ICQLite
[2007/11/28 11:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\LimeWire
[2008/09/15 11:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\MegauploadToolbar
[2007/07/24 19:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Nokia
[2006/11/24 11:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\OLYMPUS
[2007/07/24 19:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\PC Suite
[2007/05/10 08:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Samsung
[2006/09/18 03:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\SlySoft
[2010/02/13 04:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Sports Interactive
[2006/07/20 12:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Temporary
[2006/07/20 12:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\TransRender
[2009/11/23 14:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\TuneUp Software
[2009/02/18 12:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
[2009/11/23 15:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\TuneUp Software
[2010/04/15 04:29:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

Invalid Environment Variable: %APPDATA%\*.

Invalid Environment Variable: %APPDATA%\*.exe


< MD5 for: AGP440.SYS >
[2004/08/17 09:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/17 09:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\agp440.sys
[2004/08/03 17:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/03 17:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/09/23 06:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/17 09:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/17 09:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002/09/23 06:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CHANGER.SYS >
[2004/08/17 09:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2004/08/17 09:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2008/04/13 14:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\changer.sys
[2004/08/03 17:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: CRYPTSVC.DLL >
[2002/09/23 06:00:00 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2004/08/17 09:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2004/08/17 09:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2008/04/13 23:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008/04/13 23:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\eventlog.dll
[2004/08/17 09:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/17 09:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
[2002/09/23 06:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2002/09/23 06:00:00 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 23:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\explorer.exe
[2004/08/17 09:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004/08/17 09:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 09:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 09:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\explorer.exe
[2007/06/13 09:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2002/09/23 06:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2004/08/17 09:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004/08/17 09:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2008/04/13 14:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\hal.dll
[2004/08/03 16:59:20 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=C321C95318495909A0066FB0EDC97287 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2002/09/23 06:00:00 | 000,127,872 | ---- | M] (Microsoft Corporation) MD5=E8D2B5D5186A9B93D7019D7A74D77A1E -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
[2004/08/03 16:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\HAL.DLL

< MD5 for: ISAPNP.SYS >
[2002/09/23 06:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008/04/13 22:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\isapnp.sys

< MD5 for: LSASS.EXE >
[2002/09/23 06:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=32F7074BAC9A5F899CCA9C046C9FA6EB -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2004/08/17 09:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2004/08/17 09:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
[2008/04/13 23:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\lsass.exe

< MD5 for: NDIS.SYS >
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ndis.sys
[2002/09/23 06:00:00 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
[2004/08/03 17:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2004/08/03 17:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004/08/17 09:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/17 09:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
[2008/04/13 23:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\netlogon.dll
[2002/09/23 06:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CF03E300B5CEEFFEFBE6F67532BD0EF1 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/17 09:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/17 09:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 23:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\scecli.dll
[2002/09/23 06:00:00 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B2666CAB5E8C8A741D63F18D551A47FB -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: SMSS.EXE >
[2004/08/17 09:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2004/08/17 09:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2002/09/23 06:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7763D73255AD4046FA999D42EAF22C26 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008/04/13 23:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\smss.exe

< MD5 for: SVCHOST.EXE >
[2002/09/23 06:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008/04/13 23:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\svchost.exe
[2004/08/17 09:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004/08/17 09:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2006/04/20 07:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2002/09/23 06:00:00 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006/01/13 13:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2006/01/12 22:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2005/05/25 15:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[2007/10/30 12:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008/06/20 06:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2005/05/25 15:04:02 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=88763A98A4C26C409741B4AA162720C9 -- C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
[2007/10/30 13:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2004/08/03 17:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
[2004/08/03 17:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006/04/20 08:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008/04/13 23:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\userinit.exe
[2004/08/17 09:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004/08/17 09:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
[2002/09/23 06:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B26871B5CE92F9D95AE6E62119799EB9 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/17 09:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004/08/17 09:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 23:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\winlogon.exe
[2002/09/23 06:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=FF8857D1AF59071F172C0FAD0FD33E87 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004/08/17 09:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2004/08/17 09:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
[2002/09/23 06:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008/04/13 23:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 13:42:16 | 000,148,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2008/12/20 19:03:39 | 006,066,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2008/12/20 19:03:40 | 000,267,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2004/08/17 09:49:14 | 000,275,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2004/08/17 09:49:16 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2004/08/17 09:49:16 | 000,023,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\psapi.dll
[2007/10/25 12:57:21 | 008,458,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/10/06 19:37:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/10/06 19:37:10 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/10/06 19:37:10 | 000,401,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 13:42:16 | 000,148,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2008/12/20 19:03:39 | 006,066,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2008/12/20 19:03:40 | 000,267,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2004/08/17 09:49:14 | 000,275,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2004/08/17 09:49:16 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2004/08/17 09:49:16 | 000,023,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\psapi.dll
[2007/10/25 12:57:21 | 008,458,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< CREATERESTOREPOINT >
< End of report >

OTL Extras logfile created on: 4/17/2010 12:33:59 PM - Run
OTLPE by OldTimer - Version 3.1.28.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 191.00 Mb Available Physical Memory | 37.00% Memory free
459.00 Mb Paging File | 246.00 Mb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 3.93 Gb Free Space | 3.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
Using ControlSet: ControlSet003

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"7618:TCP" = 7618:TCP:*:Enabled:BitComet 7618 TCP
"7618:UDP" = 7618:UDP:*:Enabled:BitComet 7618 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Alžběta\Dokumenty\Adámečíček\BitComet\BitComet.exe" = C:\Documents and Settings\Alžbeta\Dokumenty\Adámecícek\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009 -- (Sports Interactive)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{048298c9-a4d3-490b-9ff9-ab023a9238f3}" = Steam
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{07287123-b8ac-41ce-8346-3d777245c35b}" = Bonjour
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{122A9B48-BCE3-4CE1-B7C4-E45EA2D728D6}" = Samsung PC Studio
"{129DDEC1-A6A3-3D60-AABE-76E6E5334922}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CSY
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{1451de6b-abe1-4f62-be9a-b363a17588a2}" = QuickTime
"{239BB983-8A2D-4974-B780-2ADAE32752D5}" = Windows Live installer
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3fa365df-2d68-45ed-8f83-8c8a33e65143}" = Apple Application Support
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856f-b6b3-4be0-ba0b-8f495be32033}" = Apple Software Update
"{6de13770-01b7-4366-8da6-48237793f445}" = VoiceOver Kit
"{6FE8B722-4D7E-3CD7-BB3A-3AD1684B1295}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CSY
"{74DCC43B-33C9-3389-BD0D-33EB37973657}" = Microsoft .NET Framework 3.5 Language Pack - csy
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000ff1ce}" = Compatibility Pack for the 2007 Office system
"{a6fdf86a-f541-4e7b-aea0-8849a2a700d5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{aadea55d-c834-4bcb-98a3-4b8d1c18f4ee}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1029-7B44-A70000000000}" = Adobe Reader 7.0 - Czech
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Asistent pro přihlášení ke službě Windows Live
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{d3742f82-1c1a-4dcc-abbd-0e7c3c0185cc}" = TuneUp Utilities
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F62475E6-6F06-4D65-97D3-71D3CB696A1C}" = Windows Live Messenger
"{fe3997d3-6b56-4ac4-a99c-9ddfc45359bf}" = TuneUp Utilities Language Pack (en-US)
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"AviSynth" = AviSynth 2.5
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1" = PCI SoftV92 Modem
"Czech Soccer Manager 2002 Final Editionverze 4.0 (31.3.2006)" = Czech Soccer Manager 2002 Final Edition
"DVDFab Decrypter_is1" = DVDFab Decrypter 3.0.7.2
"EPSON Printer and Utilities" = EPSON Printer Software
"Football Manager 2009" = Football Manager 2009
"football manager 2010" = Football Manager 2010
"Free YouTube Downloader Converter" = Free YouTube Downloader Converter
"free-downloads.net Toolbar" = free-downloads.net Toolbar
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.67 Full
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft .NET Framework 3.5 Language Pack - csy" = Microsoft .NET Framework 3.5 Language Pack - CSY
"Microsoft DirectX SDK (November 2008)" = Microsoft DirectX SDK (November 2008)
"mozilla firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nForce Drivers" = NVIDIA nForce Drivers
"POD-Bot 2.5" = POD-Bot 2.5
"quake iii arena" = Quake III Arena
"rajče.net_is1" = rajče beta50
"RealPlayer 12.0" = RealPlayer
"tuneup utilities" = TuneUp Utilities
"UltraISO_is1" = UltraISO Premium V8.65
"VirtualCloneDrive" = VirtualCloneDrive
"wcmdmgr.exe" = WildTangent Updater
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"wtwebdriver" = WildTangent Web Driver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ymb" = Yahoo! Mail Quick Select Tool (PhotoMail)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

< End of report >




(nešlo mi to dát do jedné zprávy kvůli přílišnému počtu znaků, omlouvám se za DP)

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3989

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13

15.4.2010 12:24:45
mbam-log-2010-04-15 (12-24-45).txt

Typ skenu: Úplný sken (A:\|C:\|D:\|E:\|G:\|)
Skenované objekty: 349511
Uplynulý čas: 1 hodina(y), 6 minuta(y), 30 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 8
Infikované hodnoty registru: 3
Infikované datové položky registru: 2
Infikované složky: 5
Infikované soubory: 16

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ce3edaaa (Rootkit.Rustock) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgMgr (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\39711425 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet connection wizard setup tool (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysgif32 (Trojan.Proxy) -> Quarantined and deleted successfully.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Infikované složky:
C:\Documents and Settings\All Users\Data aplikací\39711425 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Documents and Settings\All Users\Data aplikací\39711425\39711425.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv871254042811.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\install.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ce3edaaa.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv101253107493.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv261252841080.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Plocha\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Nabídka Start\Programy\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Data aplikací\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\ikowin32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv101248633206.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv581248662101.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv921253471139.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.




Promiň já teď musim jet tak na dvě hodiny pryč

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\eoreatzwazjy deleted successfully.
C:\WINDOWS\system32\nycygajoos.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\jtkmmwbd deleted successfully.
C:\WINDOWS\system32\drivers\fyixcrn.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\njgyycjk deleted successfully.
C:\WINDOWS\system32\drivers\njgyycjk.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\noozou deleted successfully.
C:\WINDOWS\system32\tigoob.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wcmdmgr deleted successfully.
C:\WINDOWS\wt\updater\wcmdmgrl.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\zitof deleted successfully.
C:\WINDOWS\system32\bugyco.exe moved successfully.
File C:\WINDOWS\System32\drivers\fyixcrn.sys not found.
File C:\WINDOWS\System32\drivers\njgyycjk.sys not found.
C:\WINDOWS\system32\drivers\lqacrd.sys moved successfully.

OTLPE by OldTimer - Version 3.1.28.0 log created on 04172010_151222


Posílám ten log, ale musím zas běžet každopádně díky, že se mnou máš trpělivost

Já zas v šest musim z baráku a vracim se až k jedenáctý hodině a to chápu, že máš taky svoje starosti. Zítra tu budu dopoledne pak jsem zas tak do jedenácti pryč

Po restartu PC už mě to pustilo k přihlášení, které také proběhlo úspěšně. Ani Security Tool už mě "nestraší". Úplně vyhráno asi ještě ale nemám co?

ComboFix 10-04-15.05 - Administrator 17.04.2010 19:29:34.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.211 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081031-1] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Cookies\administrator@managerzone[2].txt
c:\windows\system32\sstray.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-17 do 2010-04-17 )))))))))))))))))))))))))))))))
.

2010-04-17 19:12 . 2010-04-17 19:12 -------- d-----w- C:\_OTL
2010-04-15 09:04 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-15 09:04 . 2010-04-15 09:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 09:04 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 15:58 . 2009-10-24 09:10 -------- d-----w- c:\program files\Steam
2010-03-30 16:31 . 2002-09-23 10:00 82656 ----a-w- c:\windows\system32\perfc005.dat
2010-03-30 16:31 . 2002-09-23 10:00 438014 ----a-w- c:\windows\system32\perfh005.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 13:54 1555480 ----a-w- c:\program files\free-downloads.net\tbfre0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"Steam"="c:\program files\Steam\Steam.exe" [2010-02-20 1217872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-11 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 11:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"ERSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7618:TCP"= 7618:TCP:BitComet 7618 TCP
"7618:UDP"= 7618:UDP:BitComet 7618 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.4.2008 15:13 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.4.2008 15:13 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [7.4.2009 17:26 222456]
R2 tuneup.utilitiessvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 16:05 1021256]
R3 tuneuputilitiesdrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 8:24 10064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.9.2008 21:15 717296]
S2 gupdate1ca32cf61c5923c;Služba Google Update (gupdate1ca32cf61c5923c);c:\program files\Google\Update\GoogleUpdate.exe [11.9.2009 13:02 133104]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-17 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]

2010-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-11 11:02]

2010-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-11 11:02]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.fmko.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
uInternet Settings,ProxyOverride = *.local
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\documents and settings\Administrator\Dokumenty\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\documents and settings\Administrator\Dokumenty\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\documents and settings\Administrator\Dokumenty\BitComet\BitComet.exe/AddAllLink.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\jjpv2dza.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-OM_Monitor - c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe
HKCU-Run-DAEMON Tools Lite - c:\documents and settings\Administrator\Dokumenty\DAEMON Tools Lite\daemon.exe
HKLM-Run-nForce Tray Options - sstray.exe
MSConfigStartUp-ICQ - c:\program files\ICQ6\ICQ.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 19:43
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1392)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-04-17 19:49:48
ComboFix-quarantined-files.txt 2010-04-17 17:49

Před spuštěním: 4 081 922 048
Po spuštění: 7 963 914 240

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 371AC6B682111705CE6998C68F9A4B77


P.S. - zapiste si informace proc se ukoncil nebo co mu brani v provozu (sdelte radci) - Antivirus: Avast! Antivirus (VPS 081031-1)

Posílám log po rychlém skenu, protože nevím zda ještě budu doma až se dokončí sken druhý



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-18 08:12:12
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ugldqpog.sys


---- System - GMER 1.0.15 ----

SSDT spoe.sys ZwEnumerateKey [0xF85B3CA2]
SSDT spoe.sys ZwEnumerateValueKey [0xF85B4030]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82F701F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-19 06:59:38
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ugldqpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xBA7C0618]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xBA7C04D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xBA7C09B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xBA7C00AC]
SSDT spoe.sys ZwEnumerateKey [0xF85B3CA2]
SSDT spoe.sys ZwEnumerateValueKey [0xF85B4030]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xBA7C05AE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xBA7BFFEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xBA7C0050]
SSDT spoe.sys ZwQueryKey [0xF85B4108]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xBA7C06CE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xBA7C068E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xBA7C080E]

INT 0x62 ? 82F71BF8
INT 0x82 ? 82F71BF8
INT 0x83 ? 82E18BF8
INT 0x83 ? 82E18BF8
INT 0x83 ? 82E18BF8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82F701F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBPDO-0 82DE41F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 82FDD1F8
Device \Driver\dmio \Device\DmControl\DmConfig 82FDD1F8
Device \Driver\dmio \Device\DmControl\DmPnP 82FDD1F8
Device \Driver\dmio \Device\DmControl\DmInfo 82FDD1F8
Device \Driver\usbohci \Device\USBPDO-1 82DE41F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 82F721F8
Device \Driver\Cdrom \Device\CdRom0 82DC41F8
Device \Driver\Cdrom \Device\CdRom1 82DC41F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 82F711F8
Device \Driver\atapi \Device\Ide\IdePort0 82F711F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 82F711F8
Device \Driver\atapi \Device\Ide\IdePort1 82F711F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 82F711F8
Device \Driver\Cdrom \Device\CdRom2 82DC41F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 825B71F8
Device \Driver\NetBT \Device\NetbiosSmb 825B71F8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{28AF7622-4EF3-4BB0-A048-5695D826F4C9} 825B71F8
Device \Driver\usbohci \Device\USBFDO-0 82DE41F8
Device \Driver\usbohci \Device\USBFDO-1 82DE41F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{171585F7-5536-431B-B103-A6F33516312C} 825B71F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 824411F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 824411F8
Device \Driver\Ftdisk \Device\FtControl 82F721F8
Device \Driver\VClone \Device\Scsi\VClone1 82D6B1F8
Device \Driver\VClone \Device\Scsi\VClone1Port2Path0Target0Lun0 82D6B1F8
Device \FileSystem\Cdfs \Cdfs 82C06500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE4 0x27 0xA5 0xCF ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Documents and Settings\Administrator\Dokumenty\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9B 0x77 0xC6 0x01 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x88 0x04 0x1A 0xC8 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x78 0xD4 0x40 0xCA ...
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Services\BITS\Parameters@ServiceDll C:\WINDOWS\System32\qmgr.dll
Reg HKLM\SYSTEM\controlset002\Services\MRxDAV\EncryptedDirectories@
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE4 0x27 0xA5 0xCF ...
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Documents and Settings\Administrator\Dokumenty\DAEMON Tools Lite\
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9B 0x77 0xC6 0x01 ...
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x88 0x04 0x1A 0xC8 ...
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x78 0xD4 0x40 0xCA ...
Reg HKLM\SYSTEM\controlset002\Services\wuauserv\Parameters@ServiceDll C:\WINDOWS\system32\wuauserv.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE4 0x27 0xA5 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Documents and Settings\Administrator\Dokumenty\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9B 0x77 0xC6 0x01 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x88 0x04 0x1A 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x78 0xD4 0x40 0xCA ...

---- Files - GMER 1.0.15 ----

File C:\Cookies 0 bytes
File C:\Cookies\index.dat 16384 bytes
File C:\Data aplikací 0 bytes
File C:\Data aplikací\Microsoft 0 bytes
File C:\Data aplikací\Microsoft\Credentials 0 bytes
File C:\Data aplikací\Microsoft\Credentials\S-1-5-19 0 bytes
File C:\Data aplikací\Microsoft\Internet Explorer 0 bytes
File C:\Data aplikací\Microsoft\SystemCertificates 0 bytes
File C:\Data aplikací\Microsoft\SystemCertificates\My 0 bytes
File C:\Data aplikací\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\Data aplikací\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\Data aplikací\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\Data aplikací\TuneUp Software 0 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities 0 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Backups 0 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics 0 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-01-11.rep 135 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-11-26.rep 442 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-11-30.rep 190 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-12-02.rep 316 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-12-03.rep 324 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-12-07.rep 346 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-12-10.rep 355 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-12-13.rep 346 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-12-18.rep 355 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-12-25.rep 216 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-12-28.rep 134 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-12-31.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-01-03.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-01-07.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-01-14.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-01-17.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-01-18.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-01-23.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-01-27.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-01-30.rep 134 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-02-02.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-02-07.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-02-10.rep 135 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-02-14.rep 134 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-02-18.rep 134 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-02-24.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-03-08.rep 134 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-03-11.rep 135 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-03-15.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-03-18.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-03-21.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-03-29.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-04-02.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-04-06.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-04-10.rep 135 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-04-13.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-04-17.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\Recentdata.rep 603 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\StartUp Manager 0 bytes
File C:\Local Settings 0 bytes
File C:\Nabídka Start 0 bytes
File C:\NTUSER.DAT 262144 bytes
File C:\ntuser.dat.LOG 1024 bytes
File C:\ntuser.ini 20 bytes
File C:\Plocha 0 bytes

---- EOF - GMER 1.0.15 ----

MBAM pošlu ještě odpoledne, promiň vrátil jsem se až po půlnoci. rkill byl tuším ve spojitosti se Security Toolem, četl jsem na to jeden návod zde na fóru.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3989

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

19.4.2010 20:31:44
mbam-log-2010-04-19 (20-31-44).txt

Typ skenu: Úplný sken (A:\|C:\|D:\|E:\|F:\|G:\|)
Skenované objekty: 343449
Uplynulý čas: 4 hodina(y), 31 minuta(y), 0 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)




Jdu na ten OTL