není platná aplikace typu win32 ( windows xp pro sp3 )

Zpráva

vospunt · #1 Příspěvek od **vospunt** » 23 dub 2010 14:17

mám notebook s windows xp proffesional SP3 CZ a když chci spustit PHPedit jakoukoli verzi staženou přímo ze stránek tvůrců tak mi to napíše : umístění/PHPedit.exe není platná aplikace typu Win32 ... po přeinstalování programu jednou spustím zavřu a podruhé zase nejde ... to samý ... ani změna kompatibility nepomůže ... prosím poraďte

vospunt · #2 Příspěvek od **vospunt** » 23 dub 2010 15:51

ten RSIT je smazaní tak jsem to udělal přes Hijackthis
a když jsem chtěl instalovat adobe reader tak ten nešel taky spustit to samé ale to vyřešilo stažení jiné verze jinak jsem na nic jinýho nenarazil ... zatím

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:50:10, on 23.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vospunt\Dokumenty\Downloads\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.update.microsoft.com/windows ... aspx?ln=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [] C:\DOCUME~1\vospunt\LOCALS~1\Temp\msiecomm.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [] C:\DOCUME~1\vospunt\LOCALS~1\Temp\msiecomm.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1517510734
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 7992 bytes

vospunt · #3 Příspěvek od **vospunt** » 23 dub 2010 16:27

prve si mi dal odkaz at si stáhnu RSIT a dám sem log ale v tom článku : http://www.viry.cz/forum/viewtopic.php?f=13&t=82743 je nefunkční odkaz jinak ten log je zde

OTL logfile created on: 23.4.2010 17:19:37 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\vospunt\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,89 Gb Total Space | 127,76 Gb Free Space | 54,86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3,67 Gb Total Space | 1,65 Gb Free Space | 44,98% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOTEBOOK
Current User Name: vospunt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.23 17:17:08 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vospunt\Plocha\OTL.exe
PRC - [2010.04.19 22:38:14 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.04.12 21:21:59 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010.04.04 07:57:52 | 000,349,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2010.03.28 05:13:16 | 000,530,416 | ---- | M] (Google Inc.) -- C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
PRC - [2010.03.13 12:58:58 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared files\brs.exe
PRC - [2010.02.03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2009.10.30 15:31:10 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009.10.30 15:28:52 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009.03.04 23:33:34 | 000,660,549 | ---- | M] ( ) -- C:\Program Files\Miranda IM\miranda32.exe
PRC - [2009.03.03 05:50:57 | 008,500,328 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2002.03.19 17:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
PRC - [2001.08.24 20:00:00 | 000,036,352 | --S- | M] (Microsoft Corporation) -- C:\WINDOWS\svchost.exe
PRC - [2001.08.24 20:00:00 | 000,036,352 | --S- | M] (Microsoft Corporation) -- C:\WINDOWS\svchost.exe

========== Modules (SafeList) ==========

MOD - [2010.04.23 17:17:08 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vospunt\Plocha\OTL.exe
MOD - [2010.04.19 22:38:34 | 000,008,704 | ---- | M] () -- C:\Program Files\Real\RealPlayer\rpchromebrowserrecordhelper.dll
MOD - [2010.04.19 22:38:15 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll

========== Win32 Services (SafeList) ==========

SRV - [2010.04.23 07:46:10 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.10.30 15:28:52 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.10.30 15:24:28 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2001.08.24 20:00:00 | 000,036,352 | --S- | M] (Microsoft Corporation) [Disabled | Running] -- C:\WINDOWS\svchost.exe -- (PowerManager)

========== Driver Services (SafeList) ==========

DRV - [2010.04.23 16:33:39 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010.04.14 11:11:01 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.03.13 12:58:52 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/04/20 19:11:30] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2009.10.14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.05.14 20:03:24 | 000,445,696 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006.07.24 16:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.03.23 09:59:36 | 000,037,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006.03.23 09:59:28 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006.03.15 08:51:00 | 000,244,608 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2003.06.03 08:28:02 | 000,040,060 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ulink.sys -- (Usblink)
DRV - [2001.10.25 16:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.10.25 16:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-1580818891-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.update.microsoft.com/windows ... aspx?ln=cs
IE - HKU\S-1-5-21-343818398-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-343818398-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>

FF - HKLM\software\mozilla\Firefox\extensions\\PHPEditXdebugExtension@waterproof.fr: C:\Program Files\WaterProof\PHPEdit\3.6.2\Tools\FirefoxExtension\unpacked [2010.04.23 15:22:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2010.04.19 22:38:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.19 22:57:47 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2001.10.25 16:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O4 - HKLM..\Run: [] C:\Documents and Settings\vospunt\Local Settings\Temp\msiecomm.exe (I8wI)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-343818398-1580818891-839522115-1003..\Run: [] C:\Documents and Settings\vospunt\Local Settings\Temp\msiecomm.exe (I8wI)
O4 - HKU\S-1-5-21-343818398-1580818891-839522115-1003..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-1580818891-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 1517510734 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.1 194.228.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.12 20:38:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.03.21 16:09:02 | 000,059,304 | RHS- | M] () - G:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{37f863d4-4e4f-11df-af7e-002127cc9828}\Shell - "" = AutoRun
O33 - MountPoints2\{37f863d5-4e4f-11df-af7e-002127cc9828}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.04.12 22:22:53 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
NetSvcs: adwepgbfe - C:\WINDOWS\system32\rqmlkdi.dll ()

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)

========== Files/Folders - Created Within 7 Days ==========

[2010.04.23 17:17:08 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\vospunt\Plocha\OTL.exe
[2010.04.23 16:33:39 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2010.04.23 16:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vospunt\Local Settings\Data aplikací\eSupport.com
[2010.04.23 14:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Opera
[2010.04.23 14:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vospunt\Data aplikací\Opera
[2010.04.23 14:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010.04.23 08:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\TuneUp Software
[2010.04.23 07:47:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010.04.23 07:46:15 | 000,029,512 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2010.04.23 07:46:12 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010.04.23 07:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vospunt\Data aplikací\TuneUp Software
[2010.04.23 07:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2010.04.23 07:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2010.04.23 07:44:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Data aplikací\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.04.21 21:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\DAMN NFO Viewer
[2010.04.21 18:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vospunt\Local Settings\Data aplikací\PunkBuster
[2010.04.21 11:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\2DBoy
[2010.04.21 10:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vospunt\Plocha\internet
[2010.04.21 10:39:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vospunt\Plocha\sprava dat
[2010.04.21 07:57:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010.04.20 19:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vospunt\Plocha\WATER_ PROOF_ V3.6.2.10207
[2010.04.20 19:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Cyberlink
[2010.04.20 19:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vospunt\Data aplikací\CyberLink
[2010.04.20 19:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\CyberLink
[2010.04.20 19:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2010.04.20 19:10:09 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010.04.20 19:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010.04.20 19:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Temp
[2010.04.19 22:57:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.04.19 22:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
[2010.04.19 22:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.04.19 22:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Apple
[2010.04.19 22:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.04.19 22:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Apple
[2010.04.19 22:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Apple Computer
[2010.04.19 22:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Real
[2010.04.19 22:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010.04.19 22:38:30 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010.04.19 22:38:15 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010.04.19 22:38:15 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010.04.19 22:38:15 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010.04.19 22:38:15 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010.04.19 22:38:15 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010.04.19 22:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010.04.19 22:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010.04.19 22:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vospunt\Data aplikací\Real
[2010.04.19 21:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vospunt\Data aplikací\WaterProof
[2010.04.18 19:25:32 | 000,302,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe
[2010.04.18 19:23:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010.04.18 18:51:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010.04.18 18:34:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010.04.18 18:34:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cs
[2010.04.18 18:34:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010.04.18 18:29:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010.04.18 09:05:57 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010.04.18 09:05:57 | 000,017,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010.04.18 08:55:56 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010.04.18 08:55:56 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010.04.18 08:55:56 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010.04.18 08:55:56 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010.04.18 08:55:56 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010.04.18 08:55:56 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010.04.18 08:55:54 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010.04.18 08:55:54 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010.04.18 08:55:54 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010.04.18 08:55:54 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010.04.18 08:55:53 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010.04.18 08:55:53 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010.04.18 08:55:52 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010.04.18 08:55:52 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010.04.18 08:55:51 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010.04.18 08:55:51 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010.04.18 08:55:51 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010.04.18 08:55:24 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010.04.18 08:55:24 | 000,326,912 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010.04.18 08:55:24 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010.04.18 08:55:24 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010.04.18 08:55:24 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010.04.18 08:55:24 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010.04.18 08:55:24 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010.04.18 08:55:24 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010.04.18 08:55:24 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010.04.18 08:55:24 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010.04.18 08:55:24 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010.04.18 08:55:24 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010.04.18 08:55:24 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010.04.18 08:55:24 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010.04.18 08:55:24 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010.04.18 08:55:24 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010.04.18 08:55:23 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010.04.18 08:55:23 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010.04.18 08:55:23 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010.04.18 08:55:23 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010.04.18 08:55:23 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010.04.18 08:55:23 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010.04.17 20:16:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010.04.17 20:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010.04.17 20:16:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010.04.17 20:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010.04.17 20:15:52 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010.04.17 20:15:52 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010.04.17 20:15:52 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010.04.17 20:15:52 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010.04.17 20:15:52 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010.04.17 20:15:52 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010.04.17 20:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010.04.17 17:54:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010.04.17 17:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vospunt\Local Settings\Data aplikací\ApplicationHistory
[2010.04.17 17:32:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010.04.17 17:25:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.04.23 17:19:42 | 002,097,152 | ---- | M] () -- C:\Documents and Settings\vospunt\NTUSER.DAT
[2010.04.23 17:17:08 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vospunt\Plocha\OTL.exe
[2010.04.23 17:14:01 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2010.04.23 16:33:40 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\vospunt\Plocha\Find Drivers with DriverAgent.lnk
[2010.04.23 16:33:39 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2010.04.23 16:27:00 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1580818891-839522115-1003UA.job
[2010.04.23 15:34:52 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\vospunt\Plocha\PHPEdit 3.6.2.lnk
[2010.04.23 15:08:44 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\vospunt\.recently-used.xbel
[2010.04.23 14:22:21 | 000,000,470 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A122EAD9-77E0-4E6D-B0DF-11D9A3F9205E}.job
[2010.04.23 10:36:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.23 10:35:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.23 10:35:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.23 10:33:36 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\vospunt\NTUSER.DAT_tureg_old
[2010.04.23 10:33:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\vospunt\ntuser.ini
[2010.04.23 09:51:27 | 001,045,986 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.23 09:51:27 | 000,440,882 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.23 09:51:27 | 000,437,300 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.04.23 09:51:27 | 000,082,660 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.04.23 09:51:27 | 000,071,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.23 08:04:51 | 005,363,766 | -H-- | M] () -- C:\Documents and Settings\vospunt\Local Settings\Data aplikací\IconCache.db
[2010.04.22 21:27:03 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1580818891-839522115-1003Core.job
[2010.04.22 15:27:05 | 004,055,489 | ---- | M] () -- C:\Documents and Settings\vospunt\Plocha\giuseppe ottaviani feat. faith - angel.mp31271942754_[mp3.teledyski.info].mp3
[2010.04.21 18:02:45 | 000,138,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.04.21 18:02:07 | 000,214,816 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010.04.20 19:09:55 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010.04.19 22:56:40 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.04.19 22:38:30 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010.04.19 22:38:15 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010.04.19 22:38:15 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010.04.19 22:38:15 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010.04.19 22:38:15 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010.04.19 22:38:15 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010.04.19 22:09:33 | 016,025,003 | ---- | M] () -- C:\Documents and Settings\vospunt\Plocha\WaterProof.PHPEdit.v3.6.2.10207.Multilingual.Cracked-NGEN.rar
[2010.04.19 22:08:47 | 016,030,054 | ---- | M] () -- C:\Documents and Settings\vospunt\Plocha\WATER_ PROOF_ V3.6.2.10207.rar
[2010.04.19 21:55:47 | 000,018,080 | ---- | M] () -- C:\Documents and Settings\vospunt\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.04.19 14:34:26 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\vospunt\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.19 03:01:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.04.18 18:51:39 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.04.18 18:50:59 | 000,118,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.18 18:29:34 | 000,250,576 | RHS- | M] () -- C:\ntldr
[2010.04.18 17:36:42 | 000,013,548 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2010.04.17 17:54:31 | 000,000,127 | ---- | M] () -- C:\Documents and Settings\vospunt\Local Settings\Data aplikací\fusioncache.dat
[2010.04.17 16:25:56 | 330,626,312 | ---- | M] () -- C:\Documents and Settings\vospunt\Plocha\MultiSim_10.1.rar
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.23 16:33:40 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\vospunt\Plocha\Find Drivers with DriverAgent.lnk
[2010.04.23 15:34:52 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\vospunt\Plocha\PHPEdit 3.6.2.lnk
[2010.04.23 15:08:44 | 000,001,504 | ---- | C] () -- C:\Documents and Settings\vospunt\.recently-used.xbel
[2010.04.23 10:34:57 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\vospunt\NTUSER.DAT_tureg_new.LOG
[2010.04.23 07:46:22 | 000,000,490 | ---- | C] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2010.04.22 15:23:41 | 004,055,489 | ---- | C] () -- C:\Documents and Settings\vospunt\Plocha\giuseppe ottaviani feat. faith - angel.mp31271942754_[mp3.teledyski.info].mp3
[2010.04.21 18:02:45 | 000,138,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.04.21 18:02:28 | 000,214,816 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010.04.21 18:02:07 | 000,214,816 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010.04.21 18:02:02 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010.04.19 22:56:40 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.04.19 22:08:21 | 016,025,003 | ---- | C] () -- C:\Documents and Settings\vospunt\Plocha\WaterProof.PHPEdit.v3.6.2.10207.Multilingual.Cracked-NGEN.rar
[2010.04.19 22:06:46 | 016,030,054 | ---- | C] () -- C:\Documents and Settings\vospunt\Plocha\WATER_ PROOF_ V3.6.2.10207.rar
[2010.04.18 19:25:32 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2010.04.18 17:36:42 | 000,013,548 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010.04.18 17:36:31 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010.04.18 08:55:52 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010.04.18 08:55:45 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010.04.18 08:55:24 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010.04.17 17:54:31 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\vospunt\Local Settings\Data aplikací\fusioncache.dat
[2010.04.17 15:56:01 | 330,626,312 | ---- | C] () -- C:\Documents and Settings\vospunt\Plocha\MultiSim_10.1.rar
[2010.04.14 11:11:01 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.04.13 06:19:11 | 000,025,025 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010.04.12 22:10:48 | 000,040,060 | ---- | C] () -- C:\WINDOWS\System32\drivers\ulink.sys
[2010.04.12 21:56:18 | 000,001,077 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2010.04.12 21:03:22 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2010.04.12 20:59:39 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2004.08.17 15:49:10 | 000,163,520 | RHS- | C] () -- C:\WINDOWS\System32\rqmlkdi.dll

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Google Update" = "C:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c -- [2010.04.12 21:21:59 | 000,172,528 | ---- | M] (Google Inc.)
"AlcoholAutomount" = "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount -- [2008.09.02 06:52:46 | 000,227,272 | ---- | M] (Alcohol Soft Development Team)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)
"" = C:\DOCUME~1\vospunt\LOCALS~1\Temp\msiecomm.exe -- [2010.04.17 05:10:30 | 000,421,376 | -H-- | M] (I8wI)

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.04.13 17:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vospunt\Data aplikací\Adobe
[2010.04.20 19:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vospunt\Data aplikací\CyberLink
[2010.04.13 19:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vospunt\Data aplikací\FileZilla
[2010.04.13 19:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vospunt\Data aplikací\gtk-2.0
[2010.04.12 20:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vospunt\Data aplikací\Identities
[2010.04.12 21:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vospunt\Data aplikací\Macromedia
[2010.04.22 22:36:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\vospunt\Data aplikací\Microsoft
[2010.04.12 23:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vospunt\Data aplikací\Mozilla
[2010.04.15 06:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vospunt\Data aplikací\OpenOffice.org
[2010.04.23 14:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vospunt\Data aplikací\Opera
[2010.04.19 22:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vospunt\Data aplikací\Real
[2010.04.12 21:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vospunt\Data aplikací\Sun
[2010.04.12 22:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vospunt\Data aplikací\Thunderbird
[2010.04.23 07:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vospunt\Data aplikací\TuneUp Software
[2010.04.15 18:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vospunt\Data aplikací\Uniblue
[2010.04.23 15:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vospunt\Data aplikací\WaterProof

< %APPDATA%\*.exe /s >
[2010.04.19 22:44:01 | 000,476,168 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\vospunt\Data aplikací\Real\Update\setup3.10\setup.exe

< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.04.18 18:25:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.04.18 18:25:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.04.18 18:25:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.04.18 18:25:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2007.06.13 15:11:59 | 001,070,080 | ---- | M] (Microsoft Corporation) MD5=2EBA0D64235C05B9E06A22516BEAC291 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 05:22:22 | 001,070,592 | ---- | M] (Microsoft Corporation) MD5=E5D09FF94F5C6D1AEC17B485D9FAAA46 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2010.04.18 18:25:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2010.04.18 18:25:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL

< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2010.04.18 18:25:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2010.04.18 18:25:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2010.04.18 18:25:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2010.04.18 18:25:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.25 16:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.03.12 22:50:26 | 000,008,704 | ---- | M] () MD5=83CB01B7C2798C76834C9C58922D5EEA -- C:\Documents and Settings\vospunt\Dokumenty\Programy\Portable\Photoshop\CSDATA\1000000600002i\svchost.exe
[2007.05.09 18:51:08 | 000,008,704 | ---- | M] () MD5=83CB01B7C2798C76834C9C58922D5EEA -- C:\Documents and Settings\vospunt\Dokumenty\Programy\Portable\portable photoshop\portable Adobe photoshop CS 3\CSDATA\1000000600002i\svchost.exe
[2001.08.24 20:00:00 | 000,036,352 | --S- | M] (Microsoft Corporation) MD5=9E3C13B6556D5636B745D3E466D47467 -- C:\WINDOWS\svchost.exe
[2008.03.14 18:33:04 | 000,008,704 | ---- | M] () MD5=B7CAC0B6A0DAA9F036B00D46C0D28783 -- C:\Documents and Settings\vospunt\Dokumenty\Programy\Portable\Photoshop\CSDATA\1000000800002i\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.21 16:09:02 | 000,163,520 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\rqmlkdi.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.04.14 11:11:01 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2010.04.12 22:26:51 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.04.12 22:26:51 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.04.12 22:26:51 | 000,479,232 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.21 16:09:02 | 000,163,520 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\rqmlkdi.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< %systemroot%\system32\drivers\*.sys /3 >
[2010.04.23 16:33:39 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\system32\drivers\DrvAgent32.sys
[2010.04.21 18:02:45 | 000,138,328 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys

< %systemroot%\system32\*.* /3 >
[2010.04.20 19:09:55 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msxml3a.dll
[2010.04.23 09:51:27 | 000,082,660 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2010.04.23 09:51:27 | 000,071,200 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010.04.23 09:51:27 | 000,437,300 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2010.04.23 09:51:27 | 000,440,882 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010.04.23 09:51:27 | 001,045,986 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010.04.21 18:02:02 | 000,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2010.04.21 18:02:07 | 000,214,816 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
[2010.04.21 18:02:07 | 000,214,816 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.xtr
[2010.04.23 10:36:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

vospunt · #4 Příspěvek od **vospunt** » 23 dub 2010 17:00

ComboFix 10-04-21.01 - vospunt 23.04.2010 17:50:45.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1736 [GMT 2:00]
Spuštěný z: c:\documents and settings\vospunt\Plocha\abraka.com
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\vospunt\LOCALS~1\Temp\install_flash_player.exe
c:\docume~1\vospunt\LOCALS~1\Temp\msiecomm.exe
c:\windows\svchost.exe
c:\windows\system32\rqmlkdi.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ADWEPGBFE
-------\Legacy_POWERMANAGER
-------\Service_adwepgbfe
-------\Service_PowerManager

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-23 do 2010-04-23 )))))))))))))))))))))))))))))))
.

2010-04-23 14:33 . 2010-04-23 14:33 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-04-23 12:58 . 2010-04-23 12:58 -------- d-----w- c:\program files\Opera
2010-04-23 05:47 . 2010-04-23 05:47 -------- d--h--w- c:\windows\PIF
2010-04-23 05:46 . 2009-10-30 13:31 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2010-04-23 05:46 . 2009-10-30 13:24 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-04-23 05:45 . 2010-04-23 05:46 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-04-21 19:33 . 2010-04-21 19:33 -------- d-----w- c:\program files\DAMN NFO Viewer
2010-04-21 16:02 . 2010-04-21 16:02 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-21 16:02 . 2010-04-21 16:02 214816 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-21 16:02 . 2010-04-21 16:02 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-04-20 17:11 . 2010-04-20 17:11 -------- d-----w- c:\program files\Common Files\CyberLink
2010-04-20 17:10 . 2010-04-20 17:11 -------- d-----w- c:\program files\CyberLink
2010-04-20 17:10 . 2010-04-20 17:09 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-04-19 20:57 . 2010-04-19 20:57 -------- d-----w- c:\program files\QuickTime
2010-04-19 20:56 . 2010-04-19 20:56 -------- d-----w- c:\program files\Common Files\Apple
2010-04-19 20:56 . 2010-04-19 20:56 -------- d-----w- c:\program files\Apple Software Update
2010-04-19 20:38 . 2010-04-19 20:38 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-19 20:38 . 2010-04-19 20:38 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-19 20:38 . 2010-04-19 20:38 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-19 20:38 . 2010-04-19 20:38 -------- d-----w- c:\program files\Common Files\Real
2010-04-19 20:38 . 2010-04-19 20:38 -------- d-----w- c:\program files\Real
2010-04-18 17:25 . 2003-06-25 14:05 302712 ----a-w- c:\windows\system32\TweakUI.exe
2010-04-18 17:23 . 2010-04-18 17:23 -------- d-----w- c:\windows\Downloaded Installations
2010-04-18 16:34 . 2010-04-18 16:34 -------- d-----w- c:\windows\system32\cs
2010-04-18 16:34 . 2010-04-18 16:34 -------- d-----w- c:\windows\system32\bits
2010-04-18 16:34 . 2010-04-18 16:34 -------- d-----w- c:\windows\l2schemas
2010-04-18 15:36 . 2004-04-27 07:26 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-04-18 07:05 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-17 18:16 . 2010-04-17 18:16 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-17 18:16 . 2010-04-17 18:16 -------- d-----w- c:\program files\MSBuild
2010-04-17 18:16 . 2010-04-17 18:16 -------- d-----w- c:\program files\Reference Assemblies
2010-04-17 18:16 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-17 18:15 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-17 18:15 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-17 18:15 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-17 18:15 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-17 18:15 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-17 18:15 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-17 18:15 . 2008-07-06 10:50 633856 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-17 18:15 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-17 18:13 . 2010-04-17 18:13 -------- d-----w- c:\program files\MSXML 6.0
2010-04-17 15:54 . 2010-04-17 15:54 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-17 15:32 . 2010-04-17 15:32 -------- d-----w- c:\windows\system32\URTTEMP
2010-04-15 16:43 . 2010-04-15 16:43 -------- d-----w- c:\program files\phenomedia
2010-04-15 04:38 . 2010-04-15 04:38 -------- d-----w- c:\program files\OpenOffice.org 3
2010-04-14 09:19 . 2010-04-14 09:19 -------- d-----w- c:\program files\Common Files\DirectX
2010-04-14 09:14 . 2010-04-14 09:14 -------- d-----w- c:\program files\EA GAMES
2010-04-14 09:12 . 2010-04-14 09:12 -------- d-----w- c:\program files\Alcohol Soft
2010-04-14 09:11 . 2010-04-14 09:11 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-13 16:24 . 2010-04-13 16:24 -------- d-----w- c:\program files\FileZilla FTP Client
2010-04-13 16:08 . 2010-04-13 16:08 -------- d-sh--w- c:\documents and settings\vospunt\PrivacIE
2010-04-13 16:08 . 2010-04-13 16:08 -------- d-sh--w- c:\documents and settings\vospunt\IECompatCache
2010-04-13 16:06 . 2010-04-13 16:06 -------- d-----w- c:\documents and settings\vospunt\.thumbnails
2010-04-13 15:57 . 2010-04-23 13:08 -------- d-----w- c:\documents and settings\vospunt\.gimp-2.6
2010-04-13 15:57 . 2010-04-13 15:57 -------- d-----w- c:\documents and settings\vospunt\.gegl-0.0
2010-04-13 15:49 . 2010-04-13 15:49 -------- d-----w- c:\program files\GIMP-2.0
2010-04-13 15:10 . 2010-04-13 15:10 -------- d-----w- c:\program files\7-Zip
2010-04-13 14:52 . 2010-04-13 14:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-13 12:06 . 2010-04-13 12:06 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-13 12:06 . 2010-04-13 12:06 -------- d-sh--w- c:\documents and settings\vospunt\IETldCache
2010-04-13 12:02 . 2010-02-25 06:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-13 12:02 . 2010-02-25 09:48 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-04-13 12:02 . 2010-02-25 06:18 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-04-13 12:02 . 2010-02-25 06:18 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-04-13 12:02 . 2010-02-25 06:18 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-04-13 12:02 . 2010-02-25 06:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-13 12:02 . 2010-04-17 15:55 -------- d-----w- c:\windows\ie8updates
2010-04-13 12:02 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-13 12:00 . 2010-04-18 16:34 -------- d-----w- c:\windows\system32\cs-CZ
2010-04-13 12:00 . 2010-04-13 12:01 -------- dc-h--w- c:\windows\ie8
2010-04-13 11:57 . 2004-08-17 13:49 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-04-13 11:56 . 2010-04-18 16:32 -------- d-----w- c:\windows\ServicePackFiles
2010-04-12 22:52 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-04-12 22:51 . 2010-02-12 10:03 329728 ------w- c:\windows\system32\browserchoice.exe
2010-04-12 22:51 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-12 22:51 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2010-04-12 22:51 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-12 22:47 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 14:51 . 2010-04-12 20:45 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-23 07:51 . 2001-10-25 14:00 82660 ----a-w- c:\windows\system32\perfc005.dat
2010-04-23 07:51 . 2001-10-25 14:00 437300 ----a-w- c:\windows\system32\perfh005.dat
2010-04-20 17:11 . 2010-04-12 18:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-18 16:36 . 2010-04-12 18:37 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-04-18 16:36 . 2010-04-12 18:37 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-12 20:43 . 2010-04-12 19:25 -------- d-----w- c:\program files\Miranda IM
2010-04-12 20:10 . 2010-04-12 20:10 -------- d-----w- c:\program files\SuperLink
2010-04-12 19:53 . 2010-04-12 19:41 -------- d-----w- c:\program files\Java
2010-04-12 19:50 . 2010-04-12 19:50 -------- d-----w- c:\program files\WaterProof
2010-04-12 19:41 . 2010-04-12 19:41 410984 ----a-w- c:\windows\system32\deploytk.dll
2010-04-12 19:39 . 2010-04-12 19:39 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-04-12 19:39 . 2010-04-12 19:39 773632 ----a-w- c:\windows\iun6002.exe
2010-04-12 19:28 . 2010-04-12 18:38 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-04-12 19:04 . 2010-04-12 18:58 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-12 19:03 . 2010-04-12 19:03 -------- d-----w- c:\program files\Marvell
2010-04-12 18:58 . 2010-04-12 18:58 -------- d-----w- c:\program files\Realtek
2010-04-12 18:53 . 2010-04-12 18:53 -------- d-----w- c:\program files\Intel
2010-04-12 18:38 . 2010-04-12 18:38 -------- d-----w- c:\program files\microsoft frontpage
2010-04-12 18:35 . 2010-04-12 18:35 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:17 . 2004-08-17 13:49 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-03 21:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:09 . 2004-08-17 13:45 2192128 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2004-08-17 15:45 2068992 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\vospunt\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-04-12 136176]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-02 226248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-19 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-03-13 75048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WaterProof\\PHPEdit\\3.4.6\\PHPEdit.exe"=
"c:\\Documents and Settings\\vospunt\\Plocha\\HRY\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\WaterProof\\PHPEdit\\3.6.2\\DBGpProxy.exe"=
"c:\\Program Files\\WaterProof\\PHPEdit\\3.6.2\\PHPEdit.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2312:TCP"= 2312:TCP:pjagtb

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.4.2010 11:11 717296]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/20 19:11];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [13.3.2010 12:58 87536]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:28 1021256]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S2 PowerManager;Power Manager;c:\windows\svchost.exe --> c:\windows\svchost.exe [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [23.4.2010 16:33 23456]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [12.4.2010 22:10 40060]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - POWERMANAGER

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\active setup\installed components]
c:\docume~1\vospunt\LOCALS~1\Temp\msiecomm.exe [BU]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-04-23 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 13:35]

2010-04-23 c:\windows\Tasks\User_Feed_Synchronization-{A122EAD9-77E0-4E6D-B0DF-11D9A3F9205E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
.
.
------- Asociace souborů -------
.
.txt=PHPEditFile.PlainText
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

ActiveSetup-installed components - c:\docume~1\vospunt\LOCALS~1\Temp\msiecomm.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-23 17:55
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spdb.sys >>UNKNOWN [0x89BB7938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf7496cb8
\Driver\atapi -> atapi.sys @ 0xf7a40b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Bluetooth Device (Personal Area Network) -> SendCompleteHandler -> NDIS.sys @ 0xf7b23bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7b12a0d
SendHandler -> NDIS.sys @ 0xf7b26b40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2040)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\documents and settings\vospunt\Local Settings\Data aplikací\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\windows\system32\wdfmgr.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Celkový čas: 2010-04-23 17:58:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-23 15:58

Před spuštěním: Volných bajtů: 137 096 986 624
Po spuštění: Volných bajtů: 137 192 189 952

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - DBD25E8FA58D09544C5F51A363EE7B37

vospunt · #5 Příspěvek od **vospunt** » 23 dub 2010 17:58

program dělá pořád to samý ... ted mám ten scan , za 30 min co scanuje našel 3 infikované objekty ...

jak bych měl vyčistit ten PC říkáš chaos tak prosím čím, jak

no žádný jiný větší problém nemám jen že když jsem si nainstaloval ovladače na touchpad tak mi po chvíli přestal jít úplně ... po odinstalování to funguje ...

vospunt · #6 Příspěvek od **vospunt** » 23 dub 2010 18:31

mám originál CD k notebooku Fujitsu siemens a z něj jsem instaloval ovladače na grafiku zvukovku desku chipset síťovku ... je tam i tento na touchpad jestli chceš tak ti ho uploaduju ale myslím že to bug verze nebude když je na ORIGO CD určený k tomuto Notebooku

Fujitsu siemens amilo pro V3505

vospunt · #7 Příspěvek od **vospunt** » 23 dub 2010 18:32

ted zkončila kontrola .... 5 infikovaných :

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 4026

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.4.2010 19:31:50
mbam-log-2010-04-23 (19-31-50).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 205035
Uplynulý čas: 1 hodina(y), 3 minuta(y), 2 sekunda(y)

Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 4

Infikované procesy v paměti:
C:\WINDOWS\svchost.exe (Trojan.Agent) -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\vospunt\Dokumenty\Programy\TuneUp_Utilities_2010_9.0.2000.17_F_www.dl4all.com\Keygen\keygen.exe (Trojan.Agent.CK) -> No action taken.
C:\Documents and Settings\vospunt\Dokumenty\Programy\Portable\Port_SpyDoc_v4.exe (Malware.Packer) -> No action taken.
C:\Documents and Settings\vospunt\Dokumenty\Programy\Portable\portable photoshop\Portable Adobe Photoshop 7\PortablePhotoshop7\Photoshop\Shfolder.dll (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\svchost.exe (Trojan.Agent) -> No action taken.

vospunt · #8 Příspěvek od **vospunt** » 23 dub 2010 18:41

ok phpedit tuhle verzi mám : http://www.phpedit.com/en/download/vers ... -3.x/3.6.2
ani starší verze mi nejde : http://www.phpedit.com/en/download/vers ... -3.x/3.4.6

omluva ne 3.6.4 ale 3.6.2

vospunt · #9 Příspěvek od **vospunt** » 23 dub 2010 18:53

tak .. po restartu mi vyskočilo okno s hláškou že Generic host process for win32 services přestal pracovat a klikám neodesílat jako tu chybu na web .... už vím co mám ještě za problém ... update windows od microsoftu ... když chci nainstalovat asi posledních 20 nabízených aktualizací update.exe spadne a ta samá tabulka tak pro ten generic host ... klikám neodesílat a aktualizace se nenainstalují .... jinak log našel další soubor ...

a předtím při odstraňování napsal že ho oddělal .... :

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 4026

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.4.2010 19:52:41
mbam-log-2010-04-23 (19-52-41).txt

Typ skenu: Rychlý sken
Skenované objekty: 102338
Uplynulý čas: 4 minuta(y), 43 sekunda(y)

Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
C:\WINDOWS\svchost.exe (Trojan.Agent) -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\powermanager (Trojan.Agent) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\WINDOWS\svchost.exe (Trojan.Agent) -> No action taken.

vospunt · #10 Příspěvek od **vospunt** » 23 dub 2010 20:25

COMBOFIX log :

ComboFix 10-04-21.01 - vospunt 23.04.2010 21:13:24.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1730 [GMT 2:00]
Spuštěný z: c:\documents and settings\vospunt\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\vospunt\Plocha\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\svchost.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRVAGENT32
-------\Legacy_POWERMANAGER
-------\Service_DrvAgent32
-------\Service_PowerManager

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-23 do 2010-04-23 )))))))))))))))))))))))))))))))
.

2010-04-23 16:45 . 2004-12-02 23:26 188416 ------w- c:\windows\system32\PDRVINST.DLL
2010-04-23 16:45 . 2003-07-02 23:08 65536 ------w- c:\windows\system32\BRWEBUP.EXE
2010-04-23 16:45 . 2002-10-30 23:09 81920 ------w- c:\windows\system32\BrWebIns.dll
2010-04-23 16:45 . 2010-04-23 16:45 -------- d-----w- C:\Brother
2010-04-23 16:45 . 2004-12-10 14:35 147456 ------w- c:\windows\brunin03.dll
2010-04-23 16:42 . 2010-04-23 16:42 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-04-23 16:42 . 2010-04-23 16:42 -------- d-----w- c:\program files\ScanSoft
2010-04-23 16:11 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-23 16:11 . 2010-04-23 16:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-23 16:11 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 14:33 . 2010-04-23 14:33 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-04-23 12:58 . 2010-04-23 12:58 -------- d-----w- c:\program files\Opera
2010-04-23 05:47 . 2010-04-23 05:47 -------- d--h--w- c:\windows\PIF
2010-04-23 05:46 . 2009-10-30 13:31 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2010-04-23 05:46 . 2009-10-30 13:24 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-04-23 05:45 . 2010-04-23 05:46 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-04-21 19:33 . 2010-04-21 19:33 -------- d-----w- c:\program files\DAMN NFO Viewer
2010-04-21 16:02 . 2010-04-21 16:02 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-21 16:02 . 2010-04-21 16:02 214816 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-21 16:02 . 2010-04-21 16:02 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-04-20 17:11 . 2010-04-20 17:11 -------- d-----w- c:\program files\Common Files\CyberLink
2010-04-20 17:10 . 2010-04-20 17:11 -------- d-----w- c:\program files\CyberLink
2010-04-20 17:10 . 2010-04-20 17:09 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-04-19 20:57 . 2010-04-19 20:57 -------- d-----w- c:\program files\QuickTime
2010-04-19 20:56 . 2010-04-19 20:56 -------- d-----w- c:\program files\Common Files\Apple
2010-04-19 20:56 . 2010-04-19 20:56 -------- d-----w- c:\program files\Apple Software Update
2010-04-19 20:38 . 2010-04-19 20:38 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-19 20:38 . 2010-04-19 20:38 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-19 20:38 . 2010-04-19 20:38 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-19 20:38 . 2010-04-19 20:38 -------- d-----w- c:\program files\Common Files\Real
2010-04-19 20:38 . 2010-04-19 20:38 -------- d-----w- c:\program files\Real
2010-04-18 17:25 . 2003-06-25 14:05 302712 ----a-w- c:\windows\system32\TweakUI.exe
2010-04-18 17:23 . 2010-04-18 17:23 -------- d-----w- c:\windows\Downloaded Installations
2010-04-18 16:34 . 2010-04-18 16:34 -------- d-----w- c:\windows\system32\cs
2010-04-18 16:34 . 2010-04-18 16:34 -------- d-----w- c:\windows\system32\bits
2010-04-18 16:34 . 2010-04-18 16:34 -------- d-----w- c:\windows\l2schemas
2010-04-18 15:36 . 2004-04-27 07:26 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-04-18 07:05 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-17 18:16 . 2010-04-17 18:16 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-17 18:16 . 2010-04-17 18:16 -------- d-----w- c:\program files\MSBuild
2010-04-17 18:16 . 2010-04-17 18:16 -------- d-----w- c:\program files\Reference Assemblies
2010-04-17 18:16 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-17 18:15 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-17 18:15 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-17 18:15 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-17 18:15 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-17 18:15 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-17 18:15 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-17 18:15 . 2008-07-06 10:50 633856 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-17 18:15 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-17 18:13 . 2010-04-17 18:13 -------- d-----w- c:\program files\MSXML 6.0
2010-04-17 15:54 . 2010-04-17 15:54 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-17 15:32 . 2010-04-17 15:32 -------- d-----w- c:\windows\system32\URTTEMP
2010-04-15 16:43 . 2010-04-15 16:43 -------- d-----w- c:\program files\phenomedia
2010-04-15 04:38 . 2010-04-15 04:38 -------- d-----w- c:\program files\OpenOffice.org 3
2010-04-14 09:19 . 2010-04-14 09:19 -------- d-----w- c:\program files\Common Files\DirectX
2010-04-14 09:14 . 2010-04-14 09:14 -------- d-----w- c:\program files\EA GAMES
2010-04-14 09:12 . 2010-04-14 09:12 -------- d-----w- c:\program files\Alcohol Soft
2010-04-14 09:11 . 2010-04-14 09:11 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-13 16:24 . 2010-04-13 16:24 -------- d-----w- c:\program files\FileZilla FTP Client
2010-04-13 16:08 . 2010-04-13 16:08 -------- d-sh--w- c:\documents and settings\vospunt\PrivacIE
2010-04-13 16:08 . 2010-04-13 16:08 -------- d-sh--w- c:\documents and settings\vospunt\IECompatCache
2010-04-13 16:06 . 2010-04-13 16:06 -------- d-----w- c:\documents and settings\vospunt\.thumbnails
2010-04-13 15:57 . 2010-04-23 13:08 -------- d-----w- c:\documents and settings\vospunt\.gimp-2.6
2010-04-13 15:57 . 2010-04-13 15:57 -------- d-----w- c:\documents and settings\vospunt\.gegl-0.0
2010-04-13 15:49 . 2010-04-13 15:49 -------- d-----w- c:\program files\GIMP-2.0
2010-04-13 15:10 . 2010-04-13 15:10 -------- d-----w- c:\program files\7-Zip
2010-04-13 14:52 . 2010-04-13 14:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-13 12:06 . 2010-04-13 12:06 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-13 12:06 . 2010-04-13 12:06 -------- d-sh--w- c:\documents and settings\vospunt\IETldCache
2010-04-13 12:02 . 2010-02-25 06:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-13 12:02 . 2010-02-25 09:48 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-04-13 12:02 . 2010-02-25 06:18 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-04-13 12:02 . 2010-02-25 06:18 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-04-13 12:02 . 2010-02-25 06:18 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-04-13 12:02 . 2010-02-25 06:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-13 12:02 . 2010-04-17 15:55 -------- d-----w- c:\windows\ie8updates
2010-04-13 12:02 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-13 12:00 . 2010-04-18 16:34 -------- d-----w- c:\windows\system32\cs-CZ
2010-04-13 12:00 . 2010-04-13 12:01 -------- dc-h--w- c:\windows\ie8
2010-04-13 11:57 . 2004-08-17 13:49 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-04-13 11:56 . 2010-04-18 16:32 -------- d-----w- c:\windows\ServicePackFiles
2010-04-12 22:52 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-04-12 22:51 . 2010-02-12 10:03 329728 ------w- c:\windows\system32\browserchoice.exe
2010-04-12 22:51 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-12 22:51 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2010-04-12 22:51 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-12 22:47 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 18:28 . 2010-04-12 20:45 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-23 16:46 . 2010-04-23 16:46 50 ----a-w- c:\windows\system32\bridf05a.dat
2010-04-23 16:46 . 2010-04-23 16:45 -------- d-----w- c:\program files\Brother
2010-04-23 16:45 . 2010-04-12 18:58 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-23 16:45 . 2010-04-12 18:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-23 07:51 . 2001-10-25 14:00 82660 ----a-w- c:\windows\system32\perfc005.dat
2010-04-23 07:51 . 2001-10-25 14:00 437300 ----a-w- c:\windows\system32\perfh005.dat
2010-04-18 16:36 . 2010-04-12 18:37 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-04-18 16:36 . 2010-04-12 18:37 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-12 20:43 . 2010-04-12 19:25 -------- d-----w- c:\program files\Miranda IM
2010-04-12 20:10 . 2010-04-12 20:10 -------- d-----w- c:\program files\SuperLink
2010-04-12 19:53 . 2010-04-12 19:41 -------- d-----w- c:\program files\Java
2010-04-12 19:50 . 2010-04-12 19:50 -------- d-----w- c:\program files\WaterProof
2010-04-12 19:41 . 2010-04-12 19:41 410984 ----a-w- c:\windows\system32\deploytk.dll
2010-04-12 19:39 . 2010-04-12 19:39 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-04-12 19:39 . 2010-04-12 19:39 773632 ----a-w- c:\windows\iun6002.exe
2010-04-12 19:28 . 2010-04-12 18:38 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-04-12 19:03 . 2010-04-12 19:03 -------- d-----w- c:\program files\Marvell
2010-04-12 18:58 . 2010-04-12 18:58 -------- d-----w- c:\program files\Realtek
2010-04-12 18:53 . 2010-04-12 18:53 -------- d-----w- c:\program files\Intel
2010-04-12 18:38 . 2010-04-12 18:38 -------- d-----w- c:\program files\microsoft frontpage
2010-04-12 18:35 . 2010-04-12 18:35 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:17 . 2004-08-17 13:49 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-03 21:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:09 . 2004-08-17 13:45 2192128 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2004-08-17 15:45 2068992 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:35 . 2004-08-17 13:49 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-03 21:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-04-23_15.54.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-23 16:45 . 2004-10-06 07:40 90112 c:\windows\twain_32\BrMfSc07\Lang\BrTwdUsa.dll
+ 2010-04-23 16:45 . 2004-10-06 07:40 90112 c:\windows\twain_32\BrMfSc07\Lang\BrTwdSwe.dll
+ 2010-04-23 16:45 . 2004-10-06 08:16 94208 c:\windows\twain_32\BrMfSc07\Lang\BrTwdSpa.dll
+ 2010-04-23 16:45 . 2004-10-06 07:40 94208 c:\windows\twain_32\BrMfSc07\Lang\BrTwdPor.dll
+ 2010-04-23 16:45 . 2004-10-06 07:40 90112 c:\windows\twain_32\BrMfSc07\Lang\BrTwdNor.dll
+ 2010-04-23 16:45 . 2005-03-03 07:35 73728 c:\windows\twain_32\BrMfSc07\Lang\BrTwdJpn.dll
+ 2010-04-23 16:45 . 2004-10-06 07:40 94208 c:\windows\twain_32\BrMfSc07\Lang\BrTwdIta.dll
+ 2010-04-23 16:45 . 2004-11-16 08:32 73728 c:\windows\twain_32\BrMfSc07\Lang\BrTwdChn.dll
+ 2010-04-23 16:45 . 2004-10-06 07:40 94208 c:\windows\twain_32\BrMfSc07\Lang\BrTwdGer.dll
+ 2010-04-23 16:45 . 2004-10-06 07:40 94208 c:\windows\twain_32\BrMfSc07\Lang\BrTwdFre.dll
+ 2010-04-23 16:45 . 2004-10-06 07:40 90112 c:\windows\twain_32\BrMfSc07\Lang\BrTwdEng.dll
+ 2010-04-23 16:45 . 2004-10-06 07:40 90112 c:\windows\twain_32\BrMfSc07\Lang\BrTwdDut.dll
+ 2010-04-23 16:45 . 2004-10-06 07:40 90112 c:\windows\twain_32\BrMfSc07\Lang\BrTwdDan.dll
+ 2010-04-23 16:45 . 2004-08-16 13:49 49152 c:\windows\twain_32\BrMfSc07\Common\BrStiIf.dll
+ 2010-04-23 16:45 . 2004-10-15 15:35 77824 c:\windows\twain_32\BrMfSc07\Common\BrScnDev.dll
+ 2004-08-17 13:49 . 2009-06-25 08:27 54272 c:\windows\system32\wdigest.dll
+ 2001-11-20 12:37 . 2001-11-20 12:37 47616 c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll
+ 2010-04-23 16:45 . 2004-02-08 22:00 26285 c:\windows\system32\spool\prtprocs\w32x86\brmfpp1.dll
+ 2001-11-20 12:55 . 2001-11-20 12:55 57344 c:\windows\system32\spool\drivers\w32x86\pport_res.dll
+ 2002-03-04 08:16 . 2002-03-04 08:16 56320 c:\windows\system32\spool\drivers\w32x86\ppbiUif.dll
+ 2002-03-04 08:16 . 2002-03-04 08:16 51712 c:\windows\system32\spool\drivers\w32x86\ppbiNT.dll
+ 2002-03-04 08:16 . 2002-03-04 08:16 56320 c:\windows\system32\spool\drivers\w32x86\2\ppbiUif.dll
+ 2002-03-04 08:16 . 2002-03-04 08:16 51712 c:\windows\system32\spool\drivers\w32x86\2\ppbiNT.dll
- 2004-08-17 13:49 . 2009-02-03 19:58 56832 c:\windows\system32\secur32.dll
+ 2004-08-17 13:49 . 2009-06-25 08:27 56832 c:\windows\system32\secur32.dll
+ 2004-08-17 13:49 . 2009-10-12 13:40 79872 c:\windows\system32\raschap.dll
- 2004-08-17 13:49 . 2008-04-14 03:21 79872 c:\windows\system32\raschap.dll
+ 2001-11-20 12:55 . 2001-11-20 12:55 57344 c:\windows\system32\pport_res.dll
- 2010-04-12 18:34 . 2008-04-14 03:21 91648 c:\windows\system32\mtxoci.dll
+ 2010-04-12 18:34 . 2008-06-12 14:24 91648 c:\windows\system32\mtxoci.dll
- 2004-08-17 13:49 . 2008-04-14 03:21 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-17 13:49 . 2008-06-12 14:24 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-17 15:49 . 2009-11-27 17:14 17920 c:\windows\system32\msyuv.dll
+ 2001-10-25 14:00 . 2009-11-27 16:09 28672 c:\windows\system32\msvidc32.dll
+ 2004-08-17 13:49 . 2009-11-27 16:09 11264 c:\windows\system32\msrle32.dll
- 2004-08-17 13:49 . 2008-04-14 03:21 11264 c:\windows\system32\msrle32.dll
+ 2010-04-12 18:34 . 2008-06-12 14:24 58880 c:\windows\system32\msdtclog.dll
- 2010-04-12 18:34 . 2008-04-14 03:21 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-17 13:49 . 2009-09-04 21:05 58880 c:\windows\system32\msasn1.dll
+ 2004-08-17 15:49 . 2009-11-27 16:09 48128 c:\windows\system32\iyuv_32.dll
+ 2010-04-23 16:46 . 2008-04-13 18:47 25856 c:\windows\system32\drivers\usbprint.sys
+ 2004-08-03 20:59 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2010-04-23 16:45 . 2004-10-15 10:50 15295 c:\windows\system32\drivers\BrScnUsb.sys
+ 2009-06-25 08:27 . 2009-06-25 08:27 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2010-04-23 16:46 . 2008-04-13 18:47 25856 c:\windows\system32\dllcache\usbprint.sys
- 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-02-03 19:58 . 2009-06-25 08:27 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-10-12 13:40 . 2009-10-12 13:40 79872 c:\windows\system32\dllcache\raschap.dll
+ 2008-06-12 14:24 . 2008-06-12 14:24 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:24 . 2008-06-12 14:24 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-11-27 17:14 . 2009-11-27 17:14 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2001-10-25 14:00 . 2009-11-27 16:09 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2008-06-12 14:24 . 2008-06-12 14:24 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2009-09-04 21:05 . 2009-09-04 21:05 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2009-11-27 16:09 . 2009-11-27 16:09 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:04 . 2009-07-17 19:04 58880 c:\windows\system32\dllcache\atl.dll
+ 2004-08-17 13:49 . 2009-12-14 07:10 33280 c:\windows\system32\csrsrv.dll
+ 2010-04-23 16:45 . 2005-03-02 11:14 37888 c:\windows\system32\BrUSi05a.dll
+ 2010-04-23 16:45 . 2002-04-11 22:00 57344 c:\windows\system32\brsvc01a.exe
+ 2010-04-23 16:45 . 2001-12-12 22:01 45056 c:\windows\system32\brss01a.exe
+ 2010-04-23 16:45 . 2005-05-09 09:38 52224 c:\windows\system32\brinsstr.dll
- 2004-08-17 13:49 . 2008-04-14 03:21 84992 c:\windows\system32\avifil32.dll
+ 2004-08-17 13:49 . 2009-11-27 16:09 84992 c:\windows\system32\avifil32.dll
- 2004-08-17 13:49 . 2008-04-14 03:21 58880 c:\windows\system32\atl.dll
+ 2004-08-17 13:49 . 2009-07-17 19:04 58880 c:\windows\system32\atl.dll
+ 2010-04-23 16:42 . 2010-04-23 16:42 45056 c:\windows\Installer\{A17EABB6-D0C6-44E5-820C-72DC7F495064}\PaperPort.exe
+ 2010-04-23 16:42 . 2010-04-23 16:42 45056 c:\windows\Installer\{A17EABB6-D0C6-44E5-820C-72DC7F495064}\PageViewer.exe
+ 2009-11-27 17:14 . 2009-11-27 17:14 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2002-07-25 15:13 . 2002-07-25 15:13 24576 c:\windows\Downloaded Program Files\dwusplay.dll
+ 2001-10-24 12:25 . 2009-11-27 16:09 8704 c:\windows\system32\tsbyuv.dll
+ 2010-04-23 16:45 . 2005-04-12 23:00 7168 c:\windows\system32\spool\drivers\w32x86\3\Brlfx05a.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2010-04-23 16:42 . 2010-04-23 16:42 4710 c:\windows\Installer\{A17EABB6-D0C6-44E5-820C-72DC7F495064}\ARPPRODUCTICON.exe
+ 2009-11-27 16:09 . 2009-11-27 16:09 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2010-04-23 16:45 . 2004-10-28 07:35 131072 c:\windows\twain_32\BrMfSc07\Common\BrTwdsUi.dll
+ 2010-04-23 16:45 . 2004-12-07 16:28 180224 c:\windows\twain_32\BrMfSc07\Common\BrTwdScn.dll
+ 2010-04-23 16:45 . 2004-10-28 07:35 131072 c:\windows\twain_32\BrMfSc07\Common\BrTwds.dll
- 2004-08-17 13:49 . 2008-04-14 03:22 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-17 13:49 . 2009-06-10 06:16 132096 c:\windows\system32\wkssvc.dll
- 2004-08-17 13:49 . 2008-04-14 03:22 354304 c:\windows\system32\winhttp.dll
+ 2004-08-17 13:49 . 2008-12-16 12:32 354304 c:\windows\system32\winhttp.dll
+ 2000-01-05 11:52 . 2000-01-05 11:52 722192 c:\windows\system32\Vb40032.dll
+ 2001-11-20 12:38 . 2001-11-20 12:38 229888 c:\windows\system32\Tiff32.dll
+ 2010-04-23 16:45 . 2002-06-29 01:01 100864 c:\windows\system32\spool\drivers\w32x86\brotherdcp_115c3509\brqikmon.exe
+ 2010-04-23 16:45 . 2005-04-28 17:40 996104 c:\windows\system32\spool\drivers\w32x86\brotherdcp_115c3509\briu05a.dll
+ 2010-04-23 16:45 . 2005-04-28 17:42 118784 c:\windows\system32\spool\drivers\w32x86\brotherdcp_115c3509\bril05a.dll
+ 2010-04-23 16:45 . 2002-06-29 01:01 100864 c:\windows\system32\spool\drivers\w32x86\3\brqikmon.exe
+ 2010-04-23 16:45 . 2005-04-28 17:40 996104 c:\windows\system32\spool\drivers\w32x86\3\briu05a.dll
+ 2010-04-23 16:45 . 2005-04-28 17:42 118784 c:\windows\system32\spool\drivers\w32x86\3\bril05a.dll
+ 2004-08-17 13:49 . 2009-06-25 08:27 147456 c:\windows\system32\schannel.dll
- 2004-08-17 13:49 . 2008-04-14 03:21 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-17 13:49 . 2009-12-08 09:25 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-17 13:49 . 2009-04-15 14:54 585216 c:\windows\system32\rpcrt4.dll
+ 2004-08-17 13:49 . 2009-10-12 13:40 150016 c:\windows\system32\rastls.dll
+ 2001-11-20 13:09 . 2001-11-20 13:09 155648 c:\windows\system32\ppremove.dll
+ 2004-08-17 13:49 . 2009-10-13 10:34 271360 c:\windows\system32\oakley.dll
- 2004-08-17 13:49 . 2008-04-14 03:21 271360 c:\windows\system32\oakley.dll
- 2004-08-17 13:49 . 2008-04-14 03:21 247296 c:\windows\system32\mswsock.dll
+ 2004-08-17 13:49 . 2008-06-20 17:49 247296 c:\windows\system32\mswsock.dll
+ 2004-08-17 13:49 . 2009-08-05 09:01 205312 c:\windows\system32\mswebdvd.dll
+ 2004-08-17 13:49 . 2009-09-11 14:19 136192 c:\windows\system32\msv1_0.dll
- 2010-04-12 18:34 . 2008-04-14 03:22 343552 c:\windows\system32\mspaint.exe
+ 2010-04-12 18:34 . 2009-12-17 07:42 343552 c:\windows\system32\mspaint.exe
+ 2010-04-12 18:34 . 2008-06-12 14:24 161792 c:\windows\system32\msdtcuiu.dll
- 2010-04-12 18:34 . 2008-04-14 03:21 161792 c:\windows\system32\msdtcuiu.dll
+ 2010-04-12 18:34 . 2008-06-12 14:24 956928 c:\windows\system32\msdtctm.dll
- 2010-04-12 18:34 . 2008-04-14 03:21 956928 c:\windows\system32\msdtctm.dll
+ 2010-04-12 18:34 . 2008-06-12 14:24 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-17 13:49 . 2009-06-25 08:27 729088 c:\windows\system32\lsasrv.dll
+ 2004-08-17 13:49 . 2009-05-07 15:33 346624 c:\windows\system32\localspl.dll
+ 2004-08-17 13:49 . 2009-06-25 08:27 301568 c:\windows\system32\kerberos.dll
+ 2002-03-04 08:16 . 2002-03-04 08:16 110592 c:\windows\system32\Jpeg32.dll
+ 2004-08-17 13:49 . 2008-10-23 12:42 286720 c:\windows\system32\gdi32.dll
- 2010-04-12 20:27 . 2010-04-18 16:50 118952 c:\windows\system32\FNTCACHE.DAT
+ 2010-04-12 20:27 . 2010-04-23 19:00 118952 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-17 13:49 . 2008-07-07 20:29 253952 c:\windows\system32\es.dll
+ 2004-08-03 21:14 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
+ 2004-08-17 13:49 . 2008-06-20 17:49 147968 c:\windows\system32\dnsapi.dll
- 2004-08-17 13:49 . 2008-04-14 03:21 147968 c:\windows\system32\dnsapi.dll
+ 2010-04-12 18:34 . 2008-04-21 21:15 216576 c:\windows\system32\dllcache\wordpad.exe
+ 2009-06-10 06:16 . 2009-06-10 06:16 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2008-12-16 12:32 . 2008-12-16 12:32 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-06-20 11:51 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys
+ 2008-12-05 06:57 . 2009-06-25 08:27 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-12-08 09:25 . 2009-12-08 09:25 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-04-15 14:54 . 2009-04-15 14:54 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-10-12 13:40 . 2009-10-12 13:40 150016 c:\windows\system32\dllcache\rastls.dll
+ 2009-10-13 10:34 . 2009-10-13 10:34 271360 c:\windows\system32\dllcache\oakley.dll
+ 2008-06-20 17:49 . 2008-06-20 17:49 247296 c:\windows\system32\dllcache\mswsock.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 205312 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:27 . 2009-09-11 14:19 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-12-17 07:42 . 2009-12-17 07:42 343552 c:\windows\system32\dllcache\mspaint.exe
+ 2008-06-12 14:24 . 2008-06-12 14:24 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:24 . 2008-06-12 14:24 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:24 . 2008-06-12 14:24 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2010-04-12 22:50 . 2009-06-25 08:27 729088 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-05-07 15:33 . 2009-05-07 15:33 346624 c:\windows\system32\dllcache\localspl.dll
+ 2009-06-25 08:27 . 2009-06-25 08:27 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2008-10-23 12:42 . 2008-10-23 12:42 286720 c:\windows\system32\dllcache\gdi32.dll
+ 2008-07-07 20:29 . 2008-07-07 20:29 253952 c:\windows\system32\dllcache\es.dll
+ 2008-06-20 17:49 . 2008-06-20 17:49 147968 c:\windows\system32\dllcache\dnsapi.dll
+ 2010-02-12 04:35 . 2010-02-12 04:35 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2010-04-23 16:45 . 2003-12-23 22:00 131072 c:\windows\system32\bsplmf01.exe
+ 2010-04-23 16:45 . 2001-02-05 09:16 258048 c:\windows\system32\bsplmf01.dll
+ 2010-04-23 16:45 . 2005-03-02 09:35 121856 c:\windows\system32\BrWia05a.dll
+ 2003-10-16 11:55 . 2003-10-16 11:55 299008 c:\windows\Downloaded Program Files\isusweb.dll
+ 2002-07-25 15:13 . 2002-07-25 15:13 196608 c:\windows\Downloaded Program Files\dwusplay.exe
+ 2004-08-17 13:44 . 2009-08-14 15:15 1850624 c:\windows\system32\win32k.sys
+ 2010-04-23 16:45 . 2005-04-28 17:40 1705467 c:\windows\system32\spool\drivers\w32x86\brotherdcp_115c3509\brio05a.dll
+ 2010-04-23 16:45 . 2005-04-28 17:40 1705467 c:\windows\system32\spool\drivers\w32x86\3\brio05a.dll
+ 2004-08-17 13:49 . 2008-06-17 19:02 8465408 c:\windows\system32\shell32.dll
- 2004-08-17 13:49 . 2008-04-14 03:21 8465408 c:\windows\system32\shell32.dll
- 2004-08-17 13:49 . 2008-04-14 03:21 1437696 c:\windows\system32\query.dll
+ 2004-08-17 13:49 . 2009-07-17 16:17 1437696 c:\windows\system32\query.dll
+ 2004-08-17 13:49 . 2009-11-27 17:14 1294336 c:\windows\system32\quartz.dll
+ 2001-11-20 12:36 . 2001-11-20 12:36 1462353 c:\windows\system32\MYDLL.dll
+ 2009-08-14 15:15 . 2009-08-14 15:15 1850624 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-17 19:02 . 2008-06-17 19:02 8465408 c:\windows\system32\dllcache\shell32.dll
+ 2009-07-17 16:17 . 2009-07-17 16:17 1437696 c:\windows\system32\dllcache\query.dll
+ 2009-11-27 17:14 . 2009-11-27 17:14 1294336 c:\windows\system32\dllcache\quartz.dll
+ 2010-04-23 16:42 . 2010-04-23 16:42 23410688 c:\windows\Installer\2bba2f.msi
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\vospunt\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-04-12 136176]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-02 225224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-19 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-03-13 75048]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WaterProof\\PHPEdit\\3.4.6\\PHPEdit.exe"=
"c:\\Documents and Settings\\vospunt\\Plocha\\HRY\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\WaterProof\\PHPEdit\\3.6.2\\DBGpProxy.exe"=
"c:\\Program Files\\WaterProof\\PHPEdit\\3.6.2\\PHPEdit.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.4.2010 11:11 717296]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/20 19:11];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [13.3.2010 12:58 87536]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:28 1021256]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [12.4.2010 22:10 40060]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\active setup\installed components]
c:\docume~1\vospunt\LOCALS~1\Temp\msiecomm.exe [BU]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-04-23 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 13:35]

2010-04-23 c:\windows\Tasks\User_Feed_Synchronization-{A122EAD9-77E0-4E6D-B0DF-11D9A3F9205E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-23 21:20
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spsy.sys >>UNKNOWN [0x89BB7938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf7496cb8
\Driver\atapi -> atapi.sys @ 0xf7a40b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Bluetooth Device (Personal Area Network) -> SendCompleteHandler -> NDIS.sys @ 0xf7b23bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7b12a0d
SendHandler -> NDIS.sys @ 0xf7b26b40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3196)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\brss01a.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\documents and settings\vospunt\Local Settings\Data aplikací\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
.
**************************************************************************
.
Celkový čas: 2010-04-23 21:23:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-23 19:23
ComboFix2.txt 2010-04-23 15:58

Před spuštěním: Volných bajtů: 136 356 282 368
Po spuštění: Volných bajtů: 136 342 843 392

- - End Of File - - 54A3C0913F7D6F6270D02D2BD4D17C99

vospunt · #11 Příspěvek od **vospunt** » 23 dub 2010 20:29

po zpuštění gmer :

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-23 21:28:31
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\vospunt\LOCALS~1\Temp\kxrdqpow.sys

---- System - GMER 1.0.15 ----

SSDT spsy.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spsy.sys ZwEnumerateValueKey [0xF74F6030]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89C041F8
Device \FileSystem\Fastfat \Fat 89759500

---- EOF - GMER 1.0.15 ----

vospunt · #12 Příspěvek od **vospunt** » 24 dub 2010 06:02

nechal jsem to jet přes noc protože když to jelo a a chtěl jsem spustit net (google chrome) vyhodilo to "modrou smrt" a musel jsem to sputit odznova ...

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-24 06:56:01
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\vospunt\LOCALS~1\Temp\kxrdqpow.sys

---- System - GMER 1.0.15 ----

SSDT spej.sys ZwCreateKey [0xF74D70E0]
SSDT spej.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spej.sys ZwEnumerateValueKey [0xF74F6030]
SSDT spej.sys ZwOpenKey [0xF74D70C0]
SSDT spej.sys ZwQueryKey [0xF74F6108]
SSDT spej.sys ZwQueryValueKey [0xF74F5F88]
SSDT spej.sys ZwSetValueKey [0xF74F619A]

INT 0x62 ? 89B97BF8
INT 0x63 ? 89B97BF8
INT 0x63 ? 89B97BF8
INT 0x63 ? 89A04BF8
INT 0x63 ? 89B97BF8
INT 0x74 ? 89A04BF8
INT 0x83 ? 89A04BF8
INT 0x84 ? 89A04BF8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89B961F8
Device \FileSystem\Fastfat \FatCdrom 89920500
Device \Driver\NetBT \Device\NetBT_Tcpip_{11DBC863-2862-4B30-860E-CD0CE127CA60} 8989A500
Device \Driver\sptd \Device\2525560928 spej.sys
Device \Driver\usbuhci \Device\USBPDO-0 89A031F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{ED6B8CF7-0375-442C-8EC9-305E7D7BEAC6} 8989A500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C041F8
Device \Driver\dmio \Device\DmControl\DmConfig 89C041F8
Device \Driver\dmio \Device\DmControl\DmPnP 89C041F8
Device \Driver\dmio \Device\DmControl\DmInfo 89C041F8
Device \Driver\usbuhci \Device\USBPDO-1 89A031F8
Device \Driver\usbuhci \Device\USBPDO-2 89A031F8
Device \Driver\usbehci \Device\USBPDO-3 899D61F8
Device \Driver\usbuhci \Device\USBPDO-4 89A031F8
Device \Driver\PCI_PNP8428 \Device\00000048 spej.sys
Device \Driver\PCI_PNP8428 \Device\00000048 spej.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 89B981F8
Device \Driver\Cdrom \Device\CdRom0 898D01F8
Device \Driver\Cdrom \Device\CdRom1 898D01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 898D01F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8989A500
Device \Driver\NetBT \Device\NetbiosSmb 8989A500
Device \Driver\BTHUSB \Device\00000092 bthport.sys (Ovladač sběrnice Bluetooth/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000094 bthport.sys (Ovladač sběrnice Bluetooth/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 89A031F8
Device \Driver\usbuhci \Device\USBFDO-1 89A031F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 898E5500
Device \Driver\usbuhci \Device\USBFDO-2 89A031F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 898E5500
Device \Driver\usbuhci \Device\USBFDO-3 89A031F8
Device \Driver\usbehci \Device\USBFDO-4 899D61F8
Device \Driver\Ftdisk \Device\FtControl 89B981F8
Device \Driver\a3uvjkua \Device\Scsi\a3uvjkua1 898C91F8
Device \Driver\a3uvjkua \Device\Scsi\a3uvjkua1Port3Path0Target0Lun0 898C91F8
Device \Driver\a3uvjkua \Device\Scsi\a3uvjkua1Port3Path0Target1Lun0 898C91F8
Device \FileSystem\Fastfat \Fat 89920500
Device \FileSystem\Cdfs \Cdfs 89894500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e370e58a3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e370e58a3@00219e4839b7 0xB2 0xD5 0x68 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF8 0x46 0xA3 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x45 0x0C 0x4E 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7F 0x00 0x88 0xDD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x53 0x97 0x29 0x5F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF8 0x46 0xA3 0xED ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x45 0x0C 0x4E 0xD0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7F 0x00 0x88 0xDD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x51 0x85 0xDF 0x56 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e370e58a3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e370e58a3@00219e4839b7 0xB2 0xD5 0x68 0xE0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF8 0x46 0xA3 0xED ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x45 0x0C 0x4E 0xD0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7F 0x00 0x88 0xDD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x53 0x97 0x29 0x5F ...

---- EOF - GMER 1.0.15 ----

vospunt · #13 Příspěvek od **vospunt** » 24 dub 2010 09:35

stav ? myslíš co ? jako jestli se seká nebo tak ? neseká jede v klidu jen že mi ted ten generic cosi vyskakuje že neodpovídá a nejde spustit phpedit nebo co myslíš ?

vospunt · #14 Příspěvek od **vospunt** » 24 dub 2010 10:14

to jsem taky chtěl ale ... tyhle windowsy mám nainstalovaný jen tejden a hned po nainstalování to dělalo ... předtím jsem měl HDD rozdělen a linux mandrivu s win xp sem měl ... ted sem to předělal že mandrivu dopryč a mám tu jen XP ... a nechci přijít o své maily + přístupy na FTPčKa .... nastavení atd ..

vospunt · #15 Příspěvek od **vospunt** » 24 dub 2010 10:34

win xp sp2 ... to nedělalo ... až po aktualizacích windows ...aktulaizacích ale SP3 na to nemělo vliv ... dělalo to i před ... takže asi nějaká aktualizace co se nepovedla microsoftu ... nedělalo to předtím ani když jsem měl jen WIN .... hele ze začátku co sem pořídil nouta byl od kámoše jetej a byly tam visty ... to sem oddělal a dal tam tyhle XP SP2 a aktualizacema na SP3 ... to vůbec žádnej problém nedělalo .. po čase jsem tam měl jen linux ... pak zase jen WIN ... asi před 3 měsícema WIN+Linux a ted jen WIN

VIRY.CZ

není platná aplikace typu win32 ( windows xp pro sp3 )

není platná aplikace typu win32 ( windows xp pro sp3 )

Re: není platná aplikace typu win32 ( windows xp pro sp3 )

Re: není platná aplikace typu win32 ( windows xp pro sp3 )

Re: není platná aplikace typu win32 ( windows xp pro sp3 )

Re: není platná aplikace typu win32 ( windows xp pro sp3 )

Re: není platná aplikace typu win32 ( windows xp pro sp3 )

Re: není platná aplikace typu win32 ( windows xp pro sp3 )

Re: není platná aplikace typu win32 ( windows xp pro sp3 )

Re: není platná aplikace typu win32 ( windows xp pro sp3 )

Re: není platná aplikace typu win32 ( windows xp pro sp3 )

Re: není platná aplikace typu win32 ( windows xp pro sp3 )

Re: není platná aplikace typu win32 ( windows xp pro sp3 )

Re: není platná aplikace typu win32 ( windows xp pro sp3 )

Re: není platná aplikace typu win32 ( windows xp pro sp3 )

Re: není platná aplikace typu win32 ( windows xp pro sp3 )