VIRY.CZ

Zdravim ... potraboval bych pomoci ... pade mi net...

jsem pripojen prez wifi ... a po cca 30 vterinach nemam pristupny internet.... ale domaci sit normalne funguje a pripojeni mam (zkouseno na jinem kompu)

kdyz dam obnovit pripojeni ... provede se obnoveni a internet funguje opet zase jen cca 30 vterin ....

a takhle to muzu delat dokola....

zkousel jsem spyware terminatora, a clean up .... a combo fix...

takze prikladam log z rsitu a zaorven z comba

predem diky za pomoc


Logfile of random's system information tool 1.08 (written by random/random)
Run by NTB at 2010-09-04 19:53:28
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 2 GB (5%) free of 40 GB
Total RAM: 2037 MB (73% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-08 16862208]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"MGSysCtrl"=C:\Program Files\System Control Manager\MGSysCtrl.exe [2009-07-24 2048000]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]
"pdfFactory Pro Dispatcher v2"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe [2005-11-24 491520]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-03-24 1983816]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2009-03-18 767312]
"IJNetworkScanUtility"=C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [2009-05-19 136544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\NTB\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-04-23 136176]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-09-18 171464]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2010-04-25 2356088]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-08-03 3037696]
"ICQ"=C:\Program Files\ICQ7.0\ICQ.exe [2010-08-22 133432]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\xampp\apache\bin\apache.exe"="C:\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server"
"C:\xampp\mysql\bin\mysqld.exe"="C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-09-04 19:53:28 ----D---- C:\rsit
2010-09-04 19:53:28 ----D---- C:\Program Files\trend micro
2010-09-04 19:48:30 ----SHD---- C:\RECYCLER
2010-09-04 19:45:43 ----A---- C:\ComboFix.txt
2010-09-04 19:33:25 ----A---- C:\WINDOWS\zip.exe
2010-09-04 19:33:25 ----A---- C:\WINDOWS\SWSC.exe
2010-09-04 19:33:25 ----A---- C:\WINDOWS\SWREG.exe
2010-09-04 19:33:25 ----A---- C:\WINDOWS\sed.exe
2010-09-04 19:33:25 ----A---- C:\WINDOWS\PEV.exe
2010-09-04 19:33:25 ----A---- C:\WINDOWS\NIRCMD.exe
2010-09-04 19:33:25 ----A---- C:\WINDOWS\MBR.exe
2010-09-04 19:33:25 ----A---- C:\WINDOWS\grep.exe
2010-09-04 19:33:24 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-09-04 19:32:54 ----D---- C:\WINDOWS\ERDNT
2010-09-04 19:31:22 ----D---- C:\Qoobox
2010-09-02 21:44:24 ----ASH---- C:\hiberfil.sys
2010-08-16 16:46:23 ----D---- C:\Program Files\Lavalys
2010-08-16 13:27:27 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2010-08-12 07:52:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2183461$
2010-08-12 07:51:13 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-12 07:51:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-12 07:48:56 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-12 07:48:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-12 07:46:26 ----D---- C:\Config.Msi
2010-08-12 07:43:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-12 07:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-12 07:43:25 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-12 07:42:34 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$

======List of files/folders modified in the last 1 months======

2010-09-04 19:53:28 ----RD---- C:\Program Files
2010-09-04 19:50:48 ----D---- C:\WINDOWS
2010-09-04 19:50:26 ----D---- C:\Documents and Settings\NTB\Data aplikací\ICQ
2010-09-04 19:50:17 ----HD---- C:\WINDOWS\inf
2010-09-04 19:49:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-04 19:49:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-04 19:48:02 ----D---- C:\WINDOWS\Temp
2010-09-04 19:44:56 ----SD---- C:\WINDOWS\Tasks
2010-09-04 19:43:49 ----A---- C:\WINDOWS\system.ini
2010-09-04 19:43:37 ----D---- C:\WINDOWS\system32\drivers\etc
2010-09-04 19:43:17 ----D---- C:\WINDOWS\system32
2010-09-04 19:41:09 ----D---- C:\WINDOWS\system32\drivers
2010-09-04 19:41:09 ----D---- C:\WINDOWS\AppPatch
2010-09-04 19:41:02 ----D---- C:\Program Files\Common Files
2010-09-04 19:31:33 ----D---- C:\WINDOWS\Prefetch
2010-09-04 18:14:18 ----D---- C:\Documents and Settings\NTB\Data aplikací\Spyware Terminator
2010-09-04 18:14:12 ----D---- C:\Program Files\Spyware Terminator
2010-09-03 13:14:32 ----D---- C:\Documents and Settings\NTB\Data aplikací\Skype
2010-09-03 12:54:22 ----D---- C:\Documents and Settings\NTB\Data aplikací\skypePM
2010-09-02 22:03:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-09-02 21:49:52 ----D---- C:\Program Files\Mozilla Thunderbird
2010-09-02 20:43:29 ----D---- C:\Documents and Settings\NTB\Data aplikací\Adobe
2010-09-02 20:42:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-08-25 22:21:39 ----D---- C:\Program Files\ICQ7.0
2010-08-23 22:19:01 ----A---- C:\WINDOWS\wincmd.ini
2010-08-23 22:14:33 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-08-16 13:27:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-12 19:36:10 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-12 19:36:03 ----RSD---- C:\WINDOWS\assembly
2010-08-12 07:52:03 ----SHD---- C:\WINDOWS\Installer
2010-08-12 07:51:11 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-12 07:50:37 ----A---- C:\WINDOWS\win.ini
2010-08-12 07:48:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-12 07:47:37 ----D---- C:\WINDOWS\WinSxS
2010-08-12 07:43:27 ----D---- C:\Program Files\Movie Maker
2010-08-06 22:44:17 ----D---- C:\Program Files\e-TRAYz

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-01-06 43872]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-08 4739072]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NETHDDIM;NETHDD NDIS IM Service; C:\WINDOWS\system32\DRIVERS\nethddim.sys [2010-05-15 18432]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys [2008-06-11 156160]
R3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys [2008-05-19 625792]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-06-11 106368]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 catchme;catchme; \??\C:\DOCUME~1\NTB\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter; C:\WINDOWS\system32\DRIVERS\rtl8187Se.sys [2008-07-10 306176]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2008-02-15 131712]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2008-01-31 74240]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2008-01-22 54144]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
S3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-05-13 685816]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 Micro Star SCM;Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [2009-07-09 160768]
R2 NETHDD;NETHDD Service; C:\WINDOWS\system32\NETHDD.exe [2010-05-15 249376]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-08-03 488960]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 128360]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-05-13 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

a tady je to combo ¨


ComboFix 10-09-03.02 - NTB 04.09.2010 19:38:10.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2037.1590 [GMT 2:00]
Spuštěný z: F:\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\oledb32.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-04 do 2010-09-04 )))))))))))))))))))))))))))))))
.

2010-08-16 14:46 . 2010-08-16 14:46 -------- d-----w- c:\program files\Lavalys
2010-08-16 11:27 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-08-16 11:27 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 16:14 . 2010-08-03 08:42 -------- d-----w- c:\program files\Spyware Terminator
2010-09-02 19:49 . 2010-05-12 06:15 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-25 20:21 . 2010-04-24 10:31 -------- d-----w- c:\program files\ICQ7.0
2010-08-12 05:48 . 2008-08-29 23:25 79440 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 05:48 . 2008-08-29 23:25 432516 ----a-w- c:\windows\system32\perfh005.dat
2010-08-06 20:44 . 2010-05-15 16:15 -------- d-----w- c:\program files\e-TRAYz
2010-08-03 16:28 . 2010-07-12 17:16 -------- d-----w- c:\program files\Common Files\BricsCad
2010-08-03 08:52 . 2010-08-03 08:52 -------- d-----w- c:\program files\CCleaner
2010-08-03 08:47 . 2010-05-14 07:17 -------- d-----w- c:\program files\Ask.com
2010-08-03 08:42 . 2010-08-03 08:42 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-07-21 09:21 . 2010-07-12 17:14 -------- d-----w- c:\program files\CadDecor v. 1.8.0
2010-07-12 17:20 . 2008-08-29 15:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-12 17:20 . 2010-07-12 17:20 -------- d-----w- c:\program files\BricsCad
2010-07-07 12:23 . 2010-07-07 12:23 -------- d-----w- c:\program files\PSPad editor
2010-06-30 12:33 . 2008-08-29 23:25 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:12 . 2008-08-29 23:25 668160 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:12 . 2008-08-29 23:25 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 09:02 . 2008-08-29 23:25 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-08-29 23:25 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-08-29 23:25 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-08-29 14:39 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2008-08-29 23:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeTRAYz_OverlayIcon_Share]
@="{B00DFEC8-C278-40FD-8832-76A9409991F3}"
[HKEY_CLASSES_ROOT\CLSID\{B00DFEC8-C278-40FD-8832-76A9409991F3}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeTRAYz_OverlayIcon_ShareSync]
@="{2022959D-8296-427A-9D9F-E59CC016F006}"
[HKEY_CLASSES_ROOT\CLSID\{2022959D-8296-427A-9D9F-E59CC016F006}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeTRAYz_OverlayIcon_Sync]
@="{B2483E28-1631-4E80-AA62-29B35EFEC7F0}"
[HKEY_CLASSES_ROOT\CLSID\{B2483E28-1631-4E80-AA62-29B35EFEC7F0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\NTB\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-04-23 136176]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2010-04-25 2356088]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-08-03 3037696]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-08-22 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-08 16862208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-07-24 2048000]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-11-24 491520]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-13 113664]
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.5.2010 10:20 164048]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [3.8.2010 10:42 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.5.2010 10:20 19024]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [29.8.2008 18:03 160768]
R2 NETHDD;NETHDD Service;c:\windows\system32\NETHDD.exe [15.5.2010 18:15 249376]
R3 NETHDDIM;NETHDD NDIS IM Service;c:\windows\system32\drivers\nethddim.sys [15.5.2010 18:15 18432]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [29.8.2008 17:59 156160]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [23.4.2010 21:02 625792]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.5.2010 19:57 685816]
.
Obsah adresáře 'Naplánované úlohy'

2010-09-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.msi.com.tw/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-04 19:43
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-09-04 19:45:42
ComboFix-quarantined-files.txt 2010-09-04 17:45

Před spuštěním: 131 010 560
Po spuštění: 179 523 584

- - End Of File - - B7E5029704ECF12401F955D3A04FD029

Dobrý večer

přečtěte si varování o použití combofixu, které mám v podpise.





Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

No on vzdy sam neco vymaze.... tak jsem ho to nechal udelat nez jsem hledal pomoc tady abych nezdrzoval .....

a jinak .... tady je novy log



ComboFix 10-09-03.02 - NTB 05.09.2010 8:55.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2037.1559 [GMT 2:00]
Spuštěný z: c:\documents and settings\NTB\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\NTB\Plocha\CFScript.txt.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\program files\Ask.com\UpdateTask.exe"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_40c.ico
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-05 do 2010-09-05 )))))))))))))))))))))))))))))))
.

2010-09-04 17:53 . 2010-09-04 17:54 -------- d-----w- C:\rsit
2010-09-04 17:53 . 2010-09-04 17:53 -------- d-----w- c:\program files\trend micro
2010-08-16 14:46 . 2010-08-16 14:46 -------- d-----w- c:\program files\Lavalys
2010-08-16 11:27 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-08-16 11:27 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 16:14 . 2010-08-03 08:42 -------- d-----w- c:\program files\Spyware Terminator
2010-09-02 19:49 . 2010-05-12 06:15 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-25 20:21 . 2010-04-24 10:31 -------- d-----w- c:\program files\ICQ7.0
2010-08-12 05:48 . 2008-08-29 23:25 79440 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 05:48 . 2008-08-29 23:25 432516 ----a-w- c:\windows\system32\perfh005.dat
2010-08-06 20:44 . 2010-05-15 16:15 -------- d-----w- c:\program files\e-TRAYz
2010-08-03 16:28 . 2010-07-12 17:16 -------- d-----w- c:\program files\Common Files\BricsCad
2010-08-03 08:52 . 2010-08-03 08:52 -------- d-----w- c:\program files\CCleaner
2010-08-03 08:42 . 2010-08-03 08:42 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-07-21 09:21 . 2010-07-12 17:14 -------- d-----w- c:\program files\CadDecor v. 1.8.0
2010-07-12 17:20 . 2008-08-29 15:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-12 17:20 . 2010-07-12 17:20 -------- d-----w- c:\program files\BricsCad
2010-07-07 12:23 . 2010-07-07 12:23 -------- d-----w- c:\program files\PSPad editor
2010-06-30 12:33 . 2008-08-29 23:25 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:12 . 2008-08-29 23:25 668160 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:12 . 2008-08-29 23:25 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 09:02 . 2008-08-29 23:25 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-08-29 23:25 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-08-29 23:25 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-08-29 14:39 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2008-08-29 23:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeTRAYz_OverlayIcon_Share]
@="{B00DFEC8-C278-40FD-8832-76A9409991F3}"
[HKEY_CLASSES_ROOT\CLSID\{B00DFEC8-C278-40FD-8832-76A9409991F3}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeTRAYz_OverlayIcon_ShareSync]
@="{2022959D-8296-427A-9D9F-E59CC016F006}"
[HKEY_CLASSES_ROOT\CLSID\{2022959D-8296-427A-9D9F-E59CC016F006}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeTRAYz_OverlayIcon_Sync]
@="{B2483E28-1631-4E80-AA62-29B35EFEC7F0}"
[HKEY_CLASSES_ROOT\CLSID\{B2483E28-1631-4E80-AA62-29B35EFEC7F0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\NTB\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-04-23 136176]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2010-04-25 2356088]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-08-03 3037696]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-08-22 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-08 16862208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-07-24 2048000]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-11-24 491520]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-13 113664]
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.5.2010 10:20 164048]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [3.8.2010 10:42 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.5.2010 10:20 19024]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [29.8.2008 18:03 160768]
R2 NETHDD;NETHDD Service;c:\windows\system32\NETHDD.exe [15.5.2010 18:15 249376]
R3 NETHDDIM;NETHDD NDIS IM Service;c:\windows\system32\drivers\nethddim.sys [15.5.2010 18:15 18432]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [29.8.2008 17:59 156160]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [23.4.2010 21:02 625792]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.5.2010 19:57 685816]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.msi.com.tw/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 09:03
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-09-05 09:05:15
ComboFix-quarantined-files.txt 2010-09-05 07:05
ComboFix2.txt 2010-09-04 17:45

Před spuštěním: 1 977 524 224
Po spuštění: 1 967 820 800

- - End Of File - - 116433DCD25CA183AECA237A22B9AA49

No on vzdy sam neco vymaze.... tak jsem ho to nechal udelat nez jsem hledal pomoc tady abych nezdrzoval .....

a jinak .... tady je novy log

problem pretrvava


ComboFix 10-09-03.02 - NTB 05.09.2010 8:55.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2037.1559 [GMT 2:00]
Spuštěný z: c:\documents and settings\NTB\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\NTB\Plocha\CFScript.txt.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\program files\Ask.com\UpdateTask.exe"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_40c.ico
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-05 do 2010-09-05 )))))))))))))))))))))))))))))))
.

2010-09-04 17:53 . 2010-09-04 17:54 -------- d-----w- C:\rsit
2010-09-04 17:53 . 2010-09-04 17:53 -------- d-----w- c:\program files\trend micro
2010-08-16 14:46 . 2010-08-16 14:46 -------- d-----w- c:\program files\Lavalys
2010-08-16 11:27 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-08-16 11:27 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 16:14 . 2010-08-03 08:42 -------- d-----w- c:\program files\Spyware Terminator
2010-09-02 19:49 . 2010-05-12 06:15 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-25 20:21 . 2010-04-24 10:31 -------- d-----w- c:\program files\ICQ7.0
2010-08-12 05:48 . 2008-08-29 23:25 79440 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 05:48 . 2008-08-29 23:25 432516 ----a-w- c:\windows\system32\perfh005.dat
2010-08-06 20:44 . 2010-05-15 16:15 -------- d-----w- c:\program files\e-TRAYz
2010-08-03 16:28 . 2010-07-12 17:16 -------- d-----w- c:\program files\Common Files\BricsCad
2010-08-03 08:52 . 2010-08-03 08:52 -------- d-----w- c:\program files\CCleaner
2010-08-03 08:42 . 2010-08-03 08:42 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-07-21 09:21 . 2010-07-12 17:14 -------- d-----w- c:\program files\CadDecor v. 1.8.0
2010-07-12 17:20 . 2008-08-29 15:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-12 17:20 . 2010-07-12 17:20 -------- d-----w- c:\program files\BricsCad
2010-07-07 12:23 . 2010-07-07 12:23 -------- d-----w- c:\program files\PSPad editor
2010-06-30 12:33 . 2008-08-29 23:25 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:12 . 2008-08-29 23:25 668160 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:12 . 2008-08-29 23:25 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 09:02 . 2008-08-29 23:25 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-08-29 23:25 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-08-29 23:25 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-08-29 14:39 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2008-08-29 23:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeTRAYz_OverlayIcon_Share]
@="{B00DFEC8-C278-40FD-8832-76A9409991F3}"
[HKEY_CLASSES_ROOT\CLSID\{B00DFEC8-C278-40FD-8832-76A9409991F3}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeTRAYz_OverlayIcon_ShareSync]
@="{2022959D-8296-427A-9D9F-E59CC016F006}"
[HKEY_CLASSES_ROOT\CLSID\{2022959D-8296-427A-9D9F-E59CC016F006}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeTRAYz_OverlayIcon_Sync]
@="{B2483E28-1631-4E80-AA62-29B35EFEC7F0}"
[HKEY_CLASSES_ROOT\CLSID\{B2483E28-1631-4E80-AA62-29B35EFEC7F0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\NTB\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-04-23 136176]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2010-04-25 2356088]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-08-03 3037696]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-08-22 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-08 16862208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-07-24 2048000]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-11-24 491520]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-13 113664]
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.5.2010 10:20 164048]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [3.8.2010 10:42 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.5.2010 10:20 19024]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [29.8.2008 18:03 160768]
R2 NETHDD;NETHDD Service;c:\windows\system32\NETHDD.exe [15.5.2010 18:15 249376]
R3 NETHDDIM;NETHDD NDIS IM Service;c:\windows\system32\drivers\nethddim.sys [15.5.2010 18:15 18432]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [29.8.2008 17:59 156160]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [23.4.2010 21:02 625792]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.5.2010 19:57 685816]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.msi.com.tw/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 09:03
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-09-05 09:05:15
ComboFix-quarantined-files.txt 2010-09-05 07:05
ComboFix2.txt 2010-09-04 17:45

Před spuštěním: 1 977 524 224
Po spuštění: 1 967 820 800

- - End Of File - - 116433DCD25CA183AECA237A22B9AA49

Jenže občas má bug a pak může smazat, co enmá..proto je nutné aby rádce viděl log.

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4552

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

5.9.2010 23:46:55
mbam-log-2010-09-05 (23-46-55).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 237705
Uplynulý čas: 50 minuta(y), 10 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\VRZJ8K91NT (Trojan.FakeAlert) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

V mbamu nález smažte.
jak to vypadá s počítačem?

smazal jsem a zadna zmena ....

nesel by pomoci pomoci comba vymyzat Daemon Tools .. pri startu systemu vyhodi chybovou hlasku ... a nejde spustit ani odinstalovat ...

Daemona pak opravíme, nebojte
Tak ještě jeden test

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

nenaslo to nic.... je tam jen

task started
task completed

V nouzovém režimu připojení funguje?

jj v nouzovem rezimu bezi net prez wifi v poho ....

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript: - zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

otl


OTL logfile created on: 8.9.2010 8:55:45 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,07 Gb Total Space | 1,01 Gb Free Space | 2,59% Space Free | Partition Type: NTFS
Drive D: | 106,07 Gb Total Space | 87,69 Gb Free Space | 82,67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1,97 Gb Total Space | 1,25 Gb Free Space | 63,53% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVID-MSI
Current User Name: NTB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.09.08 08:53:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010.08.22 13:02:26 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.0\ICQ.exe
PRC - [2010.08.03 10:42:46 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2010.08.03 10:42:46 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2010.07.31 05:51:43 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\NTB\Local Settings\Data aplikací\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010.05.15 18:15:48 | 000,249,376 | ---- | M] (UNICON Co., Ltd.) -- C:\WINDOWS\system32\NETHDD.exe
PRC - [2010.05.06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009.07.24 09:51:42 | 002,048,000 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2009.07.09 15:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2009.05.19 17:11:52 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009.03.24 04:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.02.22 10:04:42 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008.01.22 20:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008.01.11 22:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007.10.29 14:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007.10.04 18:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007.09.28 16:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007.09.28 16:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2005.11.24 11:12:34 | 000,491,520 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
PRC - [2004.06.16 06:03:04 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010.09.08 08:53:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2009.07.17 13:46:00 | 000,007,680 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MGKBHook.dll
MOD - [2008.07.25 11:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
MOD - [2008.04.14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010.08.03 10:42:46 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010.05.15 18:15:48 | 000,249,376 | ---- | M] (UNICON Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NETHDD.exe -- (NETHDD)
SRV - [2010.05.13 21:15:33 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009.07.09 15:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.09.28 16:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\NTB\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010.08.03 10:42:46 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010.05.15 18:15:46 | 000,018,432 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nethddim.sys -- (NETHDDIM)
DRV - [2010.05.13 19:57:08 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010.05.06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.05.06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.05.06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.05.06 22:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.05.06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.05.06 22:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008.07.10 19:33:40 | 000,306,176 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8187Se.sys -- (rtl8187Se)
DRV - [2008.06.11 05:23:07 | 000,106,368 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.06.11 05:23:01 | 000,156,160 | R--- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008.05.19 22:49:14 | 000,625,792 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2008.05.08 06:21:40 | 004,739,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.02.15 15:01:06 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.01.31 15:55:06 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.01.22 20:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007.12.19 20:32:12 | 005,854,688 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007.11.29 09:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.10.18 14:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.10.02 11:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2006.10.10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.01.07 05:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.12.23 04:47:10 | 000,027,392 | R--- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw

IE - HKU\S-1-5-21-2640306841-2079858896-2257336040-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-2640306841-2079858896-2257336040-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.07.22 19:56:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010.05.12 08:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\Mozilla\Extensions
[2010.05.12 08:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\NTB\Data aplikací\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

O1 HOSTS File: ([2010.09.05 09:03:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKU\S-1-5-21-2640306841-2079858896-2257336040-1005..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2640306841-2079858896-2257336040-1005..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKU\S-1-5-21-2640306841-2079858896-2257336040-1005..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2640306841-2079858896-2257336040-1005..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2640306841-2079858896-2257336040-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2640306841-2079858896-2257336040-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2640306841-2079858896-2257336040-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2640306841-2079858896-2257336040-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 168.95.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\NTB\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\NTB\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.29 16:41:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2010.09.05 22:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NTB\Data aplikací\Malwarebytes
[2010.09.05 22:29:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.05 22:29:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.05 22:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.09.05 22:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.05 11:16:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.09.05 09:05:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.09.04 19:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.09.04 19:53:28 | 000,000,000 | ---D | C] -- C:\rsit
[2010.09.04 19:48:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NTB\Recent
[2010.09.04 19:33:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.09.04 19:33:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.09.04 19:33:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.09.04 19:33:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.09.04 19:32:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.09.04 19:31:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.09.04 07:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NTB\Plocha\BUK
[2010.09.03 15:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NTB\Plocha\Broskve
[2010.09.03 15:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NTB\Plocha\reklama
[2010.09.03 12:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NTB\Plocha\Grilovacka
[2010.09.02 12:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NTB\Dokumenty\Corel User Files
[2010.08.25 23:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NTB\Plocha\SOUNDTRACK-Pearl Harbor
[2010.08.22 17:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NTB\Plocha\100MSDCF22
[2010.08.18 17:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NTB\Plocha\Králův Dvůr
[2010.08.17 18:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NTB\Plocha\DCIM
[2010.08.16 16:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010.08.16 13:27:27 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2010.08.15 12:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NTB\Plocha\Nová složka
[2010.08.15 00:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NTB\Plocha\ZÁMEK VIMPERK
[2010.08.15 00:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NTB\Plocha\HUSINECKÁ PŘEHRADA
[2010.08.15 00:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NTB\Plocha\SAUNA ŽERNOVICE
[2010.08.15 00:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NTB\Plocha\100MSDCF11
[2010.08.12 21:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NTB\Plocha\HokusPhotoPokus
[2010.08.12 18:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NTB\Plocha\100MSDCF
[2010.08.12 07:46:26 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.07.12 19:24:00 | 000,099,840 | R--- | C] ( ) -- C:\WINDOWS\System32\Zipdll.dll
[2010.07.12 19:24:00 | 000,094,208 | R--- | C] ( ) -- C:\WINDOWS\System32\Unzdll.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.09.08 08:51:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.08 08:51:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.08 08:50:54 | 2136,268,800 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.07 22:29:36 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\NTB\NTUSER.DAT
[2010.09.07 22:29:36 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\NTB\ntuser.ini
[2010.09.07 22:29:34 | 002,205,456 | -H-- | M] () -- C:\Documents and Settings\NTB\Local Settings\Data aplikací\IconCache.db
[2010.09.05 22:30:00 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.09.05 11:14:18 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\NTB\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.05 09:03:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.09.05 09:03:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.09.04 19:30:26 | 003,835,729 | R--- | M] () -- C:\Documents and Settings\NTB\Plocha\ComboFix.exe
[2010.09.04 14:03:12 | 007,167,738 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\DSC00174.JPG
[2010.09.03 15:18:08 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\Převodem.xls
[2010.09.03 14:31:17 | 000,753,368 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\f51-FJ.pdf
[2010.09.03 14:30:46 | 000,727,118 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\f50-FJ.pdf
[2010.09.03 14:30:14 | 000,650,847 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\f49-JOSTRA.pdf
[2010.09.03 14:29:56 | 000,727,145 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\f48-IU.pdf
[2010.09.03 14:29:32 | 001,273,172 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\f46-SMV.pdf
[2010.09.03 14:28:59 | 000,877,118 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\f47-TS.pdf
[2010.09.02 21:48:33 | 001,036,079 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\reklama-konec.jpg
[2010.09.02 20:44:25 | 005,618,354 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\reklama.CDR
[2010.09.02 20:39:22 | 005,616,528 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\Záloha_reklama.CDR
[2010.08.26 23:09:02 | 733,945,420 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\stargate_universe_s01e01-e02-air_parts_1_and_2.avi
[2010.08.26 22:14:04 | 000,080,568 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\stargate_universe_s01e01-e02-air_parts_1_and_2.srt
[2010.08.26 10:41:46 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\Peněžní denník 2010 - 0.0.2010.xls
[2010.08.23 22:19:01 | 000,001,605 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.08.23 22:14:33 | 000,000,230 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2010.08.23 22:00:44 | 000,080,372 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\44424_141737985865199_100000869945374_186470_1093087_n.jpg
[2010.08.22 16:57:34 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\Google Chrome.lnk
[2010.08.21 23:17:06 | 038,383,194 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\Sidewalks.rar
[2010.08.17 09:24:06 | 005,070,285 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\DSC00014.JPG
[2010.08.16 19:06:37 | 002,102,873 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\ospalec.jpg
[2010.08.16 18:58:40 | 000,411,581 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\Snímek 002.jpg
[2010.08.16 18:58:40 | 000,397,327 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\Snímek 001.jpg
[2010.08.16 16:46:26 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\EVEREST Home Edition.lnk
[2010.08.16 11:01:32 | 012,026,816 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\3D.pln
[2010.08.16 10:14:19 | 006,532,232 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\D03_Wood_Floors.rar
[2010.08.14 23:31:34 | 004,111,129 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\DSC00069.JPG
[2010.08.13 09:34:38 | 000,352,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.12 13:54:28 | 000,033,399 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\jj.jpg
[2010.08.12 07:50:37 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.08.12 07:48:17 | 000,988,064 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.12 07:48:17 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.12 07:48:17 | 000,432,516 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.08.12 07:48:17 | 000,079,440 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.08.12 07:48:17 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.08.11 22:45:03 | 003,456,275 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\DSC00022.jpg
[2010.08.11 22:41:36 | 000,101,128 | ---- | M] () -- C:\Documents and Settings\NTB\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.08.10 12:01:29 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\NTB\Plocha\Název zboží množství sleva.doc
[2010.08.09 20:35:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.09.08 08:50:54 | 2136,268,800 | -HS- | C] () -- C:\hiberfil.sys
[2010.09.05 22:30:00 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.09.05 09:45:39 | 007,167,738 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\DSC00174.JPG
[2010.09.05 08:45:50 | 003,835,729 | R--- | C] () -- C:\Documents and Settings\NTB\Plocha\ComboFix.exe
[2010.09.04 19:33:25 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.09.04 19:33:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.09.04 19:33:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.09.04 19:33:25 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.09.04 19:33:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.09.03 14:31:47 | 000,753,368 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\f51-FJ.pdf
[2010.09.03 14:31:47 | 000,727,118 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\f50-FJ.pdf
[2010.09.03 14:31:46 | 001,273,172 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\f46-SMV.pdf
[2010.09.03 14:31:46 | 000,877,118 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\f47-TS.pdf
[2010.09.03 14:31:46 | 000,727,145 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\f48-IU.pdf
[2010.09.03 14:31:46 | 000,650,847 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\f49-JOSTRA.pdf
[2010.09.02 21:48:32 | 001,036,079 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\reklama-konec.jpg
[2010.09.02 12:57:44 | 005,616,528 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\Záloha_reklama.CDR
[2010.09.02 12:27:56 | 005,618,354 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\reklama.CDR
[2010.08.26 23:06:38 | 733,945,420 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\stargate_universe_s01e01-e02-air_parts_1_and_2.avi
[2010.08.26 22:14:03 | 000,080,568 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\stargate_universe_s01e01-e02-air_parts_1_and_2.srt
[2010.08.24 21:20:28 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\Převodem.xls
[2010.08.24 21:20:27 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\Peněžní denník 2010 - 0.0.2010.xls
[2010.08.23 22:00:44 | 000,080,372 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\44424_141737985865199_100000869945374_186470_1093087_n.jpg
[2010.08.18 16:32:20 | 005,070,285 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\DSC00014.JPG
[2010.08.16 19:06:33 | 002,102,873 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\ospalec.jpg
[2010.08.16 16:46:26 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\EVEREST Home Edition.lnk
[2010.08.16 10:57:54 | 012,026,816 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\3D.pln
[2010.08.16 10:27:03 | 038,383,194 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\Sidewalks.rar
[2010.08.16 10:12:09 | 006,532,232 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\D03_Wood_Floors.rar
[2010.08.15 13:36:45 | 004,111,129 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\DSC00069.JPG
[2010.08.12 13:54:28 | 000,033,399 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\jj.jpg
[2010.08.11 22:44:44 | 003,456,275 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\DSC00022.jpg
[2010.08.10 12:01:28 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\NTB\Plocha\Název zboží množství sleva.doc
[2010.08.03 10:42:46 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010.07.12 19:24:00 | 004,677,632 | R--- | C] () -- C:\WINDOWS\System32\ri.dll
[2010.07.12 19:24:00 | 000,618,496 | R--- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2010.07.12 19:24:00 | 000,618,496 | R--- | C] () -- C:\WINDOWS\System32\stlp45.dll
[2010.07.12 19:24:00 | 000,230,912 | R--- | C] () -- C:\WINDOWS\System32\Zipit.dll
[2010.07.12 19:24:00 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\vc4_jpeg.dll
[2010.07.12 19:24:00 | 000,098,304 | R--- | C] () -- C:\WINDOWS\System32\VC4_TIFF.dll
[2010.07.12 19:24:00 | 000,090,112 | R--- | C] () -- C:\WINDOWS\System32\sdr.dll
[2010.07.12 19:24:00 | 000,040,720 | R--- | C] () -- C:\WINDOWS\System32\oledb32r.dll
[2010.07.12 19:24:00 | 000,033,280 | R--- | C] () -- C:\WINDOWS\System32\SP32W.DLL
[2010.07.12 19:24:00 | 000,005,392 | R--- | C] () -- C:\WINDOWS\System32\oledb32x.dll
[2010.07.12 19:23:58 | 000,315,904 | R--- | C] () -- C:\WINDOWS\System32\glu.dll
[2010.07.12 19:23:58 | 000,172,032 | R--- | C] () -- C:\WINDOWS\System32\glut32.dll
[2010.07.12 19:23:58 | 000,084,992 | R--- | C] () -- C:\WINDOWS\System32\HASPVB32.DLL
[2010.07.12 19:23:58 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2010.07.07 13:03:49 | 000,000,230 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2010.05.14 08:53:22 | 000,001,605 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010.05.14 00:23:57 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\NTB\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.13 20:05:57 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.08.30 01:25:37 | 000,001,168 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.08.29 19:01:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.08.29 18:55:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.08.29 17:59:48 | 006,184,960 | R--- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll
[2008.08.29 17:46:15 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2007.12.21 16:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010.05.12 10:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.05.13 21:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2010.05.15 20:28:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2010.05.16 11:30:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJEGV
[2010.05.24 18:38:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJScan
[2010.05.06 10:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PassMark
[2010.09.07 19:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2010.05.13 19:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ulead Systems
[2010.05.13 21:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\Autodesk
[2010.06.16 19:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\Canon
[2010.09.08 08:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\ICQ
[2010.09.04 18:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\Spyware Terminator
[2010.05.12 08:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\Thunderbird
[2010.05.13 19:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\Ulead Systems
[2010.06.27 09:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\Zoner

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Google Update" = "C:\Documents and Settings\NTB\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c -- [2010.04.23 21:46:25 | 000,136,176 | ---- | M] (Google Inc.)
"DAEMON Tools" = "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -- [2007.09.18 16:16:16 | 000,171,464 | ---- | M] (DT Soft Ltd.)
"AdobeUpdater" = "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" -- [2010.04.25 03:52:03 | 002,356,088 | ---- | M] (Adobe Systems Incorporated)
"SpywareTerminatorUpdate" = "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" -- [2010.08.03 10:42:46 | 003,037,696 | ---- | M] (Crawler.com)
"ICQ" = "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4 -- [2010.08.22 13:02:26 | 000,133,432 | ---- | M] (ICQ, LLC.)

< c:\windows\*.* /U >
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.09.05 10:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\Adobe
[2010.05.13 21:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\Autodesk
[2010.06.16 19:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\Canon
[2010.05.14 14:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\Corel
[2010.09.08 08:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\ICQ
[2008.08.29 16:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\Identities
[2008.08.29 17:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\InstallShield
[2010.04.23 21:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\Macromedia
[2010.09.05 22:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\Malwarebytes
[2010.06.30 19:07:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NTB\Data aplikací\Microsoft
[2010.05.12 08:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\Mozilla
[2010.07.21 10:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\PSpad
[2010.09.07 09:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\Skype
[2010.09.07 08:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\skypePM
[2010.09.04 18:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\Spyware Terminator
[2010.05.12 08:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\Thunderbird
[2010.05.13 19:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\Ulead Systems
[2010.05.14 08:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\WinRAR
[2010.06.27 09:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NTB\Data aplikací\Zoner

< %APPDATA%\*.exe /s >


< MD5 for: AGP440.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2005.03.25 15:00:00 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=9CAB5B612E3AF65810F276BA051D56CD -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\DRIVERS\ATAPI.SYS
[2005.03.25 15:00:00 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=9CAB5B612E3AF65810F276BA051D56CD -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\DRIVERS\ATAPI.SYS
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:cdrom.sys
[2008.04.14 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2005.03.25 15:00:00 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=DD6A189894B14E24A14B4D182F5F3949 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\DRIVERS\CDROM.SYS
[2005.03.25 15:00:00 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=DD6A189894B14E24A14B4D182F5F3949 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\DRIVERS\CDROM.SYS

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:hal.dll
[2008.04.14 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll
[2005.03.25 15:00:00 | 000,109,568 | ---- | M] (Microsoft Corporation) MD5=EB0D4F2DED96775E9C272BBDFAA7B923 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\HAL.DLL
[2005.03.25 15:00:00 | 000,109,568 | ---- | M] (Microsoft Corporation) MD5=EB0D4F2DED96775E9C272BBDFAA7B923 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\HAL.DLL

< MD5 for: CHANGER.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:Changer.sys

< MD5 for: IASTOR.SYS >
[2008.02.14 13:31:26 | 000,310,808 | ---- | M] (Intel Corporation) MD5=ACF3EC4273521B83AD9EFE56C11B4626 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\DRIVERS\IASTOR.SYS
[2008.02.14 13:31:26 | 000,310,808 | ---- | M] (Intel Corporation) MD5=ACF3EC4273521B83AD9EFE56C11B4626 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\DRIVERS\IASTOR.SYS

< MD5 for: ISAPNP.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:isapnp.sys
[2005.03.25 15:00:00 | 000,037,888 | ---- | M] (Microsoft Corporation) MD5=4EA2CC0CC091854FB1A07B6758BB68C0 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\DRIVERS\ISAPNP.SYS
[2005.03.25 15:00:00 | 000,037,888 | ---- | M] (Microsoft Corporation) MD5=4EA2CC0CC091854FB1A07B6758BB68C0 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\DRIVERS\ISAPNP.SYS
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 14:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2005.03.25 15:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=D4B61A935670C57A0DEA81B4F4A12169 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\LSASS.EXE
[2005.03.25 15:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=D4B61A935670C57A0DEA81B4F4A12169 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\LSASS.EXE
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2005.03.25 15:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=FDB9275EB5E75A456BD26F4479103C19 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\DRIVERS\NDIS.SYS
[2005.03.25 15:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=FDB9275EB5E75A456BD26F4479103C19 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\DRIVERS\NDIS.SYS

< MD5 for: NETLOGON.DLL >
[2005.03.25 15:00:00 | 000,419,328 | ---- | M] (Microsoft Corporation) MD5=9DA343027F3B72029AB499D3F7FFACAA -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\NETLOGON.DLL
[2005.03.25 15:00:00 | 000,419,328 | ---- | M] (Microsoft Corporation) MD5=9DA343027F3B72029AB499D3F7FFACAA -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\NETLOGON.DLL
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2005.03.25 15:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=71FB876580530E7B0429312A8BCE5E04 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\SCECLI.DLL
[2005.03.25 15:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=71FB876580530E7B0429312A8BCE5E04 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\SCECLI.DLL
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2005.03.25 15:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=5912CC8F61CF76E4FADC6F34C8F92DDB -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\SMSS.EXE
[2005.03.25 15:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=5912CC8F61CF76E4FADC6F34C8F92DDB -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\SMSS.EXE
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
[2008.04.14 14:00:00 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=F209B5C79A87A9521DC0BD88B039EEE3 -- C:\WINDOWS\I386\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2005.03.25 15:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=CA8E6441930B54A8B8210061CE5FCCE7 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\SVCHOST.EXE
[2005.03.25 15:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=CA8E6441930B54A8B8210061CE5FCCE7 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\SVCHOST.EXE

< MD5 for: SYMMPI.SYS >
[2005.03.25 15:00:00 | 000,049,664 | ---- | M] (LSI Logic) MD5=868204832E011E2D64281D7EABEE572E -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\DRIVERS\SYMMPI.SYS
[2005.03.25 15:00:00 | 000,049,664 | ---- | M] (LSI Logic) MD5=868204832E011E2D64281D7EABEE572E -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\DRIVERS\SYMMPI.SYS

< MD5 for: TCPIP.SYS >
[2008.04.14 14:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2005.03.25 15:00:00 | 000,333,312 | ---- | M] (Microsoft Corporation) MD5=EC676733442B122F1828FCD03B86C20B -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\DRIVERS\TCPIP.SYS
[2005.03.25 15:00:00 | 000,333,312 | ---- | M] (Microsoft Corporation) MD5=EC676733442B122F1828FCD03B86C20B -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\DRIVERS\TCPIP.SYS

< MD5 for: USERINIT.EXE >
[2005.03.25 15:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=29A1877F2D0EACFF20B6507A3C00F31B -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\USERINIT.EXE
[2005.03.25 15:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=29A1877F2D0EACFF20B6507A3C00F31B -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\USERINIT.EXE
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2005.03.25 15:00:00 | 000,508,928 | ---- | M] (Microsoft Corporation) MD5=325FD6D25FC1D77C363E87B445C8B023 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\WINLOGON.EXE
[2005.03.25 15:00:00 | 000,508,928 | ---- | M] (Microsoft Corporation) MD5=325FD6D25FC1D77C363E87B445C8B023 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\WINLOGON.EXE
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
[2005.03.25 15:00:00 | 000,083,968 | ---- | M] (Microsoft Corporation) MD5=DB060880F9C349F597AFA270D1D01B68 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\WS2_32.DLL
[2005.03.25 15:00:00 | 000,083,968 | ---- | M] (Microsoft Corporation) MD5=DB060880F9C349F597AFA270D1D01B68 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\WS2_32.DLL

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.08.29 18:31:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.08.29 18:31:41 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.08.29 18:31:40 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >