VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Problém se zápisem do registrů ve Win XP

https://forum.viry.cz:443/viewtopic.php?t=106938

Stránka 1 z 1

Problém se zápisem do registrů ve Win XP

Napsal: 24 lis 2010 19:40
od Hanypet
Dobrý večer,
mám problém se dostat do editoru registrů. Na počítači mám pouze jeden uživatelský účet, s právy správce. Když ale chci spustit regedit.exe, nebo spustit přímo nějaký soubor *.reg, vyhodí mi počítač chybu "Správce zakázal úpravy registru". Instalace nových programů však probíhají bez problémů (ty přece musí do registru zapisovat). Co mi paměť slouží, nic jsem nezakazoval. Obnovení systému není možné, protože ho nemám povolené.

Re: Problém se zápisem do registrů ve Win XP

Napsal: 24 lis 2010 19:51
od Rudy
Zkuste se tam dostat z účtu administrator v nouz. režimu. Pokud to půjde, dejte log z RSIT: http://viry.cz/forum/viewtopic.php?f=24&t=81939 .

Re: Problém se zápisem do registrů ve Win XP

Napsal: 24 lis 2010 20:52
od Hanypet
V nouzovém režimu pod adminem to šlo
Zde přikládám log RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Petr at 2010-11-24 20:51:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 23 GB (31%) free of 73 GB
Total RAM: 2047 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:19, on 24.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
E:\Program\Inventor Pro 2009\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
E:\Program\Inventor Pro 2009\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OSCAR Editor\OscarEditor.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\rsit\RSIT.exe
C:\Program Files\trend micro\Petr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aramayapalim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aramayapalim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 89.187.140.138 l2testauthd.lineage2.com
O1 - Hosts: 89.187.140.138 l2authd.lineage2.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files\OSCAR Editor\OscarEditor.exe" Minimum
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: update.lnk = C:\Program Files\ERUNT\update.bat
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Samsung Multimedia Keyboard.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{165627AB-B9A7-4091-B08D-72CA6D91796B}: NameServer = 192.168.0.50
O17 - HKLM\System\CCS\Services\Tcpip\..\{F60AA547-CBB3-4124-A3E7-65229977A4A9}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{165627AB-B9A7-4091-B08D-72CA6D91796B}: NameServer = 192.168.0.50
O17 - HKLM\System\CS2\Services\Tcpip\..\{165627AB-B9A7-4091-B08D-72CA6D91796B}: NameServer = 192.168.0.50
O17 - HKLM\System\CS3\Services\Tcpip\..\{165627AB-B9A7-4091-B08D-72CA6D91796B}: NameServer = 192.168.0.50
O17 - HKLM\System\CS4\Services\Tcpip\..\{165627AB-B9A7-4091-B08D-72CA6D91796B}: NameServer = 192.168.0.50
O17 - HKLM\System\CS5\Services\Tcpip\..\{165627AB-B9A7-4091-B08D-72CA6D91796B}: NameServer = 192.168.0.50
O17 - HKLM\System\CS6\Services\Tcpip\..\{165627AB-B9A7-4091-B08D-72CA6D91796B}: NameServer = 192.168.0.50
O17 - HKLM\System\CS7\Services\Tcpip\..\{165627AB-B9A7-4091-B08D-72CA6D91796B}: NameServer = 192.168.0.50
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - E:\Program\Inventor Pro 2009\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - E:\Program\Inventor Pro 2009\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SbPF.Launcher - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe (file missing)

--
End of file - 9499 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\update.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-10-26 1623392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-11-09 2069856]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-03 61440]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"OscarEditor"=C:\Program Files\OSCAR Editor\OscarEditor.exe [2009-06-16 3331584]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
CoreCenter.lnk - C:\Program Files\MSI\Core Center\CoreCenter.exe
Samsung Multimedia Keyboard.lnk - C:\Program Files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe

C:\Documents and Settings\Petr\Nabídka Start\Programy\Po spuštění
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
update.lnk - C:\Program Files\ERUNT\update.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-09-11 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-06-22 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"E:\Hry\DiRT2\dirt2_game.exe"="E:\Hry\DiRT2\dirt2_game.exe:*:Enabled:DiRT2"
"E:\Hry\FEAR\FEAR.exe"="E:\Hry\FEAR\FEAR.exe:*:Enabled:FEAR"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"E:\Hry\Assassin's Creed\AssassinsCreed_Dx9.exe"="E:\Hry\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"E:\Hry\Assassin's Creed\AssassinsCreed_Dx10.exe"="E:\Hry\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"E:\Hry\Assassin's Creed\AssassinsCreed_Launcher.exe"="E:\Hry\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20b13a1e-0804-11df-bd21-0019dbf67197}]
shell\AutoRun\command - H:\LaunchU3.exe -a


======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-11-24 20:19:21 ----A---- C:\WINDOWS\ntbtlog.txt
2010-11-24 17:48:15 ----D---- C:\WINDOWS\ERDNT
2010-11-24 17:47:42 ----D---- C:\Program Files\ERUNT
2010-11-24 16:09:24 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-11-24 13:44:23 ----D---- C:\Documents and Settings\Petr\Data aplikací\Bentley
2010-11-23 18:04:04 ----D---- C:\Program Files\Common Files\Bentley Shared
2010-11-23 18:04:03 ----D---- C:\Program Files\Bentley
2010-11-23 18:04:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Bentley
2010-11-19 01:58:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Blizzard
2010-11-19 00:48:51 ----D---- C:\Logs
2010-11-18 20:33:36 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-11-08 13:08:28 ----D---- C:\Documents and Settings\Petr\Data aplikací\Google
2010-11-08 13:02:28 ----D---- C:\Program Files\Google
2010-11-05 12:32:20 ----D---- C:\Documents and Settings\Petr\Data aplikací\Spore
2010-11-04 20:35:38 ----D---- C:\Documents and Settings\Petr\Data aplikací\Audacity
2010-11-04 20:35:33 ----D---- C:\Program Files\Audacity 1.3 Beta (Unicode)
2010-11-04 15:44:01 ----D---- C:\Documents and Settings\Petr\Data aplikací\Mp3tag
2010-11-04 15:43:23 ----D---- C:\Program Files\Mp3tag
2010-10-26 10:41:52 ----D---- C:\Documents and Settings\Petr\Data aplikací\vlc
2010-10-26 10:41:02 ----D---- C:\Program Files\VideoLAN
2010-10-25 14:17:55 ----D---- C:\Program Files\TEX

======List of files/folders modified in the last 1 months======

2010-11-24 20:51:12 ----D---- C:\Program Files\trend micro
2010-11-24 20:51:10 ----D---- C:\rsit
2010-11-24 20:46:34 ----D---- C:\WINDOWS\Temp
2010-11-24 20:45:12 ----D---- C:\Program Files\Mozilla Thunderbird
2010-11-24 20:43:46 ----D---- C:\WINDOWS
2010-11-24 20:43:45 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-24 20:16:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-24 19:23:11 ----D---- C:\WINDOWS\system32\Restore
2010-11-24 19:22:25 ----SHD---- C:\System Volume Information
2010-11-24 18:51:47 ----SD---- C:\WINDOWS\Tasks
2010-11-24 18:40:58 ----RD---- C:\Program Files
2010-11-24 17:16:56 ----SHD---- C:\WINDOWS\Installer
2010-11-24 17:16:45 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-11-24 17:16:44 ----D---- C:\WINDOWS\system32\drivers
2010-11-24 16:09:25 ----D---- C:\WINDOWS\Prefetch
2010-11-24 16:09:24 ----D---- C:\WINDOWS\system32
2010-11-24 16:07:23 ----HD---- C:\WINDOWS\inf
2010-11-24 15:13:35 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-23 18:04:04 ----D---- C:\Program Files\Common Files
2010-11-23 17:51:29 ----D---- C:\Documents and Settings\Petr\Data aplikací\U3
2010-11-23 10:05:16 ----D---- C:\WINDOWS\system32\CatRoot
2010-11-23 10:03:48 ----D---- C:\WINDOWS\system32\DirectX
2010-11-22 13:04:45 ----D---- C:\Documents and Settings\Petr\Data aplikací\ICQ
2010-11-19 00:21:57 ----D---- C:\Program Files\Avidemux 2.5
2010-11-18 22:19:35 ----D---- C:\Documents and Settings\Petr\Data aplikací\Mozilla
2010-11-18 14:45:25 ----D---- C:\Program Files\JDownloader 0.8
2010-11-16 18:36:41 ----D---- C:\WINDOWS\Debug
2010-11-16 18:35:11 ----D---- C:\Program Files\DivX
2010-11-16 18:35:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-11-13 11:15:49 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-11 16:04:35 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-10 14:59:23 ----D---- C:\Program Files\ICQ7.2
2010-11-08 12:57:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-05 10:53:01 ----D---- C:\Program Files\Defraggler
2010-11-04 21:07:40 ----D---- C:\Program Files\Audacity
2010-11-04 21:07:14 ----D---- C:\Program Files\CCleaner
2010-10-30 10:28:46 ----RSD---- C:\WINDOWS\assembly
2010-10-30 08:17:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-10-30 08:16:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-10-30 08:16:30 ----D---- C:\Program Files\ATI Technologies
2010-10-28 18:23:41 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-06-22 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-01 29584]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-06-22 243024]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-01-26 52224]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-09-14 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-06-30 25416]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-09-11 5417472]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-01-16 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 PCAlertDriver;PCAlertDriver; \??\C:\Program Files\MSI\Core Center\NTGLM7X.sys []
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-02-24 47360]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-14 83200]
R3 RushTopDevice;RushTopDevice; \??\C:\Program Files\MSI\Core Center\RushTop.sys []
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 a04v5hah;a04v5hah; C:\WINDOWS\system32\drivers\a04v5hah.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-01-16 30104]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 ldiskl;ldiskl; \??\C:\DOCUME~1\Petr\LOCALS~1\Temp\ldiskl.sys []
S3 npkcrypt;npkcrypt; \??\E:\Hry\Lineage IIinterlude\system\npkcrypt.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-09-11 606208]
R2 Autodesk Data Management Job Dispatch;Autodesk Data Management Job Dispatch; E:\Program\Inventor Pro 2009\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe [2008-02-18 32768]
R2 Autodesk EDM Server;Autodesk EDM Server; E:\Program\Inventor Pro 2009\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe [2008-02-18 57344]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-07-25 921952]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-09-20 2331544]
R2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-06-22 5897808]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-07-20 61440]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT); E:\Program\Inventor Pro 2009\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-01-22 29178224]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-06-29 520192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-08 136176]
S2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-05-09 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-04-05 79360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-01-22 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-01-22 242544]

-----------------EOF-----------------

Re: Problém se zápisem do registrů ve Win XP

Napsal: 24 lis 2010 21:28
od Rudy
Ještě poprosím o log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Re: Problém se zápisem do registrů ve Win XP

Napsal: 24 lis 2010 22:50
od Hanypet
Vyskytl se mi další problém. Při spuštění ComboFixu mi hlásí neco ve smyslu, že mám nainstalovaný AVG a že není doporučeno pokračovat, dokud ho neodinstaluji. Takže chci odinstalovat AVG. Jenže při odinstalaci dochází k chybě při odstraňování hodnoty v klíči registru:

Chyba: Selhala akce pro klíč registru HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: vytváření registrového klíče....
Přístup je odepřen.

Stejná chyba se objeví i při odinstalaci ve stavu nouze pod účtem administrator.
Tak se chci zeptat, jak mám teď postupovat, protože Combofix se nespustí. Mám AVG natvrdo smazat z disku??

Re: Problém se zápisem do registrů ve Win XP

Napsal: 24 lis 2010 23:19
od Rudy
Zkuste ho nejdřív korektně nainstalovat a pak odinstalovat buď přes TotalUninstall: http://www.stahuj.centrum.cz/utility_a_ ... uninstall/ , nebo odinstalační utilitou od Grisoftu: http://www.avg.com/filedir/util/support ... ver_cz.exe .

Re: Problém se zápisem do registrů ve Win XP

Napsal: 25 lis 2010 22:05
od Hanypet
Takže AVG jsem se nakonec zbavil. Znovu jsem zkusil spustit regedit a z ničehoc naběhl bez problému. Přesto ale radši přikládám ComboFix log

ComboFix 10-11-24.01 - Petr 25.11.2010 21:54:50.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1468 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-25 do 2010-11-25 )))))))))))))))))))))))))))))))
.

2010-11-25 19:49 . 2010-11-25 19:49 -------- d-----w- c:\program files\AVG
2010-11-25 19:40 . 2010-11-25 19:38 116373696 ----a-w- C:\avg_iswt_stf_all_90_730a1834.exe
2010-11-25 14:45 . 2010-11-25 14:45 -------- d---a-w- C:\.Trash-1000
2010-11-25 14:23 . 2010-11-25 14:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Martau
2010-11-25 14:23 . 2010-11-25 14:23 -------- d-----w- c:\program files\Total Uninstall 5
2010-11-25 14:03 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-25 14:03 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-11-24 16:47 . 2010-11-24 17:42 -------- d-----w- c:\program files\ERUNT
2010-11-24 15:09 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-24 14:13 . 2007-11-30 08:45 644400 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2010-11-24 12:44 . 2010-11-24 12:44 -------- d-----w- c:\documents and settings\Petr\Local Settings\Data aplikací\Bentley
2010-11-24 12:44 . 2010-11-24 12:44 -------- d-----w- c:\documents and settings\Petr\Data aplikací\Bentley
2010-11-23 17:04 . 2010-11-23 17:04 -------- d-----w- c:\program files\Common Files\Bentley Shared
2010-11-23 17:04 . 2010-11-24 12:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Bentley
2010-11-23 17:04 . 2010-11-23 17:04 -------- d-----w- c:\program files\Bentley
2010-11-19 00:58 . 2010-11-19 00:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Blizzard
2010-11-18 23:48 . 2010-11-18 23:48 -------- d-----w- C:\Logs
2010-11-18 19:33 . 2010-11-19 00:55 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-11-08 12:07 . 2010-11-08 12:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2010-11-08 12:02 . 2010-11-08 12:02 -------- d-----w- c:\documents and settings\Petr\Local Settings\Data aplikací\Temp
2010-11-08 12:02 . 2010-11-08 12:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2010-11-08 12:02 . 2010-11-24 14:13 -------- d-----w- c:\program files\Google
2010-11-08 12:02 . 2010-11-10 12:07 -------- d-----w- c:\documents and settings\Petr\Local Settings\Data aplikací\Google
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-05 11:32 . 2010-11-05 11:32 -------- d-----w- c:\documents and settings\Petr\Data aplikací\Spore
2010-11-04 19:35 . 2010-11-11 21:24 -------- d-----w- c:\documents and settings\Petr\Data aplikací\Audacity
2010-11-04 19:35 . 2010-11-04 19:35 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-11-04 14:44 . 2010-11-04 14:55 -------- d-----w- c:\documents and settings\Petr\Data aplikací\Mp3tag
2010-11-04 14:43 . 2010-11-04 14:43 -------- d-----w- c:\program files\Mp3tag
2010-10-30 07:45 . 2010-10-30 07:45 45056 ----a-r- c:\documents and settings\Petr\Data aplikací\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut5_1A4E47DC67014A85AA16C1F99A44598C.exe
2010-10-30 07:45 . 2010-10-30 07:45 45056 ----a-r- c:\documents and settings\Petr\Data aplikací\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut1_1A4E47DC67014A85AA16C1F99A44598C.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-14 09:10 . 2010-06-30 20:49 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-09-11 02:19 . 2007-06-27 01:58 5417472 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-09-11 01:57 . 2010-01-16 20:16 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-09-11 01:57 . 2010-01-16 20:16 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-09-11 01:56 . 2010-01-16 20:16 4419584 ----a-w- c:\windows\system32\aticaldd.dll
2010-09-11 01:54 . 2010-01-16 20:16 16248832 ----a-w- c:\windows\system32\atioglxx.dll
2010-09-11 01:50 . 2010-01-16 17:31 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-09-11 01:43 . 2010-01-16 17:31 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-09-11 01:42 . 2007-06-27 01:58 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-09-11 01:39 . 2007-06-27 01:41 3942880 ----a-w- c:\windows\system32\ati3duag.dll
2010-09-11 01:29 . 2007-06-27 01:14 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-09-11 01:26 . 2007-06-27 01:51 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-09-11 01:26 . 2007-06-27 01:51 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-09-11 01:26 . 2007-06-27 01:51 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-09-11 01:26 . 2007-06-27 01:50 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-09-11 01:26 . 2007-06-27 01:50 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-09-11 01:25 . 2007-06-27 01:31 2669312 ----a-w- c:\windows\system32\ativvaxx.dll
2010-09-11 01:25 . 2007-06-27 01:49 606208 ----a-w- c:\windows\system32\ati2evxx.exe
2010-09-11 01:24 . 2007-06-27 01:48 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-09-11 01:23 . 2010-06-10 15:32 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-09-11 01:19 . 2007-06-27 01:17 634880 ----a-w- c:\windows\system32\atikvmag.dll
2010-09-11 01:18 . 2010-01-16 20:16 192512 ----a-w- c:\windows\system32\atiadlxx.dll
2010-09-11 01:17 . 2007-06-27 01:16 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-09-11 01:13 . 2007-06-27 01:10 696320 ----a-w- c:\windows\system32\ati2cqag.dll
2010-09-11 01:11 . 2010-01-16 20:16 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-09-11 01:11 . 2010-01-16 20:16 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-09-11 01:11 . 2007-06-27 01:15 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-09-10 05:52 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-11-25_15.14.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-25 20:45 . 2010-11-25 20:45 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat
+ 2007-03-22 18:17 . 2007-03-22 18:17 35440 c:\windows\system32\FM20ENU.DLL
- 2010-01-16 18:54 . 2010-01-16 18:54 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-01-16 18:54 . 2010-11-25 19:24 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-01-16 18:54 . 2010-11-25 19:24 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2010-01-16 18:54 . 2010-01-16 18:54 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2010-01-16 18:54 . 2010-01-16 18:54 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2010-01-16 18:54 . 2010-11-25 19:24 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2010-01-16 18:54 . 2010-11-25 19:24 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2010-01-16 18:54 . 2010-01-16 18:54 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-01-16 18:54 . 2010-11-25 19:24 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2010-01-16 18:54 . 2010-01-16 18:54 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2010-01-16 18:54 . 2010-01-16 18:54 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-01-16 18:54 . 2010-11-25 19:24 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-01-16 18:54 . 2010-01-16 18:54 64088 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2003-07-15 06:00 . 2003-07-15 06:00 99904 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\TRANSMGR.DLL
+ 2003-07-15 05:53 . 2003-07-15 05:53 11848 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2003-07-14 21:57 . 2003-07-14 21:57 58944 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-15 05:44 . 2003-07-15 05:44 66616 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-15 05:43 . 2003-07-15 05:43 74288 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\RM.DLL
+ 2003-07-15 05:57 . 2003-07-15 05:57 40512 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2003-05-09 04:54 . 2003-05-09 04:54 77824 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 05:42 . 2003-07-15 05:42 37432 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\RECALL.DLL
+ 2003-07-15 10:18 . 2003-07-15 10:18 93752 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2003-07-15 05:43 . 2003-07-15 05:43 49208 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2003-07-15 05:43 . 2003-07-15 05:43 64056 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\OUTLRPC.DLL
+ 2003-07-15 05:44 . 2003-07-15 05:44 88128 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\OUTLMIME.DLL
+ 2003-07-15 05:41 . 2003-07-15 05:41 24640 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\OUTLACCT.DLL
+ 2003-07-15 10:14 . 2003-07-15 10:14 27192 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
+ 2003-07-15 05:56 . 2003-07-15 05:56 13888 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2003-07-15 05:57 . 2003-07-15 05:57 56888 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-15 05:52 . 2003-07-15 05:52 41528 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-06-19 00:31 . 2003-06-19 00:31 16384 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-07-15 05:45 . 2003-07-15 05:45 39488 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-07-15 05:45 . 2003-07-15 05:45 55360 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 05:46 . 2003-07-15 05:46 42040 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 05:53 . 2003-07-15 05:53 39488 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-15 05:52 . 2003-07-15 05:52 35896 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-14 21:52 . 2003-07-14 21:52 28224 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 05:52 . 2003-07-15 05:52 55360 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2003-07-15 05:44 . 2003-07-15 05:44 25144 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2003-07-15 05:52 . 2003-07-15 05:52 27704 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 05:52 . 2003-07-15 05:52 17464 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-07-15 05:51 . 2003-07-15 05:51 87104 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-06-19 00:31 . 2003-06-19 00:31 35328 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL
+ 2003-06-19 00:31 . 2003-06-19 00:31 18944 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL
+ 2003-06-19 00:31 . 2003-06-19 00:31 17920 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL
+ 2003-07-14 21:57 . 2003-07-14 21:57 87096 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
+ 2003-07-15 05:41 . 2003-07-15 05:41 13368 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2003-07-15 05:57 . 2003-07-15 05:57 98360 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-15 05:56 . 2003-07-15 05:56 14904 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-26 01:57 . 2003-07-26 01:57 75832 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\DLGSETP.DLL
+ 2003-07-15 10:18 . 2003-07-15 10:18 47160 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE
+ 2003-07-15 05:53 . 2003-07-15 05:53 94768 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 05:57 . 2003-07-15 05:57 38968 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-15 05:43 . 2003-07-15 05:43 87616 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\ADDRPARS.DLL
+ 2010-11-25 19:23 . 2010-11-25 19:23 66936 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2010-01-16 18:54 . 2010-01-16 18:54 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-01-16 18:54 . 2010-11-25 19:24 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-01-16 18:03 . 2010-11-25 19:41 254272 c:\windows\system32\FNTCACHE.DAT
- 2010-01-16 18:03 . 2010-10-13 18:51 254272 c:\windows\system32\FNTCACHE.DAT
- 2010-01-16 18:54 . 2010-01-16 18:54 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-01-16 18:54 . 2010-11-25 19:24 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-01-16 18:54 . 2010-11-25 19:24 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-01-16 18:54 . 2010-01-16 18:54 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-01-16 18:54 . 2010-01-16 18:54 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2010-01-16 18:54 . 2010-11-25 19:24 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2010-01-16 18:54 . 2010-11-25 19:24 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2010-01-16 18:54 . 2010-01-16 18:54 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-01-16 18:54 . 2010-11-25 19:24 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2010-01-16 18:54 . 2010-01-16 18:54 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-01-16 18:54 . 2010-11-25 19:24 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2010-01-16 18:54 . 2010-01-16 18:54 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2003-07-21 18:46 . 2003-07-21 18:46 390712 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2003-07-15 10:18 . 2003-07-15 10:18 430136 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL
+ 2003-07-15 05:43 . 2003-07-15 05:43 139320 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\OUTLPH.DLL
+ 2003-07-15 05:45 . 2003-07-15 05:45 196152 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\OUTLOOK.EXE
+ 2003-07-08 18:48 . 2003-07-08 18:48 115288 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DLL
+ 2003-07-15 05:44 . 2003-07-15 05:44 102968 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-07-15 10:14 . 2003-07-15 10:14 242240 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-15 10:14 . 2003-07-15 10:14 828472 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
+ 2003-07-15 10:14 . 2003-07-15 10:14 283696 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\OIS.EXE
+ 2010-01-16 18:54 . 2010-01-16 18:54 223800 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-15 06:00 . 2003-07-15 06:00 145984 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-24 05:40 . 2003-07-24 05:40 482872 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
+ 2003-07-15 05:56 . 2003-07-15 05:56 124984 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
+ 2003-07-15 06:02 . 2003-07-15 06:02 627256 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
+ 2003-06-19 23:05 . 2003-06-19 23:05 364648 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-15 10:18 . 2003-07-15 10:18 376888 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-23 21:35 . 2003-07-23 21:35 127032 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
+ 2003-07-15 02:14 . 2003-07-15 02:14 106552 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
+ 2003-07-14 21:57 . 2003-07-14 21:57 120888 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2002-04-09 19:14 . 2002-04-09 19:14 187560 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL
+ 2002-12-17 18:08 . 2002-12-17 18:08 359600 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL
+ 2003-07-14 21:58 . 2003-07-14 21:58 230968 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL
+ 2003-07-15 05:46 . 2003-07-15 05:46 176696 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL
+ 2003-05-28 22:42 . 2003-05-28 22:42 342616 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\METCONV.DLL
+ 2003-06-19 00:31 . 2003-06-19 00:31 443904 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL
+ 2003-06-19 00:31 . 2003-06-19 00:31 252928 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-06-19 00:31 . 2003-06-19 00:31 758784 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL
+ 2003-05-28 22:42 . 2003-05-28 22:42 514680 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\INTLNAME.DLL
+ 2003-07-24 05:32 . 2003-07-24 05:32 121400 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL
+ 2003-07-15 05:53 . 2003-07-15 05:53 161336 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\IETAG.DLL
+ 2003-07-26 02:14 . 2003-07-26 02:14 799288 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL
+ 2003-07-15 05:40 . 2003-07-15 05:40 179768 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-15 06:36 . 2003-07-15 06:36 186424 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
+ 2003-07-31 22:19 . 2003-07-31 22:19 131648 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\ENVELOPE.DLL
+ 2003-07-15 02:14 . 2003-07-15 02:14 350264 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
+ 2010-11-25 19:23 . 2010-11-25 19:23 226656 c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2007-06-06 09:53 . 2007-06-06 09:53 1195888 c:\windows\system32\FM20.DLL
+ 2005-10-26 13:59 . 2005-10-26 13:59 2883072 c:\windows\Installer\efa000.msp
+ 2010-10-22 12:25 . 2010-10-22 12:25 5521408 c:\windows\Installer\ef9efa.msp
+ 2003-08-03 17:52 . 2003-08-03 17:52 2808376 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
+ 2003-07-31 22:21 . 2003-07-31 22:21 1782840 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE
+ 2003-07-30 19:40 . 2003-07-30 19:40 6133312 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE
+ 2003-08-01 22:09 . 2003-08-01 22:09 8086072 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
+ 2003-08-10 06:06 . 2003-08-10 06:06 7522360 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL
+ 2003-07-07 20:36 . 2003-07-07 20:36 2058343 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DAT
+ 2003-07-15 06:05 . 2003-07-15 06:05 1054264 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-06-19 00:31 . 2003-06-19 00:31 1033216 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
+ 2003-07-11 09:15 . 2003-07-11 09:15 1292872 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2002-12-17 18:09 . 2002-12-17 18:09 2071752 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL
+ 2002-12-17 18:08 . 2002-12-17 18:08 1383592 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL
+ 2003-07-15 06:11 . 2003-07-15 06:11 2139192 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
+ 2003-07-26 02:00 . 2003-07-26 02:00 1157696 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL
+ 2003-07-24 06:01 . 2003-07-24 06:01 1949240 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
+ 2003-08-06 20:24 . 2003-08-06 20:24 12037688 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE
+ 2003-08-13 09:34 . 2003-08-13 09:34 10073144 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE
+ 2007-07-27 07:43 . 2007-07-27 07:43 109673984 c:\windows\Installer\ef9fea.msp
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files\OSCAR Editor\OscarEditor.exe" [2009-06-16 3331584]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Petr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-1-16 3444008]
update.lnk - c:\program files\ERUNT\update.bat [2010-11-24 108]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [2010-6-11 928256]
Samsung Multimedia Keyboard.lnk - c:\program files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe [2010-1-16 585728]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Hry\\DiRT2\\dirt2_game.exe"=
"e:\\Hry\\FEAR\\FEAR.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"e:\\Hry\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"e:\\Hry\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"e:\\Hry\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"57039:TCP"= 57039:TCP:Pando Media Booster
"57039:UDP"= 57039:UDP:Pando Media Booster

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.1.2010 10:41 685816]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [23.3.2010 17:38 270888]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [23.3.2010 17:38 65576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.11.2010 13:02 136176]
S2 SbPF.Launcher;SbPF.Launcher;"c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe" --> c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [?]
S3 ldiskl;ldiskl;\??\c:\docume~1\Petr\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\Petr\LOCALS~1\Temp\ldiskl.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - PCAlertDriver
.
Obsah adresáře 'Naplánované úlohy'

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 12:02]

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 12:02]

2010-11-25 c:\windows\Tasks\update.job
- c:\program files\ERUNT\update.bat [2010-11-24 17:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.aramayapalim.com
mStart Page = hxxp://www.aramayapalim.com
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {165627AB-B9A7-4091-B08D-72CA6D91796B} = 192.168.0.50
TCP: {F60AA547-CBB3-4124-A3E7-65229977A4A9} = 10.0.0.138
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-25 21:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-220523388-1078145449-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c0,ac,67,08,ce,56,32,5a,6e,7f,e0,1a,31,11,51,60,6e,b7,26,57,16,7c,91,
ad,1e,28,d8,b1,96,13,f1,6f,98,52,af,c3,bb,3e,40,71,67,6b,d9,96,97,9b,1b,75,\
"??"=hex:74,46,de,da,ce,a6,b0,cd,f7,64,0d,30,a0,3c,53,3a

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="3935213D7D2AAEBACF18C4171FC0BEA0970D5DE4F7D8F660F61D862F63606A19F191E8DDF92EC734855A933F714EEB90933DD95D911B9487665FC6AA422F973BBE95A2791A1DA838EC0C02C1897FBBE00539673F10536BB81DA47B530323F3691675484261893C2980E091B83FF4F2EA8752B328B9CC385F747B976B7B5656FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933F3730898A13606CAFD4F8747D5E8AD89508C973AB16DDF331BC1527C0174B7735A8D545D5F1E8E10470DC561D683E5A2B6EEAA42E0C827632D140A0428CB2C82D9B6E295A44E1F9250AEEA06014A25859BC2ADC2D9BC5BB49DFBE56FBC15A27C4220BA4407253E647CAABC018F2B3E5F98D9427199E73B0E5CCF857E21C2E5A1F6C19A507185623F4435B603119B7480D94C41E575EE7879E8283CD00FCBB5D46E55730520D5797E35C906A06712815EA277B69F94FA38A3DB6214EF13A7441C35D7EB922781E120ED2A8D524A0B1212467A60FE723915DE5F1FC9438F5538A2E80D5C0C69F5EFCA23D5E3F3C40648D7AE3A334860599DA131C4CB9B37D52DB7BD79D3E9A1A6EBC49D9754C635063811D9DE56A60011D306A3FB412A152F32CD7BE81105DE0B127AB8F65C6F4E936A42D85425A7CA97AD491C31800683EB4A7C7C698C1E821C91FBE546AE741639DD9550CA2F3B8BAA944D971698A8B397EBFE304BEED941D98E7CA996B2C3680802D57936B7B7E28BE698219FC7712CC483329AA614BD254522551B3F022E7412BCF5A14F375643FCF555DC8703A1C489EE9B52548FB60D67D780E55C6B673CEFE4092B125834754889CF004AF2E0290001DF82722712A948AE1F4C4DF186963ECAC90ABD7B53953B5AFA5629F4385B4402CBE9E4D18580F89C742234CB8AAD9AAD93C8D6339892A596EDBC2998973079ABCBDDD0BFA76C0A88E94EF86252022942680327474D315CE0DF261423504F45ADF5C31FD0729B93CD094E4556A1E41232EC6C38332088B74E3198770C1A37502BFE977F1CC70E303E83B28AF8227D021AE8C7DB27A0049569612F23810D37C7BAC2E864E9E91AFD1C2C9DF95060C5A78CCA6F2606C4E3D4B019172D6229F4DEE73FDA82B700EA20A07C4A8B174C8E358C2350EFE667BB5A959F926D44D168CAB017A4543795FB3C770F037B3DB9F8659326EC5317C3F38F7D657803EECBDFC4891490994E1A22FD402429C6E3E1FB710FADD831147D48E1447A334D5F417A8A581E7ED196E180940F1F30B2E2E0E21960B53E2E9298C640B69541F245C12DDD79C4E246DD229031EC8721444338CC22DB60DA337A7D5520169034DC073FC105BA3BC37EA4F7A20A540B184844C9AB51CB717F"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1528)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(2396)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\windows\system32\webcheck.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1029\OWCI11.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ImgUtil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-11-25 22:00:24
ComboFix-quarantined-files.txt 2010-11-25 21:00

Před spuštěním: Volných bajtů: 23 455 211 520
Po spuštění: Volných bajtů: 23 458 340 864

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 0E0BB42D69E184EBFAF340D60BB07DD3

Re: Problém se zápisem do registrů ve Win XP

Napsal: 25 lis 2010 22:21
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Collect::
c:\documents and settings\Petr\Data aplikací\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut5_1A4E47DC67014A85AA16C1F99A44598C.exe
c:\documents and settings\Petr\Data aplikací\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut1_1A4E47DC67014A85AA16C1F99A44598C.exe

Driver::
PCAlertDriver
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: Problém se zápisem do registrů ve Win XP

Napsal: 25 lis 2010 22:39
od Hanypet
Zde je nový log

ComboFix 10-11-24.01 - Petr 25.11.2010 22:25:48.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1437 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr\Plocha\CFScript.txt

file zipped: c:\documents and settings\Petr\Data aplikací\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut1_1A4E47DC67014A85AA16C1F99A44598C.exe
file zipped: c:\documents and settings\Petr\Data aplikací\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut5_1A4E47DC67014A85AA16C1F99A44598C.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PCALERTDRIVER


((((((((((((((((((((((((( Soubory vytvořené od 2010-10-25 do 2010-11-25 )))))))))))))))))))))))))))))))
.

2010-11-25 19:49 . 2010-11-25 19:49 -------- d-----w- c:\program files\AVG
2010-11-25 19:40 . 2010-11-25 19:38 116373696 ----a-w- C:\avg_iswt_stf_all_90_730a1834.exe
2010-11-25 14:45 . 2010-11-25 14:45 -------- d---a-w- C:\.Trash-1000
2010-11-25 14:23 . 2010-11-25 14:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Martau
2010-11-25 14:23 . 2010-11-25 14:23 -------- d-----w- c:\program files\Total Uninstall 5
2010-11-25 14:03 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-25 14:03 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-11-24 16:47 . 2010-11-24 17:42 -------- d-----w- c:\program files\ERUNT
2010-11-24 15:09 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-24 14:13 . 2007-11-30 08:45 644400 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2010-11-24 12:44 . 2010-11-24 12:44 -------- d-----w- c:\documents and settings\Petr\Local Settings\Data aplikací\Bentley
2010-11-24 12:44 . 2010-11-24 12:44 -------- d-----w- c:\documents and settings\Petr\Data aplikací\Bentley
2010-11-23 17:04 . 2010-11-23 17:04 -------- d-----w- c:\program files\Common Files\Bentley Shared
2010-11-23 17:04 . 2010-11-24 12:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Bentley
2010-11-23 17:04 . 2010-11-23 17:04 -------- d-----w- c:\program files\Bentley
2010-11-19 00:58 . 2010-11-19 00:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Blizzard
2010-11-18 23:48 . 2010-11-18 23:48 -------- d-----w- C:\Logs
2010-11-18 19:33 . 2010-11-19 00:55 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-11-08 12:07 . 2010-11-08 12:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2010-11-08 12:02 . 2010-11-08 12:02 -------- d-----w- c:\documents and settings\Petr\Local Settings\Data aplikací\Temp
2010-11-08 12:02 . 2010-11-08 12:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2010-11-08 12:02 . 2010-11-24 14:13 -------- d-----w- c:\program files\Google
2010-11-08 12:02 . 2010-11-10 12:07 -------- d-----w- c:\documents and settings\Petr\Local Settings\Data aplikací\Google
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-05 11:32 . 2010-11-05 11:32 -------- d-----w- c:\documents and settings\Petr\Data aplikací\Spore
2010-11-04 19:35 . 2010-11-11 21:24 -------- d-----w- c:\documents and settings\Petr\Data aplikací\Audacity
2010-11-04 19:35 . 2010-11-04 19:35 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-11-04 14:44 . 2010-11-04 14:55 -------- d-----w- c:\documents and settings\Petr\Data aplikací\Mp3tag
2010-11-04 14:43 . 2010-11-04 14:43 -------- d-----w- c:\program files\Mp3tag
2010-10-30 07:45 . 2010-10-30 07:45 45056 ----a-r- c:\documents and settings\Petr\Data aplikací\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut5_1A4E47DC67014A85AA16C1F99A44598C.exe
2010-10-30 07:45 . 2010-10-30 07:45 45056 ----a-r- c:\documents and settings\Petr\Data aplikací\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut1_1A4E47DC67014A85AA16C1F99A44598C.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-14 09:10 . 2010-06-30 20:49 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-09-11 02:19 . 2007-06-27 01:58 5417472 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-09-11 01:57 . 2010-01-16 20:16 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-09-11 01:57 . 2010-01-16 20:16 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-09-11 01:56 . 2010-01-16 20:16 4419584 ----a-w- c:\windows\system32\aticaldd.dll
2010-09-11 01:54 . 2010-01-16 20:16 16248832 ----a-w- c:\windows\system32\atioglxx.dll
2010-09-11 01:50 . 2010-01-16 17:31 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-09-11 01:43 . 2010-01-16 17:31 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-09-11 01:42 . 2007-06-27 01:58 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-09-11 01:39 . 2007-06-27 01:41 3942880 ----a-w- c:\windows\system32\ati3duag.dll
2010-09-11 01:29 . 2007-06-27 01:14 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-09-11 01:26 . 2007-06-27 01:51 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-09-11 01:26 . 2007-06-27 01:51 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-09-11 01:26 . 2007-06-27 01:51 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-09-11 01:26 . 2007-06-27 01:50 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-09-11 01:26 . 2007-06-27 01:50 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-09-11 01:25 . 2007-06-27 01:31 2669312 ----a-w- c:\windows\system32\ativvaxx.dll
2010-09-11 01:25 . 2007-06-27 01:49 606208 ----a-w- c:\windows\system32\ati2evxx.exe
2010-09-11 01:24 . 2007-06-27 01:48 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-09-11 01:23 . 2010-06-10 15:32 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-09-11 01:19 . 2007-06-27 01:17 634880 ----a-w- c:\windows\system32\atikvmag.dll
2010-09-11 01:18 . 2010-01-16 20:16 192512 ----a-w- c:\windows\system32\atiadlxx.dll
2010-09-11 01:17 . 2007-06-27 01:16 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-09-11 01:13 . 2007-06-27 01:10 696320 ----a-w- c:\windows\system32\ati2cqag.dll
2010-09-11 01:11 . 2010-01-16 20:16 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-09-11 01:11 . 2010-01-16 20:16 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-09-11 01:11 . 2007-06-27 01:15 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-09-10 05:52 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files\OSCAR Editor\OscarEditor.exe" [2009-06-16 3331584]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Petr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-1-16 3444008]
update.lnk - c:\program files\ERUNT\update.bat [2010-11-24 108]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [2010-6-11 928256]
Samsung Multimedia Keyboard.lnk - c:\program files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe [2010-1-16 585728]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Hry\\DiRT2\\dirt2_game.exe"=
"e:\\Hry\\FEAR\\FEAR.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"e:\\Hry\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"e:\\Hry\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"e:\\Hry\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"57039:TCP"= 57039:TCP:Pando Media Booster
"57039:UDP"= 57039:UDP:Pando Media Booster

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.1.2010 10:41 685816]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [23.3.2010 17:38 270888]
R3 PCAlertDriver;PCAlertDriver;c:\program files\MSI\Core Center\NTGLM7X.sys [11.6.2010 10:48 27648]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [23.3.2010 17:38 65576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.11.2010 13:02 136176]
S2 SbPF.Launcher;SbPF.Launcher;"c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe" --> c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [?]
S3 ldiskl;ldiskl;\??\c:\docume~1\Petr\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\Petr\LOCALS~1\Temp\ldiskl.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - PCALERTDRIVER
.
Obsah adresáře 'Naplánované úlohy'

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 12:02]

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 12:02]

2010-11-25 c:\windows\Tasks\update.job
- c:\program files\ERUNT\update.bat [2010-11-24 17:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.aramayapalim.com
mStart Page = hxxp://www.aramayapalim.com
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {165627AB-B9A7-4091-B08D-72CA6D91796B} = 192.168.0.50
TCP: {F60AA547-CBB3-4124-A3E7-65229977A4A9} = 10.0.0.138
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-25 22:32
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-220523388-1078145449-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c0,ac,67,08,ce,56,32,5a,6e,7f,e0,1a,31,11,51,60,6e,b7,26,57,16,7c,91,
ad,1e,28,d8,b1,96,13,f1,6f,98,52,af,c3,bb,3e,40,71,67,6b,d9,96,97,9b,1b,75,\
"??"=hex:74,46,de,da,ce,a6,b0,cd,f7,64,0d,30,a0,3c,53,3a

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="3935213D7D2AAEBACF18C4171FC0BEA0970D5DE4F7D8F660F61D862F63606A19F191E8DDF92EC734855A933F714EEB90933DD95D911B9487665FC6AA422F973BBE95A2791A1DA838EC0C02C1897FBBE00539673F10536BB81DA47B530323F3691675484261893C2980E091B83FF4F2EA8752B328B9CC385F747B976B7B5656FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933F3730898A13606CAFD4F8747D5E8AD89508C973AB16DDF331BC1527C0174B7735A8D545D5F1E8E10470DC561D683E5A2B6EEAA42E0C827632D140A0428CB2C82D9B6E295A44E1F9250AEEA06014A25859BC2ADC2D9BC5BB49DFBE56FBC15A27C4220BA4407253E647CAABC018F2B3E5F98D9427199E73B0E5CCF857E21C2E5A1F6C19A507185623F4435B603119B7480D94C41E575EE7879E8283CD00FCBB5D46E55730520D5797E35C906A06712815EA277B69F94FA38A3DB6214EF13A7441C35D7EB922781E120ED2A8D524A0B1212467A60FE723915DE5F1FC9438F5538A2E80D5C0C69F5EFCA23D5E3F3C40648D7AE3A334860599DA131C4CB9B37D52DB7BD79D3E9A1A6EBC49D9754C635063811D9DE56A60011D306A3FB412A152F32CD7BE81105DE0B127AB8F65C6F4E936A42D85425A7CA97AD491C31800683EB4A7C7C698C1E821C91FBE546AE741639DD9550CA2F3B8BAA944D971698A8B397EBFE304BEED941D98E7CA996B2C3680802D57936B7B7E28BE698219FC7712CC483329AA614BD254522551B3F022E7412BCF5A14F375643FCF555DC8703A1C489EE9B52548FB60D67D780E55C6B673CEFE4092B125834754889CF004AF2E0290001DF82722712A948AE1F4C4DF186963ECAC90ABD7B53953B5AFA5629F4385B4402CBE9E4D18580F89C742234CB8AAD9AAD93C8D6339892A596EDBC2998973079ABCBDDD0BFA76C0A88E94EF86252022942680327474D315CE0DF261423504F45ADF5C31FD0729B93CD094E4556A1E41232EC6C38332088B74E3198770C1A37502BFE977F1CC70E303E83B28AF8227D021AE8C7DB27A0049569612F23810D37C7BAC2E864E9E91AFD1C2C9DF95060C5A78CCA6F2606C4E3D4B019172D6229F4DEE73FDA82B700EA20A07C4A8B174C8E358C2350EFE667BB5A959F926D44D168CAB017A4543795FB3C770F037B3DB9F8659326EC5317C3F38F7D657803EECBDFC4891490994E1A22FD402429C6E3E1FB710FADD831147D48E1447A334D5F417A8A581E7ED196E180940F1F30B2E2E0E21960B53E2E9298C640B69541F245C12DDD79C4E246DD229031EC8721444338CC22DB60DA337A7D5520169034DC073FC105BA3BC37EA4F7A20A540B184844C9AB51CB717F"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1532)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(340)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\SAMSUNG\Samsung Multimedia Keyboard\yskbhk.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ImgUtil.dll
c:\windows\system32\pngfilt.dll
c:\program files\OSCAR Editor\Win32Share.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
e:\program\Inventor Pro 2009\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
e:\program\Inventor Pro 2009\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2010-11-25 22:36:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-25 21:36
ComboFix2.txt 2010-11-25 21:00

Před spuštěním: Volných bajtů: 23 476 211 712
Po spuštění: Volných bajtů: 23 312 805 888

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - C19CD6799FB3DE4E266D63B86B7187E3

Re: Problém se zápisem do registrů ve Win XP

Napsal: 25 lis 2010 23:07
od Rudy
Log již vypadá čistý.

Re: Problém se zápisem do registrů ve Win XP

Napsal: 26 lis 2010 09:07
od Hanypet
děkuji moc :)

Re: Problém se zápisem do registrů ve Win XP

Napsal: 26 lis 2010 17:59
od Rudy
Nemáte zač!
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz