VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Zasekaný NTB

https://forum.viry.cz:443/viewtopic.php?t=107292

Stránka 1 z 3

Zasekaný NTB

Napsal: 06 pro 2010 23:22
od jaboos
Zdravím. Dostal jsem kámoščin notebook abych jí ho zprovoznil. Zapnutí pc a spuštění např. internetového prohlížeče trvá cca 20 minut... Někdy se prohlížeč ani nezapne... Bude určitě potřeba formát celého pc, ale ješte bych potřeboval ten NTB aspoň na pár dní rozjet... přikládám log. Díky za pomov.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-12-06 23:18:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 25 GB (33%) free of 76 GB
Total RAM: 447 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:18:28, on 6.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\BN2.tmp
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinOverBoost\wob2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator.EVCA\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [reset] regedit /s reset.reg
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NVIDIA driver monitor] C:\WINDOWS\nvsvc32.exe
O4 - HKLM\..\Run: [sebunni] C:\WINDOWS\system32\mynak.exe
O4 - HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Windows Firewall] C:\DOCUME~1\EVA~1\LOCALS~1\Temp\lsass.exe
O4 - HKLM\..\Run: [WinOverBoost] C:\Program Files\WinOverBoost\wob2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\System32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DistributedAgentServices - BrainWork - C:\WINDOWS\system32\spool\drivers\Distributed.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: AOL Antivirus Update Service (r1d4yrbuv130y4do) - Unknown owner - C:\Documents and Settings\Evča\Data aplikací\Microsoft\joreb.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5914 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{D4027C7F-154A-4066-A1AD-4243D8127440}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ACU"=C:\Program Files\Atheros\ACU.exe [2006-11-17 348249]
"reset"=regedit /s reset.reg []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-10-14 110592]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-11-03 90112]
"sebunni"=C:\WINDOWS\system32\mynak.exe []
"wuaucldt"=c:\windows\system32\wuaucldt.exe [2010-11-22 33280]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-11-22 2216960]
"Windows Firewall"=C:\DOCUME~1\EVA~1\LOCALS~1\Temp\lsass.exe []
"WinOverBoost"=C:\Program Files\WinOverBoost\wob2.exe [2004-03-20 119808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seznam Postak]
C:\Program Files\Seznam.cz\postak.exe -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinOverBoost]
C:\Program Files\WinOverBoost\wob2.exe [2004-03-20 119808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^0e6qq6c.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\0e6qq6c.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^0lhcc6o.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\0lhcc6o.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^1cyytka.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\1cyytka.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^3qqlccn.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\3qqlccn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^6mm70tp.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\6mm70tp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^a3ccxoojalg.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\a3ccxoojalg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^aa6mm6yy6.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\aa6mm6yy6.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^bhxy0o3aa3.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\bhxy0o3aa3.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^cy726qvl.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\cy726qvl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^effwrriddu.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\effwrriddu.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^hcc6ojk6gg6.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\hcc6ojk6gg6.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^hndezzqvlh.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\hndezzqvlh.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^jek5l0hn.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\jek5l0hn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^jpk1gccxoo.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\jpk1gccxoo.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^k6ww6ii6.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\k6ww6ii6.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^kk6ww6ii6.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\kk6ww6ii6.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^kv26snnezz.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\kv26snnezz.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^lccxooja.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\lccxooja.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^lccxoojk6gg.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\lccxoojk6gg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^lhxxtjjpvb.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\lhxxtjjpvb.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^mm3yy6kk6.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\mm3yy6kk6.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^mm5n0o0a.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\mm5n0o0a.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^pq0mms5y.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\pq0mms5y.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^q60c3oo3aa.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\q60c3oo3aa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^q6cc6ojk.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\q6cc6ojk.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^qmmhyytkkf.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\qmmhyytkkf.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^r1iytkffb.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\r1iytkffb.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^tpffwrridd.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\tpffwrridd.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^u9q1miiduu.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\u9q1miiduu.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^ufbww6ii.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\ufbww6ii.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^w60i3upv.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\w60i3upv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^wrc3oo70ll.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\wrc3oo70ll.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^ze6qq6cc.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\ze6qq6cc.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-07-04 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aoeyyxqn.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gzrjgxsu]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nlvfzcis]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tci18.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\zuhcrkzd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aoeyyxqn.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\gzrjgxsu]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nlvfzcis]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tci18.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\zuhcrkzd]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.mui"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.mui:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Evča\Plocha\P17535732.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\DOCUME~1\EVA~1\LOCALS~1\Temp\4721249.exe"="C:\DOCUME~1\EVA~1\LOCALS~1\Temp\4721249.exe:*:Enabled:Microsoft Office"
"C:\DOCUME~1\EVA~1\LOCALS~1\Temp\416.exe"="C:\DOCUME~1\EVA~1\LOCALS~1\Temp\416.exe:*:Enabled:Microsoft Office"
"C:\DOCUME~1\EVA~1\LOCALS~1\Temp\49146.exe"="C:\DOCUME~1\EVA~1\LOCALS~1\Temp\49146.exe:*:Enabled:Microsoft Office"
"C:\DOCUME~1\EVA~1\LOCALS~1\Temp\626.exe"="C:\DOCUME~1\EVA~1\LOCALS~1\Temp\626.exe:*:Enabled:Microsoft Office"
"C:\DOCUME~1\EVA~1\LOCALS~1\Temp\632530.exe"="C:\DOCUME~1\EVA~1\LOCALS~1\Temp\632530.exe:*:Enabled:Microsoft Office"
"C:\WINDOWS\System32\svchost.exe"="C:\WINDOWS\System32\svchost.exe:*:Enabled:Microsoft Office"
"C:\WINDOWS\system32\spool\drivers\Distributed.exe"="C:\WINDOWS\system32\spool\drivers\Distributed.exe:*:Enabled:BWProxyClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-12-06 23:18:16 ----D---- C:\Program Files\trend micro
2010-12-06 23:18:15 ----D---- C:\rsit
2010-12-06 23:17:07 ----D---- C:\Documents and Settings\Administrator.EVCA\Data aplikací\Macromedia
2010-12-06 23:16:26 ----D---- C:\Documents and Settings\Administrator.EVCA\Data aplikací\Mozilla
2010-12-06 23:16:15 ----D---- C:\Documents and Settings\Administrator.EVCA\Data aplikací\Adobe
2010-12-06 23:14:10 ----A---- C:\Documents and Settings\All Users\Data aplikací\xml5.tmp
2010-12-06 23:14:10 ----A---- C:\Documents and Settings\All Users\Data aplikací\xml4.tmp
2010-12-06 23:14:05 ----A---- C:\Documents and Settings\All Users\Data aplikací\xml3.tmp
2010-12-06 23:09:46 ----A---- C:\WINDOWS\ntbtlog.txt
2010-12-04 11:54:58 ----A---- C:\WINDOWS\system32\drivers\Tci18.sys
2010-12-01 09:42:21 ----A---- C:\_srvlog.txt
2010-11-30 13:34:10 ----A---- C:\WINDOWS\system32\drivers\nlvfzcis.sys
2010-11-26 19:31:13 ----A---- C:\WINDOWS\system32\drivers\wcscd.sys
2010-11-26 01:26:11 ----A---- C:\cy.exe
2010-11-24 23:35:04 ----A---- C:\WebHD.exe
2010-11-23 18:36:43 ----D---- C:\WINDOWS\Minidump
2010-11-23 16:13:53 ----HDC---- C:\WINDOWS\ie8
2010-11-23 16:10:02 ----D---- C:\Program Files\QIP
2010-11-22 19:35:15 ----A---- C:\WINDOWS\system32\wuaucldt.exe
2010-11-22 18:55:45 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2010-11-22 18:55:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-11-22 18:55:03 ----D---- C:\Program Files\Spyware Terminator
2010-11-22 18:40:17 ----D---- C:\WINDOWS\pss
2010-11-22 18:24:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-22 18:19:16 ----D---- C:\Documents and Settings\Administrator.EVCA\Data aplikací\WinRAR
2010-11-22 18:03:22 ----ASH---- C:\Documents and Settings\Administrator.EVCA\Data aplikací\desktop.ini
2010-11-22 18:03:21 ----SD---- C:\Documents and Settings\Administrator.EVCA\Data aplikací\Microsoft
2010-11-22 18:03:15 ----SHD---- C:\WINDOWS\CSC
2010-11-22 17:31:03 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-11-22 17:30:56 ----D---- C:\Program Files\CleanMyPC
2010-11-19 00:57:59 ----A---- C:\win22.exe
2010-11-17 21:27:25 ----A---- C:\winn27.exe
2010-11-15 22:03:10 ----A---- C:\winnt7.exe
2010-11-11 11:22:08 ----A---- C:\WINDOWS\system32\drivers\aoeyyxqn.sys
2010-11-10 09:00:27 ----A---- C:\jshd.exe

======List of files/folders modified in the last 1 months======

2010-12-06 23:18:16 ----D---- C:\Program Files
2010-12-06 23:15:02 ----D---- C:\WINDOWS\system32
2010-12-06 23:11:39 ----AD---- C:\WINDOWS\Temp
2010-12-06 23:09:46 ----D---- C:\WINDOWS
2010-12-05 23:26:15 ----D---- C:\WINDOWS\Prefetch
2010-12-05 20:23:35 ----D---- C:\WINDOWS\system32\config
2010-12-05 10:21:28 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-04 11:54:58 ----D---- C:\WINDOWS\system32\drivers
2010-11-27 22:43:34 ----HD---- C:\WINDOWS\inf
2010-11-23 18:39:48 ----RSHD---- C:\RECYCLER
2010-11-23 18:07:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-23 18:07:22 ----D---- C:\WINDOWS\Media
2010-11-23 18:07:22 ----D---- C:\WINDOWS\Help
2010-11-23 18:07:22 ----D---- C:\Program Files\Internet Explorer
2010-11-23 17:20:12 ----D---- C:\Program Files\ICQ6Toolbar
2010-11-23 17:19:57 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-23 17:19:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-11-23 16:19:43 ----HD---- C:\WINDOWS\msdownld.tmp
2010-11-23 16:17:22 ----D---- C:\WINDOWS\system32\en-US
2010-11-23 16:12:56 ----D---- C:\WINDOWS\Debug
2010-11-22 19:44:33 ----SHD---- C:\WINDOWS\Installer
2010-11-22 19:44:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-11-22 18:03:21 ----D---- C:\Documents and Settings
2010-11-15 23:03:01 ----D---- C:\Program Files\Ask.com
2010-11-15 23:03:00 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aoeyyxqn;aoeyyxqn; C:\WINDOWS\System32\Drivers\aoeyyxqn.sys [2010-11-11 40128]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 Tci18;Tci18; C:\WINDOWS\System32\Drivers\Tci18.sys [2010-12-06 34176]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\ar5211.sys [2006-12-05 529344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 WSIMD;wsimd Service; C:\WINDOWS\System32\DRIVERS\wsimd.sys [2006-07-20 54432]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-08-08 691696]
S1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
S1 cdfss;cdfss; \??\C:\WINDOWS\TEMP\cdfss []
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
S1 wcscd;wcscd; C:\WINDOWS\system32\drivers\wcscd.sys [2010-11-26 30560]
S2 nlvfzcis;nlvfzcis; C:\WINDOWS\system32\drivers\nlvfzcis.sys [2010-11-30 82944]
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\ATK0100\ASNDIS5.SYS []
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-07-04 2304000]
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\Sandra.sys []
S3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\System32\DRIVERS\w29n51.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 ACS;Atheros Configuration Service; C:\WINDOWS\System32\acs.exe [2006-11-17 360533]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-07-04 483328]
S2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 DistributedAgentServices;DistributedAgentServices; C:\WINDOWS\system32\spool\drivers\Distributed.exe [2010-12-05 117732]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-25 135664]
S2 r1d4yrbuv130y4do;AOL Antivirus Update Service; C:\Documents and Settings\Evča\Data aplikací\Microsoft\joreb.exe []
S2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-11-22 496128]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Zasekaný NTB

Napsal: 06 pro 2010 23:26
od vyosek
Zdravim a pekny vecer preji :)

:arrow: Format mozna nebude treba :wink:

:arrow: Nedivim se, ze je ve stavu v jakem je - haveti je tam pozehnane - kdyz tam neni ani antivir :boxed:

:arrow: Zustante v nouzovem rezimu

:arrow: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: Zasekaný NTB

Napsal: 07 pro 2010 00:03
od jaboos
ComboFix 10-12-04.06 - Administrator 06.12.2010 23:39:48.1.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.447.190 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator.EVCA\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\nvsvc32.exe
c:\windows\system32\Drivers\aoeyyxqn.sys
c:\windows\system32\drivers\wcscd.sys
c:\windows\system32\secupdat.dat
c:\windows\system32\spool\drivers\systempro.exe
c:\windows\system32\wuaucldt.exe

c:\windows\system32\drivers\cdrom.sys . . . je infikován!! . . .Failed to restore. Attempting to replace on reboot

Nakažená kopie c:\windows\system32\drivers\cdrom.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{AC2D0BE4-FE95-42CC-B1FF-3AB74FD8F5A6}\RP226\A0070468.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CDFSS
-------\Legacy_TCI18
-------\Legacy_WCSCD
-------\Service_cdfss
-------\Service_Tci18
-------\Service_wcscd
-------\Legacy_aoeyyxqn
-------\Service_aoeyyxqn


((((((((((((((((((((((((( Soubory vytvořené od 2010-11-06 do 2010-12-06 )))))))))))))))))))))))))))))))
.

2010-12-06 22:18 . 2010-12-06 22:18 -------- d-----w- c:\program files\trend micro
2010-12-06 22:18 . 2010-12-06 22:18 -------- d-----w- C:\rsit
2010-12-06 22:14 . 2010-12-06 22:14 2263 ----a-w- c:\documents and settings\All Users\Data aplikací\xml5.tmp
2010-12-06 22:14 . 2010-12-06 22:14 13680 ----a-w- c:\documents and settings\All Users\Data aplikací\xml4.tmp
2010-12-06 22:14 . 2010-12-06 22:14 7048 ----a-w- c:\documents and settings\All Users\Data aplikací\xml3.tmp
2010-12-04 10:54 . 2010-12-06 22:46 34176 ----a-w- c:\windows\system32\drivers\Tci18.sys
2010-11-30 12:34 . 2010-11-30 12:34 82944 ----a-w- c:\windows\system32\drivers\nlvfzcis.sys
2010-11-26 00:26 . 2010-11-26 00:26 65278 ----a-w- C:\cy.exe
2010-11-24 22:35 . 2010-11-24 23:32 155648 ----a-w- C:\WebHD.exe
2010-11-23 17:07 . 2010-11-23 17:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-11-23 15:13 . 2010-11-23 15:19 -------- dc-h--w- c:\windows\ie8
2010-11-23 15:10 . 2010-11-23 17:45 -------- d-----w- c:\program files\QIP
2010-11-22 17:55 . 2010-11-22 17:55 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-11-22 17:55 . 2010-11-23 19:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2010-11-22 17:55 . 2010-11-22 18:34 -------- d-----w- c:\program files\Spyware Terminator
2010-11-22 16:31 . 2010-12-06 22:28 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2010-11-22 16:30 . 2010-11-22 16:30 -------- d-----w- c:\program files\CleanMyPC
2010-11-22 15:56 . 2010-11-22 15:59 -------- d-----w- c:\documents and settings\Administrator
2010-11-18 23:57 . 2010-11-18 23:57 187904 ----a-w- C:\win22.exe
2010-11-17 20:27 . 2010-11-18 01:48 193024 ----a-w- C:\winn27.exe
2010-11-15 21:03 . 2010-11-16 04:32 91136 ----a-w- C:\winnt7.exe
2010-11-10 08:00 . 2010-11-10 08:00 77824 ----a-w- C:\jshd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 2010-07-29 11:22 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2010-07-29 11:22 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2010-07-29 11:22 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2002-09-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2002-09-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2002-09-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 1B6162FE7F66B1A71A4B70F941C4AA9B . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 1B6162FE7F66B1A71A4B70F941C4AA9B . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-17 . 6F877BF8DC01A550CD666F3BEDB2213C . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2002-09-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2002-09-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2002-09-23 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB917953_0$\tcpip.sys

[-] 2008-04-14 . 249276D3EF1E74B992299CB96099E4D7 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . 249276D3EF1E74B992299CB96099E4D7 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-17 . F219E27E88107A50544153898DD8178E . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . ED0A176354487CEED65B80A7148AB739 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . ED0A176354487CEED65B80A7148AB739 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-17 . 82A362FE1D4980B71B588D9C10748511 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 72E1E9E2977BE08BDEEDB6D8FD9D4D40 . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 72E1E9E2977BE08BDEEDB6D8FD9D4D40 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 86AD5B0E02F2C968FBB096AB4C555C9C . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2GDR\netman.dll
[-] 2005-08-22 . 86AD5B0E02F2C968FBB096AB4C555C9C . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . BB0557B62B95F366464C3C60A0BD6BDF . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-17 . AF342D2781225A8769686E0D47E3123E . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
[-] 2002-09-23 . 173B95F5DD338570DE469CCA8805B8A6 . 154112 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB905414_0$\netman.dll

[-] 2008-04-14 . 19395D092FD85DDC2D9C7729CF5A2AC8 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 19395D092FD85DDC2D9C7729CF5A2AC8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 19395D092FD85DDC2D9C7729CF5A2AC8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-17 . E774A26610EC92674273486612C11CFC . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2002-09-23 . D8681F65568AC0C6C7ED11E028EE3503 . 221184 . . [6.2.2600.1106] . . c:\windows\$NtUninstallKB842773$\qmgr.dll

[-] 2009-02-09 . C0BD34A62508BA68F146E22CE45919F9 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . BE27674D1CBC3214AEC84B4336A38BBF . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . BE27674D1CBC3214AEC84B4336A38BBF . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . BE27674D1CBC3214AEC84B4336A38BBF . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 2B269C916766BDB43404F043B763427D . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2009-02-09 . BEF7BB41E666EAA34BE7E99C2B107DB8 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . C868F3AE15CF71A93F2AA3A32856D839 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . C868F3AE15CF71A93F2AA3A32856D839 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-01-14 . F6A9A9EF24527C69DDAA576D965EBC39 . 395776 . . [5.1.2600.2595] . . c:\windows\SoftwareDistribution\Download\21aa31b80569dd182863fa3d7048cd81\sp2gdr\rpcss.dll
[-] 2005-01-14 . EB83A54CC8C1F0DF70EA67199747BCA0 . 395776 . . [5.1.2600.2595] . . c:\windows\SoftwareDistribution\Download\21aa31b80569dd182863fa3d7048cd81\sp2qfe\rpcss.dll
[-] 2004-08-17 . C72C15EE57E248C66E57C76CAB086CF2 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
[-] 2002-09-23 . 10DA393123DD6E1750DE15420897A040 . 260608 . . [5.1.2600.1106] . . c:\windows\SoftwareDistribution\Download\799fba1e1c5ede9e7de55f38e741a786\backup\sp1qfe\rpcss.dll
[-] 2002-09-23 . 10DA393123DD6E1750DE15420897A040 . 260608 . . [5.1.2600.1106] . . c:\windows\SoftwareDistribution\Download\799fba1e1c5ede9e7de55f38e741a786\backup\sp2gdr\rpcss.dll
[-] 2002-09-23 . 10DA393123DD6E1750DE15420897A040 . 260608 . . [5.1.2600.1106] . . c:\windows\SoftwareDistribution\Download\799fba1e1c5ede9e7de55f38e741a786\backup\sp2qfe\rpcss.dll

[-] 2009-02-09 . 9EF697AF07BB8DD82C3B02CA953A95B7 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 . 9EF697AF07BB8DD82C3B02CA953A95B7 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . 9EF697AF07BB8DD82C3B02CA953A95B7 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . 3D107D45CCFDB266E91D84B52CD7F430 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-09 . 4F9F7B567970B524F31D9970A23F7C24 . 111104 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2009-02-09 . 33081FED75032291EE0E008D5385E86F . 111104 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . F0D2AE69035092BF22DAD6B50FAB85C2 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . F0D2AE69035092BF22DAD6B50FAB85C2 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-17 . 6E401E61F952FBBF708AFBECEFAFAE81 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe

[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . F3AB0933CBD166D271992F411C27CCAF . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . F3AB0933CBD166D271992F411C27CCAF . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-17 . 70D2A1756F4B2067658A186C963FCABD . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32 . 398314DF0B21338C4996B469101750D1 . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:29 . A371F11EF07653591C8DE26AFB13CE7F . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:29 . A371F11EF07653591C8DE26AFB13CE7F . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:29 . A371F11EF07653591C8DE26AFB13CE7F . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:25 . BE68EA4457E2E5717231CF91BE5448E0 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:19 . 3440C414044935B124B5821C0994B37F . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 03:21 . 260C69FD67687B0DC062FC3D31655857 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 03:21 . 260C69FD67687B0DC062FC3D31655857 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2004-08-17 22:49 . 972378B907070F64932A87C90A035487 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2002-09-23 12:00 . CBB06A35D660E6B1F513160CE2A11A20 . 225280 . . [2001.12.4414.46] . . c:\windows\SoftwareDistribution\Download\799fba1e1c5ede9e7de55f38e741a786\backup\sp1qfe\es.dll
[-] 2002-09-23 12:00 . CBB06A35D660E6B1F513160CE2A11A20 . 225280 . . [2001.12.4414.46] . . c:\windows\SoftwareDistribution\Download\799fba1e1c5ede9e7de55f38e741a786\backup\sp2gdr\es.dll
[-] 2002-09-23 12:00 . CBB06A35D660E6B1F513160CE2A11A20 . 225280 . . [2001.12.4414.46] . . c:\windows\SoftwareDistribution\Download\799fba1e1c5ede9e7de55f38e741a786\backup\sp2qfe\es.dll

[-] 2008-04-14 . 6C60CA8AC7470AC01CFD3D24C7283CD1 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 6C60CA8AC7470AC01CFD3D24C7283CD1 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-17 . 2413635113361E54B62F0C40E4E4DAE6 . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . 9A4D2A6C4B7BD60851553C095CD71AF8 . 984576 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-03-21 . 545C653E8FE241CA6200798AA94FE5C7 . 988160 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . 545C653E8FE241CA6200798AA94FE5C7 . 988160 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 545C653E8FE241CA6200798AA94FE5C7 . 988160 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . 0D8F61460F84139BBE5E391D8DE18D9A . 990208 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 8D18BA8E854890074B6FB92D7D0C02FA . 987648 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . FD91CD95A1C663DF54DD371CC8A234DE . 988160 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . FD91CD95A1C663DF54DD371CC8A234DE . 988160 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2006-07-05 . A0B58CBB3ADCD79F1414A8E62D2F719F . 983552 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . 72FB9AA607A21FD2485286C478FB9B01 . 982528 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2GDR\kernel32.dll
[-] 2006-07-05 . 72FB9AA607A21FD2485286C478FB9B01 . 982528 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB959426_0$\kernel32.dll
[-] 2004-08-17 . 98DA079F61265BC26D4587E280B79F30 . 982016 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2002-09-23 . B977278E24481FB1F0C11A1BD6B8F762 . 928768 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB917422_0$\kernel32.dll

[-] 2008-04-14 . 7FDE9FC15765E02B23E1756930165AD1 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 7FDE9FC15765E02B23E1756930165AD1 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 3E611531CC70649635FC890B421AECD0 . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . B5DE324E0F9AEBEC885ABF5DB6B2F73D . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2GDR\linkinfo.dll
[-] 2005-09-01 . B5DE324E0F9AEBEC885ABF5DB6B2F73D . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-17 . EE1F842DB2AE412136643B0814D770A6 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
[-] 2002-09-23 . 1D42E5A5211753D568921B97B4705EB3 . 15360 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB900725_0$\linkinfo.dll

[-] 2008-04-14 . C66BA7BD13C8FB8BEC4863B88641C763 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . C66BA7BD13C8FB8BEC4863B88641C763 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-17 . BFE8DC7AAE7CB1C86243D77B340DC304 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 . D165DFCB4EA452510E53416F573018BB . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . D165DFCB4EA452510E53416F573018BB . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . EC8D5E09C6CA5F52858A5EB71F308FDF . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2004-08-17 . 91CC3E4CCDBBF8E224182C76C87E454F . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-17 . AB47015B67531572BE46C0C08222C84C . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2002-09-23 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2002-09-23 . 1B2C477D8847E4123DD8761D2E9008F7 . 323072 . . [7.0.2600.1106] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll

[-] 2008-06-20 . 1289B7611CCD6CB27596AE92CBF03E35 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 1289B7611CCD6CB27596AE92CBF03E35 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 1289B7611CCD6CB27596AE92CBF03E35 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . B6CEC406351EA5EF131416D5F52D006F . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . A6E79B60AC73241E5721AB6A573D2B24 . 247296 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 37BABA5DBD9027837FDC27E5D6EF33E1 . 247296 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . AAC97DAB5F8A0573CF10E0EAC42A7724 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . AAC97DAB5F8A0573CF10E0EAC42A7724 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-17 . 64C078BD4EFD441C3F159EDC5EA4420A . 247296 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

[-] 2009-02-06 . 1F43B8C0F4C767FBED89711C30E704D9 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2009-02-06 . 1F43B8C0F4C767FBED89711C30E704D9 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . C2ED0E3408F50BBC149D4F0936E67832 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . C2ED0E3408F50BBC149D4F0936E67832 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-17 . 2591CADAEF7D2242039255028E577688 . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 . 9FA69781CAA7A1DA981A24F240A61A60 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 9FA69781CAA7A1DA981A24F240A61A60 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-17 . 134B95A1D8FAFD74A68E4B2116DEFA7D . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . 830CE8951C71F361D7D2F38416CC8BC1 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 830CE8951C71F361D7D2F38416CC8BC1 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-17 . 07119058D451CB7EA4317BCFDA8599A6 . 184832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 5EE949255BABC0B17C09DDB2E59E3878 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 5EE949255BABC0B17C09DDB2E59E3878 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-17 . 6CC2D21488333133AE0C9F44F6051CB7 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . BE4A520E29B6391F49E79CCC52044D93 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . BE4A520E29B6391F49E79CCC52044D93 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-17 . DFBA2915B0BF58ABB288CD4C9318CB3F . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . C2546CD7A398476F9DF5614B2AE160E8 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . C2546CD7A398476F9DF5614B2AE160E8 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 2EB5536278D697C5895A48514682BF64 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . 250241D65CCF692AEACC318A266413C2 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2GDR\tapisrv.dll
[-] 2005-07-08 . 250241D65CCF692AEACC318A266413C2 . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-17 . 37162D29CD61519E6F5EA0DE99786FF6 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 2002-09-23 . 9D06F732DA93A0F8F2E962097490C3A1 . 233984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893756_0$\tapisrv.dll

[-] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2005-03-02 . 3EF380290CE2CA8598E475CEAC4ADB13 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . 9267BC598E271BC3FA69F36CF1C8BD36 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2005-03-02 . 9267BC598E271BC3FA69F36CF1C8BD36 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-17 . 1B4CCC59980DA34E75F20E42B283B027 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2002-09-23 . 8A4AC21E2A55ECA66FBC5EDD40231845 . 560128 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB890859_0$\user32.dll

[-] 2008-04-14 . 7DC1830F22E7D275B438127B68030239 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . 7DC1830F22E7D275B438127B68030239 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-17 . 836F7960362FF95C5D49E40B891F2CFC . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 . 951D473917C51F21496D914CF6E5DDD1 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 951D473917C51F21496D914CF6E5DDD1 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2006-05-19 . 3F8C60A9CBE3BA6B163E51A4D4397090 . 70656 . . [5.1.2600.1847] . . c:\windows\$NtUninstallKB922819_0$\ws2_32.dll
[-] 2004-08-17 . 382E9B87F1282E697C67AF84E34E35E2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2002-09-23 . 748494B94A871A828C64D1D5C738D2B7 . 75264 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB914388_0$\ws2_32.dll

[-] 2008-04-14 . 859F7735F199C90403340183A3DDFB78 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 859F7735F199C90403340183A3DDFB78 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-17 . C2B86666FC44B48903AD6016D15A23DF . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll

[-] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-17 . 3CD57F31A64D32FDB28918B16D1E6AAC . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . 278A14BEDEF58687EAF8BEC056A78D8B . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . 278A14BEDEF58687EAF8BEC056A78D8B . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-17 . 93F75FF033BAA186D08115D73BFE3D32 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . EAA4BB9EDB3FB10CF8979FE65E63658F . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . EAA4BB9EDB3FB10CF8979FE65E63658F . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-17 . 9B835D4C64860B155A1701D5092EC9E4 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 2EE99F67C930931EB404DADCE57E976E . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 2EE99F67C930931EB404DADCE57E976E . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-17 . 6EB66066D5C0175320CFEA0A4C74C88F . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-17 . 5CA2E2BA624D6F2C7A581C91E70394CB . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . B927443008910B412BEC72FC41C1BAD0 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . B927443008910B412BEC72FC41C1BAD0 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2004-08-17 . 8BA76BD2A943F642F267A296A15776D2 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2002-09-23 . A032C51BB43F932509A73359C546B4A3 . 116224 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB885835_0$\shsvcs.dll

[-] 2008-04-14 . 8F31505484A190D5B22274708799F4EC . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 8F31505484A190D5B22274708799F4EC . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-17 . 5B21208FCF8970BB61FE98E19D828714 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 3FF232A7731621B8902D81D42418C93C . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 3FF232A7731621B8902D81D42418C93C . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-17 . 29AC93307C6182DBE336BCA314947F28 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . BECD5271DC4E3B7C3D035F790FCBC1E5 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . BECD5271DC4E3B7C3D035F790FCBC1E5 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-17 . 88C28F53F53438DAFCD95E99C837C61E . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . A75DD6FC3DBEE4FFF5EBC9F2C28BB66E . 295936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . A75DD6FC3DBEE4FFF5EBC9F2C28BB66E . 295936 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-17 . 2F5919F2F6EE7A845893D9C3AA2BC56A . 295936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 . 6B8E7A90E576D4FE308F97C69060A171 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . 6B8E7A90E576D4FE308F97C69060A171 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-17 . 421184F91EAE5C6E78E653C6B32AAE84 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2002-09-23 . AFDFF022A01F0B11C776F0860C3B282F . 11776 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 . 221CD1C815B8A6B79389C3F5D1018DE8 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 221CD1C815B8A6B79389C3F5D1018DE8 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-17 . 8B2FCBD881879B55BE40B41F12FFC431 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2008-04-14 03:21 . 6199B2AE3F9DB9CB6DB230471A1DC601 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-17 22:49 . E02E913B3841717A890A644EE167B9A5 . 52224 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll

[-] 2010-04-28 . 2FA1EF498F026847CF276DF9099ABE79 . 2069120 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-28 . E4D3DB21C20749B8776B3E2C4B880404 . 2068992 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-04-28 . E4D3DB21C20749B8776B3E2C4B880404 . 2068992 . . [5.1.2600.5973] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-04-28 . E4D3DB21C20749B8776B3E2C4B880404 . 2068992 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-02-17 . 7F87EDF3C7C626D336533D2580940A00 . 2065920 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntkrnlpa.exe
[-] 2010-02-16 . 27DE458FE1E1A618836ADB61873BC9E8 . 2060544 . . [5.1.2600.3670] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2010-02-16 . 6C31566C176BC28C7D73BC6332642A58 . 2068992 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe
[-] 2010-02-16 . 6C31566C176BC28C7D73BC6332642A58 . 2068992 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2010-02-16 . DCC3D91A3DEDBBA9ECFFA6028D872CF5 . 2069120 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-02-10 . D721665942F74CA7FF4162A0761CBB0A . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-10 . D721665942F74CA7FF4162A0761CBB0A . 2068224 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-02-09 . 73A13AA10E146A3E2B4AC6D007953A74 . 2059904 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB979683_0$\ntkrnlpa.exe
[-] 2009-02-09 . BB64DC108F8C4EE4D4B7998AA19E5FA7 . 2065152 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 . FF8A3F180A224AA27EBAB937CA027F4D . 2068352 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-04-14 . 4DEE41C45E803DB91A72FD1BA69C05EE . 2067968 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 . 4DEE41C45E803DB91A72FD1BA69C05EE . 2067968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2005-03-02 . 9355304DD565E23F8EE294720B2C03E5 . 2059008 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . E32780E8939338B80EDFF39E2314C223 . 2059008 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
[-] 2005-03-02 . E32780E8939338B80EDFF39E2314C223 . 2059008 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe
[-] 2004-08-17 . E86DD06F2B8F919DDF23F78A3BF2AA23 . 2059008 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2002-09-23 . 42D5A8CF5E356F48FB36E388B1D87E6E . 1947776 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB890859_0$\ntkrnlpa.exe

[-] 2008-04-14 03:21 . 023DD70573D644F3D9C8B1258A7BFD08 . 435712 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 03:21 . 023DD70573D644F3D9C8B1258A7BFD08 . 435712 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-17 22:49 . D8D2B13BA93AE830B1A637DF571D1195 . 435712 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 651BD90DCEE5B7BDC74A2EB7C9266F9E . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 651BD90DCEE5B7BDC74A2EB7C9266F9E . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2004-08-17 . 984FC1518B0D5B31D76F0E63608E0500 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll

[-] 2008-04-14 . 8E009E7AC012823845D5F39A77F4A27F . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 8E009E7AC012823845D5F39A77F4A27F . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-17 . 8ECC475F5BAD26DB85943F888D62E364 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll

[-] 2008-04-14 . 3B8AE11A3419DF8239183E94888702FA . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 3B8AE11A3419DF8239183E94888702FA . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-17 . A19F5837E52D57DB66D9DB55BFCC7796 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll

[-] 2008-04-14 . EDAD701F01FFD9B5799B8FCF1CF6BDA7 . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . EDAD701F01FFD9B5799B8FCF1CF6BDA7 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-17 . 0F9A5DD4503E82B085D8B1336B961A81 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll

[-] 2008-04-14 03:21 . 16C195EBC0A3EC35C48D0C2D9A346BAB . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 03:21 . 16C195EBC0A3EC35C48D0C2D9A346BAB . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-17 22:49 . 33F14F23DFAE4B43CDD4E535CD7C1963 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll

[-] 2008-04-14 . 1682285F7C0934C764A0EBBC568153CA . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . 1682285F7C0934C764A0EBBC568153CA . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-17 . 6C08FF4B76506676617E03C34ECCFB11 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll

[-] 2008-04-14 . 614F8186BDAB926E3B1D8927A4161B54 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . 614F8186BDAB926E3B1D8927A4161B54 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-17 . E472BDA53A4DCD2142143AF9FD25C99A . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll

[-] 2010-04-28 . EF1542C4875CAA34484A7BCB998B6BC4 . 2192128 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-04-28 . EF1542C4875CAA34484A7BCB998B6BC4 . 2192128 . . [5.1.2600.5973] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-04-28 . EF1542C4875CAA34484A7BCB998B6BC4 . 2192128 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-04-28 . 91FE668957FF51A2DBCEE0D8637BA77E . 2192256 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-17 . 4E8268B816B2D27E711A688D6FD0E319 . 2192128 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe
[-] 2010-02-17 . 4E8268B816B2D27E711A688D6FD0E319 . 2192128 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2010-02-16 . F24D47F956B2527F8771E38AFE750743 . 2183552 . . [5.1.2600.3670] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2010-02-16 . AEDD2FE6BEC6FB4E3B25DB1E15C97560 . 2189056 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntoskrnl.exe
[-] 2010-02-16 . 6B2312D847BA95F4E858CB4C3B5F51E1 . 2192256 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-02-10 . 97480EBFE1D4B547657BAD75AAAB1325 . 2191360 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . DF530FCAD41349C92945DF52EBA9F3E4 . 2182656 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB979683_0$\ntoskrnl.exe
[-] 2009-02-09 . C424407DDD99223BF3248044CBBE91F6 . 2188288 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2009-02-09 . F48662F55CD8DDD4DBBBCB69DE197725 . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-09 . F48662F55CD8DDD4DBBBCB69DE197725 . 2191232 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2008-04-14 . C1536014AC1CB1D5397E31D9735E6571 . 2191104 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-14 . C1536014AC1CB1D5397E31D9735E6571 . 2191104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2005-03-02 . 7FABE135EAC02A4BC8094B831ADC0CC3 . 2181632 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . B0DAE70164CC79D1289EF3530A3646F1 . 2181504 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
[-] 2005-03-02 . B0DAE70164CC79D1289EF3530A3646F1 . 2181504 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe
[-] 2004-08-17 . 12C80E46DCEC9B82473D1B1B9DA1F16B . 2183168 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2002-09-23 . 21CDBE74E5C5F435B6C27DDA1BD27B34 . 2042112 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB890859_0$\ntoskrnl.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reset"="regedit" [X]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-11-17 348249]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-11-22 2216960]
"WinOverBoost"="c:\program files\WinOverBoost\wob2.exe" [2004-03-20 119808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^0e6qq6c.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\0e6qq6c.exe
backup=c:\windows\pss\0e6qq6c.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^0lhcc6o.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\0lhcc6o.exe
backup=c:\windows\pss\0lhcc6o.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^1cyytka.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\1cyytka.exe
backup=c:\windows\pss\1cyytka.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^3qqlccn.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\3qqlccn.exe
backup=c:\windows\pss\3qqlccn.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^6mm70tp.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\6mm70tp.exe
backup=c:\windows\pss\6mm70tp.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^a3ccxoojalg.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\a3ccxoojalg.exe
backup=c:\windows\pss\a3ccxoojalg.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^aa6mm6yy6.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\aa6mm6yy6.exe
backup=c:\windows\pss\aa6mm6yy6.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^bhxy0o3aa3.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\bhxy0o3aa3.exe
backup=c:\windows\pss\bhxy0o3aa3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^cy726qvl.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\cy726qvl.exe
backup=c:\windows\pss\cy726qvl.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^effwrriddu.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\effwrriddu.exe
backup=c:\windows\pss\effwrriddu.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^hcc6ojk6gg6.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\hcc6ojk6gg6.exe
backup=c:\windows\pss\hcc6ojk6gg6.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^hndezzqvlh.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\hndezzqvlh.exe
backup=c:\windows\pss\hndezzqvlh.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^jek5l0hn.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\jek5l0hn.exe
backup=c:\windows\pss\jek5l0hn.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^jpk1gccxoo.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\jpk1gccxoo.exe
backup=c:\windows\pss\jpk1gccxoo.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^k6ww6ii6.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\k6ww6ii6.exe
backup=c:\windows\pss\k6ww6ii6.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^kk6ww6ii6.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\kk6ww6ii6.exe
backup=c:\windows\pss\kk6ww6ii6.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^kv26snnezz.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\kv26snnezz.exe
backup=c:\windows\pss\kv26snnezz.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^lccxooja.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\lccxooja.exe
backup=c:\windows\pss\lccxooja.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^lccxoojk6gg.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\lccxoojk6gg.exe
backup=c:\windows\pss\lccxoojk6gg.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^lhxxtjjpvb.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\lhxxtjjpvb.exe
backup=c:\windows\pss\lhxxtjjpvb.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^mm3yy6kk6.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\mm3yy6kk6.exe
backup=c:\windows\pss\mm3yy6kk6.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^mm5n0o0a.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\mm5n0o0a.exe
backup=c:\windows\pss\mm5n0o0a.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^pq0mms5y.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\pq0mms5y.exe
backup=c:\windows\pss\pq0mms5y.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^q60c3oo3aa.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\q60c3oo3aa.exe
backup=c:\windows\pss\q60c3oo3aa.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^q6cc6ojk.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\q6cc6ojk.exe
backup=c:\windows\pss\q6cc6ojk.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^qmmhyytkkf.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\qmmhyytkkf.exe
backup=c:\windows\pss\qmmhyytkkf.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^r1iytkffb.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\r1iytkffb.exe
backup=c:\windows\pss\r1iytkffb.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^tpffwrridd.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\tpffwrridd.exe
backup=c:\windows\pss\tpffwrridd.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^u9q1miiduu.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\u9q1miiduu.exe
backup=c:\windows\pss\u9q1miiduu.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^ufbww6ii.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\ufbww6ii.exe
backup=c:\windows\pss\ufbww6ii.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^w60i3upv.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\w60i3upv.exe
backup=c:\windows\pss\w60i3upv.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^wrc3oo70ll.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\wrc3oo70ll.exe
backup=c:\windows\pss\wrc3oo70ll.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^ze6qq6cc.exe]
path=c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\ze6qq6cc.exe
backup=c:\windows\pss\ze6qq6cc.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinOverBoost]
2004-03-20 17:16 119808 ----a-w- c:\program files\WinOverBoost\wob2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\Distributed.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.8.2010 15:32 691696]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [22.11.2010 18:55 142592]
S2 DistributedAgentServices;DistributedAgentServices;c:\windows\system32\spool\drivers\Distributed.exe [5.12.2010 23:34 117732]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.7.2010 19:53 135664]
S2 nlvfzcis;nlvfzcis;c:\windows\system32\drivers\nlvfzcis.sys [30.11.2010 13:34 82944]
S2 r1d4yrbuv130y4do;AOL Antivirus Update Service;c:\documents and settings\Evča\Data aplikací\Microsoft\joreb.exe --> c:\documents and settings\Evča\Data aplikací\Microsoft\joreb.exe [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-25 18:52]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-25 18:52]

2010-12-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator.EVCA\Data aplikací\Mozilla\Firefox\Profiles\xencptp7.default\
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Administrator.EVCA\Data aplikací\Mozilla\Firefox\Profiles\xencptp7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-sebunni - c:\windows\system32\mynak.exe
SafeBoot-aoeyyxqn.sys
SafeBoot-gzrjgxsu
SafeBoot-nlvfzcis
SafeBoot-zuhcrkzd
MSConfigStartUp-Seznam Postak - c:\program files\Seznam.cz\postak.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-06 23:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-12-07 00:02:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-06 23:02

Před spuštěním: Volných bajtů: 26 448 125 952
Po spuštění: Volných bajtů: 26 371 641 344

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - A00441715F601EAC0B3306F031E0E0D0

Re: Zasekaný NTB

Napsal: 07 pro 2010 00:18
od vyosek
:arrow: Stahnete OTM (viz muj podpis)
  • Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

  • Kód: Vybrat vše

    :commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CREATERESTOREPOINT]

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reset"=-
"SpywareTerminator"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^0e6qq6c.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^0lhcc6o.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^1cyytka.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^3qqlccn.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^6mm70tp.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^a3ccxoojalg.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^aa6mm6yy6.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^bhxy0o3aa3.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^cy726qvl.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^effwrriddu.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^hcc6ojk6gg6.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^hndezzqvlh.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^jek5l0hn.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^jpk1gccxoo.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^k6ww6ii6.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^kk6ww6ii6.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^kv26snnezz.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^lccxooja.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^lccxoojk6gg.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^lhxxtjjpvb.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^mm3yy6kk6.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^mm5n0o0a.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^pq0mms5y.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^q60c3oo3aa.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^q6cc6ojk.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^qmmhyytkkf.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^r1iytkffb.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^tpffwrridd.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^u9q1miiduu.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^ufbww6ii.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^w60i3upv.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^wrc3oo70ll.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^ze6qq6cc.exe]

:services
nlvfzcis
r1d4yrbuv130y4do
DistributedAgentServices

:files
c:\documents and settings\All Users\Data aplikací\xml5.tmp
c:\documents and settings\All Users\Data aplikací\xml4.tmp
c:\documents and settings\All Users\Data aplikací\xml3.tmp
c:\windows\system32\drivers\Tci18.sys
c:\windows\system32\drivers\nlvfzcis.sys
C:\cy.exe
C:\WebHD.exe
C:\win22.exe
C:\winn27.exe
C:\winnt7.exe
C:\jshd.exe
c:\windows\system32\spool\drivers\Distributed.exe
c:\documents and settings\Evča\Data aplikací\Microsoft\joreb.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\*.exe
c:\windows\pss\*.exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
  • Kliknete na cervene tlacitko MoveIt!
  • Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: Zasekaný NTB

Napsal: 07 pro 2010 09:31
od jaboos
All processes killed
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 185852179 bytes
->Temporary Internet Files folder emptied: 202781 bytes

User: Administrator.EVCA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 29274728 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Evča

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1158771 bytes
%systemroot%\System32 .tmp files removed: 1262536 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 124496 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 208,00 mb

Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\reset deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminator deleted successfully.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^0e6qq6c.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^0lhcc6o.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^1cyytka.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^3qqlccn.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^6mm70tp.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^a3ccxoojalg.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^aa6mm6yy6.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^bhxy0o3aa3.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^cy726qvl.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^effwrriddu.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^hcc6ojk6gg6.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^hndezzqvlh.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^jek5l0hn.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^jpk1gccxoo.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^k6ww6ii6.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^kk6ww6ii6.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^kv26snnezz.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^lccxooja.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^lccxoojk6gg.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^lhxxtjjpvb.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^mm3yy6kk6.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^mm5n0o0a.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^pq0mms5y.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^q60c3oo3aa.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^q6cc6ojk.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^qmmhyytkkf.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^r1iytkffb.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^tpffwrridd.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^u9q1miiduu.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^ufbww6ii.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^w60i3upv.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^wrc3oo70ll.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^ze6qq6cc.exe\ not found.
========== SERVICES/DRIVERS ==========
Service nlvfzcis stopped successfully!
Service nlvfzcis deleted successfully!
Service r1d4yrbuv130y4do stopped successfully!
Service r1d4yrbuv130y4do deleted successfully!
Service DistributedAgentServices stopped successfully!
Service DistributedAgentServices deleted successfully!
========== FILES ==========
c:\documents and settings\All Users\Data aplikací\xml5.tmp moved successfully.
c:\documents and settings\All Users\Data aplikací\xml4.tmp moved successfully.
c:\documents and settings\All Users\Data aplikací\xml3.tmp moved successfully.
c:\windows\system32\drivers\Tci18.sys moved successfully.
File move failed. c:\windows\system32\drivers\nlvfzcis.sys scheduled to be moved on reboot.
C:\cy.exe moved successfully.
C:\WebHD.exe moved successfully.
C:\win22.exe moved successfully.
C:\winn27.exe moved successfully.
C:\winnt7.exe moved successfully.
C:\jshd.exe moved successfully.
c:\windows\system32\spool\drivers\Distributed.exe moved successfully.
File/Folder c:\documents and settings\Evča\Data aplikací\Microsoft\joreb.exe not found.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
File/Folder c:\documents and settings\Evča\Nabídka Start\Programy\Po spuštění\*.exe not found.
File move failed. c:\windows\pss\0e6qq6c.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\0lhcc6o.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\1cyytka.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\3qqlccn.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\6mm70tp.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\a3ccxoojalg.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\aa6mm6yy6.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\bhxy0o3aa3.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\cy726qvl.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\effwrriddu.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\hcc6ojk6gg6.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\hndezzqvlh.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\jek5l0hn.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\jpk1gccxoo.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\k6ww6ii6.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\kk6ww6ii6.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\kv26snnezz.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\lccxooja.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\lccxoojk6gg.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\lhxxtjjpvb.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\mm3yy6kk6.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\mm5n0o0a.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\pq0mms5y.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\q60c3oo3aa.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\q6cc6ojk.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\qmmhyytkkf.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\r1iytkffb.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\tpffwrridd.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\u9q1miiduu.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\ufbww6ii.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\w60i3upv.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\wrc3oo70ll.exeStartup scheduled to be moved on reboot.
File move failed. c:\windows\pss\ze6qq6cc.exeStartup scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15B.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP238.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP26F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP344.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB5.tmp folder moved successfully.

OTM by OldTimer - Version 3.1.17.2 log created on 12072010_092150

Files moved on Reboot...
File move failed. c:\windows\system32\drivers\nlvfzcis.sys scheduled to be moved on reboot.
c:\windows\pss\0e6qq6c.exeStartup moved successfully.
c:\windows\pss\0lhcc6o.exeStartup moved successfully.
c:\windows\pss\1cyytka.exeStartup moved successfully.
c:\windows\pss\3qqlccn.exeStartup moved successfully.
c:\windows\pss\6mm70tp.exeStartup moved successfully.
c:\windows\pss\a3ccxoojalg.exeStartup moved successfully.
c:\windows\pss\aa6mm6yy6.exeStartup moved successfully.
c:\windows\pss\bhxy0o3aa3.exeStartup moved successfully.
c:\windows\pss\cy726qvl.exeStartup moved successfully.
c:\windows\pss\effwrriddu.exeStartup moved successfully.
c:\windows\pss\hcc6ojk6gg6.exeStartup moved successfully.
c:\windows\pss\hndezzqvlh.exeStartup moved successfully.
c:\windows\pss\jek5l0hn.exeStartup moved successfully.
c:\windows\pss\jpk1gccxoo.exeStartup moved successfully.
c:\windows\pss\k6ww6ii6.exeStartup moved successfully.
c:\windows\pss\kk6ww6ii6.exeStartup moved successfully.
c:\windows\pss\kv26snnezz.exeStartup moved successfully.
c:\windows\pss\lccxooja.exeStartup moved successfully.
c:\windows\pss\lccxoojk6gg.exeStartup moved successfully.
c:\windows\pss\lhxxtjjpvb.exeStartup moved successfully.
c:\windows\pss\mm3yy6kk6.exeStartup moved successfully.
c:\windows\pss\mm5n0o0a.exeStartup moved successfully.
c:\windows\pss\pq0mms5y.exeStartup moved successfully.
c:\windows\pss\q60c3oo3aa.exeStartup moved successfully.
c:\windows\pss\q6cc6ojk.exeStartup moved successfully.
c:\windows\pss\qmmhyytkkf.exeStartup moved successfully.
c:\windows\pss\r1iytkffb.exeStartup moved successfully.
c:\windows\pss\tpffwrridd.exeStartup moved successfully.
c:\windows\pss\u9q1miiduu.exeStartup moved successfully.
c:\windows\pss\ufbww6ii.exeStartup moved successfully.
c:\windows\pss\w60i3upv.exeStartup moved successfully.
c:\windows\pss\wrc3oo70ll.exeStartup moved successfully.
c:\windows\pss\ze6qq6cc.exeStartup moved successfully.

Registry entries deleted on Reboot...

Re: Zasekaný NTB

Napsal: 07 pro 2010 09:39
od vyosek
:arrow: Stahnete Avenger (viz muj podpis)
  • Pokud pouzivate Win Vista ci W7, kliknete na Avenger pravym a dejte Run As Administrator ci Spustit jako spravce
  • Po spusteni Vas program upozorni, ze vse co delate, delate na vlastni riziko - Dejte OK
  • Po potvrzeni uz na Vas koukne hlavni okno, kam vlozite skript, ktery mate nize

  • Kód: Vybrat vše

    Files to delete:
c:\windows\system32\drivers\nlvfzcis.sys
  • Do ctverecku u Scan for rootkits a Automatically disable any rootkits found dejte fajecku
  • Nyni uz kliknete na Execute a potvrdte Yes v nasledujicim okne - timto potvrdite spusteni skriptu
  • Na otazku Reboot now odpovezte opet OK - timto se PC restartuje
  • Po restartu by se mel otevrit poznamkovy blok s logem a jeho obsah vlozte sem. Pokud se tak nestane, naleznete pozadovany dokument v C:\avenger.txt

Re: Zasekaný NTB

Napsal: 07 pro 2010 09:52
od jaboos
Přikládám log. Jo a při restartu mi vyskočila modrá obrazovka s nápisem - Byly zjištěny potíže a systém windows byl ukončen, aby nedošlo k poškození pc. BAD_POLL_CALLER



Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\drivers\nlvfzcis.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Re: Zasekaný NTB

Napsal: 07 pro 2010 09:55
od vyosek
:arrow: Ono to totiz vypada na naboreny system :o

:arrow: Nyni zkuste naistalovat antivir - nejlepe Avast http://www.avast.com/cs-cz/free-antivirus-download at je tam nejaka ochrana a pujdem dale...

Re: Zasekaný NTB

Napsal: 07 pro 2010 09:57
od vyosek
Ale taktez mohl byt ten pad do BSOD zpusoben nejakym ovladacem nebo spatonu RAM pameti...

Re: Zasekaný NTB

Napsal: 07 pro 2010 10:03
od jaboos
Avast nainstalován. Co dál?

Re: Zasekaný NTB

Napsal: 07 pro 2010 10:04
od vyosek
Poprosim o novy log z RSIT

Re: Zasekaný NTB

Napsal: 07 pro 2010 10:09
od jaboos
Logfile of random's system information tool 1.08 (written by random/random)
Run by Evča at 2010-12-07 10:07:24
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 25 GB (33%) free of 76 GB
Total RAM: 447 MB (5% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:08:13, on 7.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\WinOverBoost\wob2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Evča\Data aplikací\Microsoft\mynak.exe
C:\documents and settings\evča\wuaucldt.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Evča\Data aplikací\QipGuard\QipGuard.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Alwil Software\Avast5\setup\avast.setup
C:\Documents and Settings\Evča\Plocha\RSIT.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\trend micro\Evča.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by QIP.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [WinOverBoost] C:\Program Files\WinOverBoost\wob2.exe
O4 - HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [sebunni] C:\WINDOWS\system32\mynak.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA driver monitor] C:\WINDOWS\nvsvc32.exe
O4 - HKCU\..\Run: [sebunni] C:\Documents and Settings\Evča\Data aplikací\Microsoft\mynak.exe
O4 - HKCU\..\Run: [wuaucldt] c:\documents and settings\evča\wuaucldt.exe
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\Evča\ymhgd.exe \u
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\Evča\Data aplikací\QipGuard\QipGuard.exe
O4 - HKCU\..\Run: [Windows Firewall] C:\DOCUME~1\EVA~1\LOCALS~1\Temp\lsass.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: 0ffwrrn.exe
O4 - Startup: 0g70ddu.exe
O4 - Startup: 0hi0eez.exe
O4 - Startup: 0uvw0xx.exe
O4 - Startup: 0vbbhc6.exe
O4 - Startup: 0yytkkf.exe
O4 - Startup: 1miiduu.exe
O4 - Startup: 1rmnii1.exe
O4 - Startup: 25zfglm.exe
O4 - Startup: 2too6aa.exe
O4 - Startup: 2vqq6cc.exe
O4 - Startup: 38uk52m.exe
O4 - Startup: 3eezqql.exe
O4 - Startup: 3n0jzzq.exe
O4 - Startup: 3yytkkf.exe
O4 - Startup: 5lhcdi8.exe
O4 - Startup: 6cc6oo6.exe
O4 - Startup: 6uu6gg6.exe
O4 - Startup: 6ww6ii6.exe
O4 - Startup: 70bxss6.exe
O4 - Startup: 70mmcs0.exe
O4 - Startup: 870bxxy.exe
O4 - Startup: 9cxxooj.exe
O4 - Startup: 9m1ieez.exe
O4 - Startup: 9oz66b0.exe
O4 - Startup: a70bxxy70.exe
O4 - Startup: aa3mhn0jjpv.exe
O4 - Startup: awwrc3ou70.exe
O4 - Startup: bc3idj0ffw.exe
O4 - Startup: bc70dzuu6g.exe
O4 - Startup: bc70i1e3gg.exe
O4 - Startup: bssneezq.exe
O4 - Startup: bww6ii6uu6g.exe
O4 - Startup: bxntoo6aa6.exe
O4 - Startup: c6oo6aa6.exe
O4 - Startup: c70dzuu6g.exe
O4 - Startup: cyytkkfwwr.exe
O4 - Startup: ddzpplbbxid.exe
O4 - Startup: do3aa6cx.exe
O4 - Startup: e9a1wssnee.exe
O4 - Startup: ee5f0bbsnn.exe
O4 - Startup: f0cc1yuupgl.exe
O4 - Startup: ffbrrndttkk.exe
O4 - Startup: fg70hsi9e1.exe
O4 - Startup: flm09oo5.exe
O4 - Startup: fvvmrs0i.exe
O4 - Startup: g6ss6ee6.exe
O4 - Startup: gb081itupv9.exe
O4 - Startup: hdotpkk6.exe
O4 - Startup: hyytkkfwwri.exe
O4 - Startup: i1eaavmm.exe
O4 - Startup: jaavmmx26ue.exe
O4 - Startup: jfvvrhhd.exe
O4 - Startup: jupkqbhhdi8.exe
O4 - Startup: k1gccxoo.exe
O4 - Startup: k1gccxooja.exe
O4 - Startup: k3mmhddzppl.exe
O4 - Startup: kk6mrs0i7.exe
O4 - Startup: kkfwwriidu.exe
O4 - Startup: l0rnii6uu.exe
O4 - Startup: l69c1yuup.exe
O4 - Startup: lbbxnnjz.exe
O4 - Startup: lbcdi81u.exe
O4 - Startup: lccxooj2lgg.exe
O4 - Startup: lgmh1iy0zpv.exe
O4 - Startup: lq81cnojza.exe
O4 - Startup: m0iiduupgg.exe
O4 - Startup: mc3ou70vrm.exe
O4 - Startup: mhddzpplbb.exe
O4 - Startup: miiduupggb.exe
O4 - Startup: mm6yy6kk6.exe
O4 - Startup: msneezqv.exe
O4 - Startup: nee5abwcc60.exe
O4 - Startup: nnjzzvllhxx.exe
O4 - Startup: ny3kk70r.exe
O4 - Startup: nyuz66b0hd.exe
O4 - Startup: oe052ms5.exe
O4 - Startup: pkk1g9c1yuu.exe
O4 - Startup: pkk860iid.exe
O4 - Startup: plbbx2to.exe
O4 - Startup: plgg6idd.exe
O4 - Startup: q1miiduu.exe
O4 - Startup: q81s5e1uva3.exe
O4 - Startup: qg60dtj5qql.exe
O4 - Startup: qlccxooj.exe
O4 - Startup: qq6cc1y0a.exe
O4 - Startup: rhhdttpf.exe
O4 - Startup: riiduupg.exe
O4 - Startup: rns3ee3qq3.exe
O4 - Startup: s9o1kggbss.exe
O4 - Startup: toe6qvrmm.exe
O4 - Startup: too6aa6mm6y.exe
O4 - Startup: tu0vbww6.exe
O4 - Startup: u1qmmhyytk.exe
O4 - Startup: v0bxss6ee.exe
O4 - Startup: vllhxxoj.exe
O4 - Startup: vqq6cc6oo6a.exe
O4 - Startup: vvrhhdttpff.exe
O4 - Startup: vwrcdy3upf.exe
O4 - Startup: wm9i1eaavmm.exe
O4 - Startup: wriiduupgg.exe
O4 - Startup: wssneezqql.exe
O4 - Startup: wwriiduu.exe
O4 - Startup: xoojaavm.exe
O4 - Startup: xs1okkfwwr.exe
O4 - Startup: xsjz366b0h.exe
O4 - Startup: xxi3kkfwwh2.exe
O4 - Startup: xxt2pkk1g9c.exe
O4 - Startup: y1uqqlcc.exe
O4 - Startup: y3aavmmhyyt.exe
O4 - Startup: y6kk860i.exe
O4 - Startup: y70zvqq6c.exe
O4 - Startup: yee3qw70xto.exe
O4 - Startup: yupqbr26oj.exe
O4 - Startup: yy3kk70rnii.exe
O4 - Startup: yytkkfww.exe
O4 - Startup: zupv0rrnd.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O9 - Extra button: QIP Infium - {B6F99757-B225-4C57-9FB4-75E9FE7E8C4F} - C:\Program Files\QIP Infium\infium.exe (file missing) (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\System32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: AOL Antivirus Update Service (r1d4yrbuv130y4do) - Unknown owner - C:\Documents and Settings\Evča\Data aplikací\Microsoft\joreb.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 11047 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ACU"=C:\Program Files\Atheros\ACU.exe [2006-11-17 348249]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-10-14 110592]
"WinOverBoost"=C:\Program Files\WinOverBoost\wob2.exe [2004-03-20 119808]
"wuaucldt"=c:\windows\system32\wuaucldt.exe []
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"sebunni"=C:\WINDOWS\system32\mynak.exe [2010-11-10 201216]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe []
"sebunni"=C:\Documents and Settings\Evča\Data aplikací\Microsoft\mynak.exe [2010-11-10 201216]
"wuaucldt"=c:\documents and settings\evča\wuaucldt.exe [2010-11-22 33280]
"MSConfig"=C:\Documents and Settings\Evča\ymhgd.exe [2010-11-23 18432]
"QIP Internet Guardian"=C:\Documents and Settings\Evča\Data aplikací\QipGuard\QipGuard.exe [2010-06-09 187904]
"Windows Firewall"=C:\DOCUME~1\EVA~1\LOCALS~1\Temp\lsass.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinOverBoost]
C:\Program Files\WinOverBoost\wob2.exe [2004-03-20 119808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^0e6qq6c.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\0e6qq6c.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^0lhcc6o.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\0lhcc6o.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^1cyytka.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\1cyytka.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^3qqlccn.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\3qqlccn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^6mm70tp.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\6mm70tp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^a3ccxoojalg.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\a3ccxoojalg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^aa6mm6yy6.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\aa6mm6yy6.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^bhxy0o3aa3.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\bhxy0o3aa3.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^cy726qvl.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\cy726qvl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^effwrriddu.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\effwrriddu.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^hcc6ojk6gg6.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\hcc6ojk6gg6.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^hndezzqvlh.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\hndezzqvlh.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^jek5l0hn.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\jek5l0hn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^jpk1gccxoo.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\jpk1gccxoo.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^k6ww6ii6.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\k6ww6ii6.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^kk6ww6ii6.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\kk6ww6ii6.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^kv26snnezz.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\kv26snnezz.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^lccxooja.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\lccxooja.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^lccxoojk6gg.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\lccxoojk6gg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^lhxxtjjpvb.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\lhxxtjjpvb.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^mm3yy6kk6.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\mm3yy6kk6.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^mm5n0o0a.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\mm5n0o0a.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^pq0mms5y.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\pq0mms5y.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^q60c3oo3aa.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\q60c3oo3aa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^q6cc6ojk.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\q6cc6ojk.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^qmmhyytkkf.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\qmmhyytkkf.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^r1iytkffb.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\r1iytkffb.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^tpffwrridd.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\tpffwrridd.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^u9q1miiduu.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\u9q1miiduu.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^ufbww6ii.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\ufbww6ii.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^w60i3upv.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\w60i3upv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^wrc3oo70ll.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\wrc3oo70ll.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^ze6qq6cc.exe]
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\ze6qq6cc.exe []

C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění
0ffwrrn.exe
0g70ddu.exe
0hi0eez.exe
0uvw0xx.exe
0vbbhc6.exe
0yytkkf.exe
1miiduu.exe
1rmnii1.exe
25zfglm.exe
2too6aa.exe
2vqq6cc.exe
38uk52m.exe
3eezqql.exe
3n0jzzq.exe
3yytkkf.exe
5lhcdi8.exe
6cc6oo6.exe
6uu6gg6.exe
6ww6ii6.exe
70bxss6.exe
70mmcs0.exe
870bxxy.exe
9cxxooj.exe
9m1ieez.exe
9oz66b0.exe
a70bxxy70.exe
aa3mhn0jjpv.exe
awwrc3ou70.exe
bc3idj0ffw.exe
bc70dzuu6g.exe
bc70i1e3gg.exe
bssneezq.exe
bww6ii6uu6g.exe
bxntoo6aa6.exe
c6oo6aa6.exe
c70dzuu6g.exe
cyytkkfwwr.exe
ddzpplbbxid.exe
do3aa6cx.exe
e9a1wssnee.exe
ee5f0bbsnn.exe
f0cc1yuupgl.exe
ffbrrndttkk.exe
fg70hsi9e1.exe
flm09oo5.exe
fvvmrs0i.exe
g6ss6ee6.exe
gb081itupv9.exe
hdotpkk6.exe
hyytkkfwwri.exe
i1eaavmm.exe
jaavmmx26ue.exe
jfvvrhhd.exe
jupkqbhhdi8.exe
k1gccxoo.exe
k1gccxooja.exe
k3mmhddzppl.exe
kk6mrs0i7.exe
kkfwwriidu.exe
l0rnii6uu.exe
l69c1yuup.exe
lbbxnnjz.exe
lbcdi81u.exe
lccxooj2lgg.exe
lgmh1iy0zpv.exe
lq81cnojza.exe
m0iiduupgg.exe
mc3ou70vrm.exe
mhddzpplbb.exe
miiduupggb.exe
mm6yy6kk6.exe
msneezqv.exe
nee5abwcc60.exe
nnjzzvllhxx.exe
ny3kk70r.exe
nyuz66b0hd.exe
oe052ms5.exe
pkk1g9c1yuu.exe
pkk860iid.exe
plbbx2to.exe
plgg6idd.exe
q1miiduu.exe
q81s5e1uva3.exe
qg60dtj5qql.exe
qlccxooj.exe
qq6cc1y0a.exe
rhhdttpf.exe
riiduupg.exe
rns3ee3qq3.exe
s9o1kggbss.exe
toe6qvrmm.exe
too6aa6mm6y.exe
tu0vbww6.exe
u1qmmhyytk.exe
v0bxss6ee.exe
vllhxxoj.exe
vqq6cc6oo6a.exe
vvrhhdttpff.exe
vwrcdy3upf.exe
wm9i1eaavmm.exe
wriiduupgg.exe
wssneezqql.exe
wwriiduu.exe
xoojaavm.exe
xs1okkfwwr.exe
xsjz366b0h.exe
xxi3kkfwwh2.exe
xxt2pkk1g9c.exe
y1uqqlcc.exe
y3aavmmhyyt.exe
y6kk860i.exe
y70zvqq6c.exe
yee3qw70xto.exe
yupqbr26oj.exe
yy3kk70rnii.exe
yytkkfww.exe
zupv0rrnd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-07-04 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nlvfzcis]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vniuvsrq.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nlvfzcis]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vniuvsrq.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\WINDOWS\system32\spool\drivers\Distributed.exe"="C:\WINDOWS\system32\spool\drivers\Distributed.exe:*:Enabled:BWProxyClient"
"C:\WINDOWS\System32\svchost.exe"="C:\WINDOWS\System32\svchost.exe:*:Enabled:Microsoft Office"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-12-07 10:01:44 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-12-07 10:01:44 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-12-07 10:01:43 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-12-07 10:01:42 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-12-07 10:01:40 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-12-07 10:01:40 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-12-07 10:01:39 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-12-07 10:01:15 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-12-07 10:00:53 ----D---- C:\Program Files\Alwil Software
2010-12-07 10:00:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-12-07 09:47:52 ----D---- C:\Avenger
2010-12-07 09:47:51 ----A---- C:\avenger.txt
2010-12-07 09:26:08 ----A---- C:\WINDOWS\system32\drivers\vniuvsrq.sys
2010-12-07 09:24:42 ----A---- C:\WINDOWS\system32\drivers\wcscd.sys
2010-12-07 09:23:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-07 09:21:54 ----SHD---- C:\RECYCLER
2010-12-07 09:21:50 ----D---- C:\_OTM
2010-12-07 00:02:28 ----AD---- C:\WINDOWS\temp
2010-12-07 00:02:26 ----A---- C:\ComboFix.txt
2010-12-06 23:37:27 ----A---- C:\Boot.bak
2010-12-06 23:37:22 ----RASHD---- C:\cmdcons
2010-12-06 23:36:09 ----A---- C:\WINDOWS\zip.exe
2010-12-06 23:36:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-12-06 23:36:09 ----A---- C:\WINDOWS\SWSC.exe
2010-12-06 23:36:09 ----A---- C:\WINDOWS\SWREG.exe
2010-12-06 23:36:09 ----A---- C:\WINDOWS\sed.exe
2010-12-06 23:36:09 ----A---- C:\WINDOWS\PEV.exe
2010-12-06 23:36:09 ----A---- C:\WINDOWS\NIRCMD.exe
2010-12-06 23:36:09 ----A---- C:\WINDOWS\MBR.exe
2010-12-06 23:36:09 ----A---- C:\WINDOWS\grep.exe
2010-12-06 23:35:59 ----D---- C:\WINDOWS\ERDNT
2010-12-06 23:35:40 ----D---- C:\Qoobox
2010-12-06 23:34:45 ----A---- C:\WINDOWS\ntbtlog.txt
2010-12-06 23:18:16 ----D---- C:\Program Files\trend micro
2010-12-06 23:18:15 ----D---- C:\rsit
2010-12-06 07:00:39 ----A---- C:\WINDOWS\system32\mynak.exe
2010-12-01 09:42:21 ----A---- C:\_srvlog.txt
2010-11-23 18:53:35 ----D---- C:\Documents and Settings\Evča\Data aplikací\QipGuard
2010-11-23 18:36:43 ----D---- C:\WINDOWS\Minidump
2010-11-23 16:13:53 ----HDC---- C:\WINDOWS\ie8
2010-11-23 16:10:02 ----D---- C:\Program Files\QIP
2010-11-22 18:55:45 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2010-11-22 18:55:33 ----D---- C:\Documents and Settings\Evča\Data aplikací\Spyware Terminator
2010-11-22 18:55:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-11-22 18:55:03 ----D---- C:\Program Files\Spyware Terminator
2010-11-22 18:40:17 ----D---- C:\WINDOWS\pss
2010-11-22 18:03:15 ----SHD---- C:\WINDOWS\CSC
2010-11-22 17:31:03 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-11-22 17:30:56 ----D---- C:\Program Files\CleanMyPC
2010-11-22 16:22:29 ----RA---- C:\Documents and Settings\Evča\Data aplikací\k6jLC.txt
2010-11-22 16:22:28 ----RA---- C:\Documents and Settings\Evča\Data aplikací\BG0Ai.txt
2010-11-10 09:00:44 ----RSH---- C:\Documents and Settings\Evča\Data aplikací\juzjf.exe

======List of files/folders modified in the last 1 months======

2010-12-07 10:08:05 ----SD---- C:\Documents and Settings\Evča\Data aplikací\Microsoft
2010-12-07 10:01:44 ----D---- C:\WINDOWS\system32\drivers
2010-12-07 10:01:31 ----SHD---- C:\WINDOWS\Installer
2010-12-07 10:01:30 ----D---- C:\WINDOWS\WinSxS
2010-12-07 10:01:16 ----D---- C:\WINDOWS
2010-12-07 10:01:15 ----D---- C:\WINDOWS\system32
2010-12-07 10:00:53 ----D---- C:\Program Files
2010-12-07 09:22:01 ----SD---- C:\WINDOWS\Tasks
2010-12-07 09:21:51 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-07 00:00:15 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-06 23:58:04 ----A---- C:\WINDOWS\system.ini
2010-12-06 23:44:29 ----D---- C:\WINDOWS\system32\config
2010-12-06 23:43:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-06 23:41:14 ----D---- C:\WINDOWS\AppPatch
2010-12-06 23:41:08 ----D---- C:\Program Files\Common Files
2010-12-06 23:37:27 ----RASH---- C:\boot.ini
2010-12-06 23:24:46 ----D---- C:\WINDOWS\Debug
2010-12-06 23:15:02 ----D---- C:\Program Files\The Matrix Reloaded
2010-12-05 23:26:15 ----D---- C:\WINDOWS\Prefetch
2010-11-27 22:43:34 ----HD---- C:\WINDOWS\inf
2010-11-23 18:07:22 ----D---- C:\WINDOWS\Media
2010-11-23 18:07:22 ----D---- C:\WINDOWS\Help
2010-11-23 18:07:22 ----D---- C:\Program Files\Internet Explorer
2010-11-23 17:21:06 ----D---- C:\Documents and Settings\Evča\Data aplikací\ICQ
2010-11-23 17:20:12 ----D---- C:\Program Files\ICQ6Toolbar
2010-11-23 17:19:57 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-23 17:19:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-11-23 16:17:22 ----D---- C:\WINDOWS\system32\en-US
2010-11-22 19:44:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-11-22 18:03:21 ----D---- C:\Documents and Settings
2010-11-15 23:03:01 ----D---- C:\Program Files\Ask.com

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-08-08 691696]
R0 vniuvsrq;vniuvsrq; C:\WINDOWS\System32\Drivers\vniuvsrq.sys [2010-12-07 40128]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\ar5211.sys [2006-12-05 529344]
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\ATK0100\ASNDIS5.SYS []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-07-04 2304000]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 WSIMD;wsimd Service; C:\WINDOWS\System32\DRIVERS\wsimd.sys [2006-07-20 54432]
S1 cdfss;cdfss; \??\C:\DOCUME~1\EVA~1\LOCALS~1\Temp\cdfss []
S1 wcscd;wcscd; C:\WINDOWS\system32\drivers\wcscd.sys [2010-12-07 30560]
S2 nlvfzcis;nlvfzcis; C:\WINDOWS\system32\drivers\nlvfzcis.sys []
S3 abm3rd3x;abm3rd3x; C:\WINDOWS\system32\drivers\abm3rd3x.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\Sandra.sys []
S3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\System32\DRIVERS\w29n51.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\System32\acs.exe [2006-11-17 360533]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-07-04 483328]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-11-22 496128]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-25 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Zasekaný NTB

Napsal: 07 pro 2010 10:20
od vyosek
:arrow: Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
  • Vyskoci na Vas okenko, do ktereho zkopirujte text nize

  • Kód: Vybrat vše

    services.msc
  • Kliknete na OK
  • Najdete sluzby nize
  • Služba Google Update
    Spyware Terminator Realtime Shield Service
  • U sluzby provedte toto
    • Klik na ni pravym mysidlem a zvolit Vlastnosti
    • Nyní klik na Zastavit
    • Typ spousteni nastavit na Zakazano
    • Potvrdte kliknutim na OK
:arrow: Spustte HJT a provedeme fixnuti polozek
  • HJT najdete zde C:\Program Files\trend micro\Evča.exe
  • Otevre se Vam okno, kliknete na Do a system scan only
  • V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net
    1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by QIP.ru
  • Kliknete na Fix checked (vlevo dole)
  • HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo Obrázek
:arrow: Skript pro OTM - log pak sem

Kód: Vybrat vše

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"wuaucldt"=-
"Regedit32"=-
"sebunni"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA driver monitor"=-
"sebunni"=-
"wuaucldt"=-
"MSConfig"=-
"QIP Internet Guardian"=-
"Windows Firewall"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nlvfzcis]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vniuvsrq.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nlvfzcis]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vniuvsrq.sys]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\System32\svchost.exe"=-
"C:\WINDOWS\system32\spool\drivers\Distributed.exe"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Evča\Plocha\P17535732.JPG-www.facebook.exe"=-
"C:\DOCUME~1\EVA~1\LOCALS~1\Temp\4721249.exe"=-
"C:\DOCUME~1\EVA~1\LOCALS~1\Temp\416.exe"="-
"C:\DOCUME~1\EVA~1\LOCALS~1\Temp\49146.exe"=-
"C:\DOCUME~1\EVA~1\LOCALS~1\Temp\626.exe"=-
"C:\DOCUME~1\EVA~1\LOCALS~1\Temp\632530.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^0e6qq6c.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^0lhcc6o.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^1cyytka.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^3qqlccn.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^6mm70tp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^a3ccxoojalg.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^aa6mm6yy6.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^bhxy0o3aa3.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^cy726qvl.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^effwrriddu.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^hcc6ojk6gg6.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^hndezzqvlh.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^jek5l0hn.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^jpk1gccxoo.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^k6ww6ii6.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^kk6ww6ii6.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^kv26snnezz.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^lccxooja.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^lccxoojk6gg.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^lhxxtjjpvb.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^mm3yy6kk6.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^mm5n0o0a.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^pq0mms5y.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^q60c3oo3aa.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^q6cc6ojk.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^qmmhyytkkf.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^r1iytkffb.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^tpffwrridd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^u9q1miiduu.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^ufbww6ii.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^w60i3upv.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^wrc3oo70ll.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^ze6qq6cc.exe]

:services
r1d4yrbuv130y4do

:files
C:\Documents and Settings\Evča\Data aplikací\Microsoft\mynak.exe 
c:\documents and settings\evča\wuaucldt.exe 
C:\Documents and Settings\Evča\ymhgd.exe
C:\WINDOWS\system32\mynak.exe
c:\Documents and Settings\Evča\Plocha\P17535732.JPG-www.facebook.exe
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\*.exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[EMPTYTEMP]
[EMPTYFLASH]

Re: Zasekaný NTB

Napsal: 07 pro 2010 10:39
od jaboos
All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wuaucldt deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sebunni deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NVIDIA driver monitor deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\sebunni deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wuaucldt deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSConfig deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\QIP Internet Guardian deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Firewall deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nlvfzcis\ deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vniuvsrq.sys\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nlvfzcis\ deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vniuvsrq.sys\ scheduled to be deleted on reboot.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\spool\drivers\Distributed.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Evča\Plocha\P17535732.JPG-www.facebook.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\EVA~1\LOCALS~1\Temp\4721249.exe not found.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\DOCUME~1\EVA~1\LOCALS~1\Temp\416.exe"|"- /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\EVA~1\LOCALS~1\Temp\49146.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\EVA~1\LOCALS~1\Temp\626.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\EVA~1\LOCALS~1\Temp\632530.exe not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^0e6qq6c.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^0lhcc6o.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^1cyytka.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^3qqlccn.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^6mm70tp.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^a3ccxoojalg.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^aa6mm6yy6.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^bhxy0o3aa3.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^cy726qvl.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^effwrriddu.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^hcc6ojk6gg6.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^hndezzqvlh.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^jek5l0hn.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^jpk1gccxoo.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^k6ww6ii6.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^kk6ww6ii6.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^kv26snnezz.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^lccxooja.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^lccxoojk6gg.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^lhxxtjjpvb.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^mm3yy6kk6.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^mm5n0o0a.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^pq0mms5y.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^q60c3oo3aa.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^q6cc6ojk.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^qmmhyytkkf.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^r1iytkffb.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^tpffwrridd.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^u9q1miiduu.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^ufbww6ii.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^w60i3upv.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^wrc3oo70ll.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Evča^Nabídka Start^Programy^Po spuštění^ze6qq6cc.exe\ deleted successfully.
========== SERVICES/DRIVERS ==========
Service r1d4yrbuv130y4do stopped successfully!
Service r1d4yrbuv130y4do deleted successfully!
========== FILES ==========
File/Folder C:\Documents and Settings\Evča\Data aplikací\Microsoft\mynak.exe not found.
File/Folder c:\documents and settings\evča\wuaucldt.exe not found.
C:\Documents and Settings\Evča\ymhgd.exe moved successfully.
C:\WINDOWS\system32\mynak.exe moved successfully.
c:\Documents and Settings\Evča\Plocha\P17535732.JPG-www.facebook.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\0ffwrrn.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\0g70ddu.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\0hi0eez.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\0uvw0xx.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\0vbbhc6.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\0yytkkf.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\1miiduu.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\1rmnii1.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\25zfglm.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\2too6aa.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\2vqq6cc.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\38uk52m.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\3eezqql.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\3n0jzzq.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\3yytkkf.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\5lhcdi8.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\6cc6oo6.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\6uu6gg6.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\6ww6ii6.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\70bxss6.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\70mmcs0.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\870bxxy.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\9cxxooj.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\9m1ieez.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\9oz66b0.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\a70bxxy70.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\aa3mhn0jjpv.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\awwrc3ou70.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\bc3idj0ffw.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\bc70dzuu6g.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\bc70i1e3gg.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\bssneezq.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\bww6ii6uu6g.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\bxntoo6aa6.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\c6oo6aa6.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\c70dzuu6g.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\cyytkkfwwr.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\ddzpplbbxid.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\do3aa6cx.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\e9a1wssnee.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\ee5f0bbsnn.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\f0cc1yuupgl.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\ffbrrndttkk.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\fg70hsi9e1.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\flm09oo5.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\fvvmrs0i.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\g6ss6ee6.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\gb081itupv9.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\hdotpkk6.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\hyytkkfwwri.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\i1eaavmm.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\jaavmmx26ue.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\jfvvrhhd.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\jupkqbhhdi8.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\k1gccxoo.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\k1gccxooja.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\k3mmhddzppl.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\kk6mrs0i7.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\kkfwwriidu.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\l0rnii6uu.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\l69c1yuup.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\lbbxnnjz.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\lbcdi81u.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\lccxooj2lgg.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\lgmh1iy0zpv.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\lq81cnojza.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\m0iiduupgg.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\mc3ou70vrm.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\mhddzpplbb.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\miiduupggb.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\mm6yy6kk6.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\msneezqv.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\nee5abwcc60.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\nnjzzvllhxx.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\ny3kk70r.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\nyuz66b0hd.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\oe052ms5.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\pkk1g9c1yuu.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\pkk860iid.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\plbbx2to.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\plgg6idd.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\q1miiduu.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\q81s5e1uva3.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\qg60dtj5qql.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\qlccxooj.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\qq6cc1y0a.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\rhhdttpf.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\riiduupg.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\rns3ee3qq3.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\s9o1kggbss.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\toe6qvrmm.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\too6aa6mm6y.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\tu0vbww6.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\u1qmmhyytk.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\v0bxss6ee.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\vllhxxoj.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\vqq6cc6oo6a.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\vvrhhdttpff.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\vwrcdy3upf.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\wm9i1eaavmm.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\wriiduupgg.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\wssneezqql.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\wwriiduu.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\xoojaavm.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\xs1okkfwwr.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\xsjz366b0h.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\xxi3kkfwwh2.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\xxt2pkk1g9c.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\y1uqqlcc.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\y3aavmmhyyt.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\y6kk860i.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\y70zvqq6c.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\yee3qw70xto.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\yupqbr26oj.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\yy3kk70rnii.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\yytkkfww.exe moved successfully.
C:\Documents and Settings\Evča\Nabídka Start\Programy\Po spuštění\zupv0rrnd.exe moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\temp\xvjcs007F952C.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.EVCA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Evča
->Temp folder emptied: 148416801 bytes
->Temporary Internet Files folder emptied: 23441302 bytes
->FireFox cache emptied: 51034468 bytes
->Flash cache emptied: 4582 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 213,00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 12072010_103043

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vniuvsrq.sys\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vniuvsrq.sys\ scheduled to be deleted on reboot.

Re: Zasekaný NTB

Napsal: 07 pro 2010 10:50
od vyosek
:arrow: Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    :filefind
vniuvsrq.sys
  • Kliknete na Look
  • Tlacitko Look se zmeni na Scanning a zsedne
  • Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
  • Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte
Všechny časy jsou v UTC+01:00
Stránka 1 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz