Prosim o kontrolu PC rozesila spam a na flash byl autorun.inf. prikladam log z rsitu a pri spusteni combofixu mi hlasi antivitu AVG pritom sem ho odnistaloval pres avgrenover.diky za pomoc
RSIT LOG:
Logfile of random's system information tool 1.08 (written by random/random)
Run by xp at 2010-12-09 12:36:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 396 GB (83%) free of 477 GB
Total RAM: 2046 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:37:05, on 9.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\xp\Plocha\RSIT.exe
C:\Program Files\trend micro\xp.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.irfanview.net/faq.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [NBCore] "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Documents and Settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate1caacd933cab9b9) (gupdate1caacd933cab9b9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ati External Event Utility (jsokouuuiekkaaet) - Unknown owner - C:\WINDOWS\system32\semibe.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (voi0u1uiupuo) - Unknown owner - C:\WINDOWS\system32\ciroozenen.exe (file missing)
--
End of file - 6359 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for xp.job
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-03-28 13684736]
"nwiz"=nwiz.exe /install []
"ASUSGamerOSD"=C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [2007-07-12 380928]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-03-28 86016]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2010-06-07 111928]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NBCore"=C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe [2009-09-23 1598760]
"Nero PhotoShow Media Manager"=C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe [2006-05-10 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-06-01 94208]
"PC Suite Tray"=C:\Documents and Settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe [2010-01-27 256280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbrmnfwt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sbrmnfwt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe"="C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe:*:Enabled:SweetIM Installer"
"C:\WINDOWS\system32\jounej.exe"="C:\WINDOWS\system32\jounej.exe:*:Enabled:louboo64"
"C:\WINDOWS\system32\mozed.exe"="C:\WINDOWS\system32\mozed.exe:*:Enabled:louboo64"
"C:\WINDOWS\system32\wycyrenu.exe"="C:\WINDOWS\system32\wycyrenu.exe:*:Enabled:hito64"
"C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe"="C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe:LocalSubNet:Enabled:UltiDev Cassini Web Server for ASP.NET 2.0"
"C:\WINDOWS\system32\spool\drivers\Distributed.exe"="C:\WINDOWS\system32\spool\drivers\Distributed.exe:*:Enabled:BWProxyClient"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-12-09 11:41:37 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-12-09 11:41:37 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-12-09 11:41:37 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-12-09 11:41:37 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-12-09 11:41:37 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-12-09 11:41:37 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-12-09 11:41:37 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-12-09 11:41:32 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-12-09 11:41:29 ----D---- C:\Program Files\Alwil Software
2010-12-09 11:41:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-12-09 10:58:31 ----D---- C:\WINDOWS\pss
2010-12-09 09:42:50 ----D---- C:\rsit
2010-12-09 09:42:50 ----D---- C:\Program Files\trend micro
2010-12-08 12:36:36 ----SD---- C:\ComboFix
2010-12-08 10:46:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-12-08 09:47:39 ----D---- C:\Documents and Settings\xp\Data aplikací\Malwarebytes
2010-12-08 09:47:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-12-08 09:44:43 ----SHD---- C:\RECYCLER
2010-12-08 09:42:26 ----D---- C:\WINDOWS\temp
2010-12-08 09:42:24 ----A---- C:\ComboFix.txt
2010-12-08 09:21:22 ----D---- C:\WINDOWS\ERDNT
2010-12-08 09:14:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-12-08 09:03:21 ----D---- C:\Program Files\CCleaner
2010-12-04 23:13:56 ----D---- C:\WINDOWS\system32\XPSViewer
2010-12-04 23:13:54 ----D---- C:\WINDOWS\system32\en-US
2010-12-04 23:13:54 ----D---- C:\Program Files\MSBuild
2010-12-04 23:13:51 ----D---- C:\Program Files\Reference Assemblies
2010-12-04 23:13:40 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-12-04 23:13:40 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-12-04 23:13:40 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-12-04 23:13:40 ----D---- C:\78319564220aa529f1
2010-12-04 11:26:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\UltiDev
2010-12-04 11:26:33 ----D---- C:\Program Files\UltiDev
2010-12-04 11:24:24 ----RSD---- C:\WINDOWS\assembly
2010-12-04 11:24:03 ----D---- C:\WINDOWS\Microsoft.NET
2010-12-04 11:23:42 ----D---- C:\Program Files\AtlasSkolstvi
2010-11-29 19:10:50 ----A---- C:\WINDOWS\system32\drivers\sbrmnfwt.sys
2010-11-29 13:59:41 ----A---- C:\WINDOWS\system32\drivers\kjagfncm.sys
2010-11-23 23:41:30 ----RA---- C:\Documents and Settings\xp\Data aplikací\nK6Nk.txt
2010-11-23 09:08:56 ----RA---- C:\Documents and Settings\xp\Data aplikací\hDlkH.txt
2010-11-22 09:44:35 ----RA---- C:\Documents and Settings\xp\Data aplikací\k6jLC.txt
2010-11-14 21:47:33 ----A---- C:\WINDOWS\system32\MRT.INI
2010-11-14 21:43:24 ----D---- C:\Program Files\Common Files\Adobe
2010-11-14 21:43:24 ----D---- C:\Program Files\Adobe
2010-11-12 08:29:48 ----D---- C:\Program Files\Utajeny svet umeni 2
2010-11-11 15:15:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2010-11-10 08:36:53 ----D---- C:\Documents and Settings\xp\Data aplikací\Ladia Group
2010-11-10 08:36:32 ----D---- C:\Program Files\Anticky Rim
======List of files/folders modified in the last 1 months======
2010-12-09 12:35:50 ----D---- C:\WINDOWS
2010-12-09 11:42:01 ----D---- C:\WINDOWS\Prefetch
2010-12-09 11:41:37 ----D---- C:\WINDOWS\system32\drivers
2010-12-09 11:41:36 ----D---- C:\Config.Msi
2010-12-09 11:41:35 ----SHD---- C:\WINDOWS\Installer
2010-12-09 11:41:35 ----D---- C:\WINDOWS\WinSxS
2010-12-09 11:41:32 ----D---- C:\WINDOWS\system32
2010-12-09 11:41:29 ----RD---- C:\Program Files
2010-12-09 11:25:04 ----ASH---- C:\boot.ini
2010-12-09 11:25:04 ----A---- C:\WINDOWS\win.ini
2010-12-09 11:25:04 ----A---- C:\WINDOWS\system.ini
2010-12-09 11:21:57 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-12-09 11:14:19 ----HD---- C:\WINDOWS\inf
2010-12-09 11:14:18 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-09 10:53:35 ----D---- C:\WINDOWS\Minidump
2010-12-09 10:53:35 ----D---- C:\WINDOWS\Debug
2010-12-09 10:51:49 ----D---- C:\Program Files\SweetIM
2010-12-09 10:50:56 ----SD---- C:\WINDOWS\Tasks
2010-12-08 12:57:11 ----SHD---- C:\System Volume Information
2010-12-08 12:36:49 ----D---- C:\WINDOWS\system32\Restore
2010-12-08 11:27:30 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-12-08 10:31:36 ----D---- C:\WINDOWS\Driver Cache
2010-12-08 09:51:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2010-12-08 09:35:43 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-08 09:34:45 ----D---- C:\WINDOWS\system32\config
2010-12-08 09:33:28 ----D---- C:\Program Files\ICQ6.5
2010-12-08 09:32:28 ----D---- C:\WINDOWS\AppPatch
2010-12-08 09:32:27 ----D---- C:\Program Files\Common Files
2010-12-08 09:14:10 ----D---- C:\WINDOWS\system32\CatRoot
2010-12-08 09:14:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-08 09:09:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-07 15:50:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-12-07 15:50:20 ----D---- C:\Documents and Settings\xp\Data aplikací\AVGTOOLBAR
2010-12-07 15:50:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
2010-12-07 15:49:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg8
2010-12-07 15:48:44 ----SD---- C:\Documents and Settings\xp\Data aplikací\Microsoft
2010-12-05 21:48:17 ----A---- C:\WINDOWS\NeroDigital.ini
2010-12-05 20:08:20 ----D---- C:\Temp
2010-12-04 23:13:53 ----RSD---- C:\WINDOWS\Fonts
2010-12-04 23:13:45 ----D---- C:\WINDOWS\system32\spool
2010-12-04 23:12:54 ----D---- C:\Program Files\Internet Explorer
2010-12-04 17:46:43 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-12-04 15:40:27 ----D---- C:\Program Files\LG PC Suite II
2010-12-04 11:24:10 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-12-04 11:24:03 ----D---- C:\WINDOWS\pchealth
2010-12-03 20:12:55 ----D---- C:\Documents and Settings\xp\Data aplikací\ICQ
2010-11-20 12:44:59 ----D---- C:\WINDOWS\system32\wbem
2010-11-20 12:44:58 ----D---- C:\WINDOWS\Registration
2010-11-14 21:43:51 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-14 21:43:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-11-12 08:30:04 ----D---- C:\Documents and Settings\xp\Data aplikací\Špidla Data Processing, s.r.o
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2005-08-18 93568]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2007-07-12 11136]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-11-16 50704]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-03-28 6280416]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-09-30 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-09-30 13056]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2007-07-12 10752]
S2 kjagfncm;kjagfncm; \??\C:\WINDOWS\system32\Drivers\kjagfncm.sys []
S2 sbrmnfwt;sbrmnfwt; C:\WINDOWS\system32\drivers\sbrmnfwt.sys [2010-11-29 82944]
S3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mbr;mbr; \??\C:\DOCUME~1\xp\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-28 163908]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2007-07-12 257024]
S2 gupdate1caacd933cab9b9;Služba Google Update (gupdate1caacd933cab9b9); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-13 133104]
S2 jsokouuuiekkaaet;Ati External Event Utility; C:\WINDOWS\system32\semibe.exe []
S2 voi0u1uiupuo;SmartLinkService; C:\WINDOWS\system32\ciroozenen.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-22 208896]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0; C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2010-08-09 49152]
-----------------EOF-----------------
COMBOFIX:
ComboFix 10-12-08.04 - xp 09.12.2010 13:16:06.3.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1678 [GMT 1:00]
Spuštěný z: c:\documents and settings\xp\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus plus Firewall *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-09 do 2010-12-09 )))))))))))))))))))))))))))))))
.
2010-12-09 10:41 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-09 10:41 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-09 10:41 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-09 10:41 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-09 10:41 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-09 10:41 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-09 10:41 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-09 10:41 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-09 10:41 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\program files\Alwil Software
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-12-09 08:42 . 2010-12-09 11:37 -------- d-----w- c:\program files\trend micro
2010-12-09 08:42 . 2010-12-09 08:42 -------- d-----w- C:\rsit
2010-12-08 09:46 . 2010-12-08 09:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\xp\Data aplikací\Malwarebytes
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-08 08:03 . 2010-12-08 08:07 -------- d-----w- c:\program files\CCleaner
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\UltiDev
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\program files\UltiDev
2010-12-04 10:23 . 2010-12-04 10:26 -------- d-----w- c:\program files\AtlasSkolstvi
2010-11-29 18:10 . 2010-11-29 18:10 82944 ----a-w- c:\windows\system32\drivers\sbrmnfwt.sys
2010-11-29 12:59 . 2010-11-29 12:59 82944 ----a-w- c:\windows\system32\drivers\kjagfncm.sys
2010-11-26 21:10 . 2010-11-26 21:10 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Media Player Classic
2010-11-20 11:44 . 2010-11-20 11:44 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp8FE86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp71F86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp63F86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp62F86.FOT
2010-11-14 20:43 . 2010-11-14 20:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-12 07:29 . 2010-11-16 12:15 -------- d-----w- c:\program files\Utajeny svet umeni 2
2010-11-11 14:15 . 2010-11-11 14:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2010-11-10 07:36 . 2010-11-10 07:36 -------- d-----w- c:\documents and settings\xp\Data aplikací\Ladia Group
2010-11-10 07:36 . 2010-11-10 07:36 -------- d-----w- c:\program files\Anticky Rim
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 19:16 . 2009-12-18 14:06 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2F1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2E1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2D1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp112DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp102DF.FOT
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-12 15:51 . 2010-09-12 15:51 1409 ----a-w- c:\windows\system32\tmp3AB4E.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC286C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC186C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC086C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpB386C.FOT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBCore"="c:\program files\Common Files\Nero\Nero BackItUp 4\NBCore.exe" [2009-09-23 1598760]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"PC Suite Tray"="c:\documents and settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.12.2010 11:41 165584]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.12.2010 11:41 17744]
S2 gupdate1caacd933cab9b9;Služba Google Update (gupdate1caacd933cab9b9);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2010 19:20 133104]
S2 jsokouuuiekkaaet;Ati External Event Utility;c:\windows\system32\semibe.exe --> c:\windows\system32\semibe.exe [?]
S2 kjagfncm;kjagfncm;c:\windows\system32\drivers\kjagfncm.sys [29.11.2010 13:59 82944]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
S2 sbrmnfwt;sbrmnfwt;c:\windows\system32\drivers\sbrmnfwt.sys [29.11.2010 19:10 82944]
S2 voi0u1uiupuo;SmartLinkService;c:\windows\system32\ciroozenen.exe --> c:\windows\system32\ciroozenen.exe [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S4 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [8.2.2007 0:06 49152]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - eeCtrl
.
Obsah adresáře 'Naplánované úlohy'
2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-08 c:\windows\Tasks\Norton Security Scan for xp.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-16 07:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
FF - ProfilePath - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
SafeBoot-sbrmnfwt
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-09 13:18
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(196)
c:\windows\system32\CLBCATQ.DLL
.
Celkový čas: 2010-12-09 13:20:12
ComboFix-quarantined-files.txt 2010-12-09 12:20
ComboFix2.txt 2010-12-08 08:42
Před spuštěním: Volných bajtů: 414 875 676 672
Po spuštění: Volných bajtů: 414 867 050 496
- - End Of File - - 79698526769ED1167A601B2CDE1A77E3
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
pro motji - prosim o pomoc
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: pro motji - prosim o pomoc
Dobrý večer 
Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Tyto soubory znáte?
C:\Documents and Settings\xp\Data aplikací\nK6Nk.txt
C:\Documents and Settings\xp\Data aplikací\hDlkH.txt
C:\Documents and Settings\xp\Data aplikací\k6jLC.txt
Zapojte do pc všechny usb klíče, flashky...co používáte
Použijte USB fix
http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Před stažením vypněte rezidentní štít antiviru, má na Usbfix falešnou detekci
-spusťte
-klikněte na volbu research , potvrdte enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt
Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
KillAll::
Firefox::
FF - ProfilePath - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - Extension: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Driver::
kjagfncm
jsokouuuiekkaaet
voi0u1uiupuo
Collect::
c:\windows\system32\drivers\kjagfncm.sys
c:\windows\system32\semibe.exe
c:\windows\system32\drivers\sbrmnfwt.sys
Registry::
HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
c:\\Documents and Settings\\All Users\\Data aplikací\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=-
Folder::
c:\program files\SweetIM\Messenger\
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Tyto soubory znáte?C:\Documents and Settings\xp\Data aplikací\nK6Nk.txt
C:\Documents and Settings\xp\Data aplikací\hDlkH.txt
C:\Documents and Settings\xp\Data aplikací\k6jLC.txt
Zapojte do pc všechny usb klíče, flashky...co používátePoužijte USB fix
http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Před stažením vypněte rezidentní štít antiviru, má na Usbfix falešnou detekci-spusťte
-klikněte na volbu research , potvrdte enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: pro motji - prosim o pomoc
combofixe sem musel pustit z nouzovyho rezimu, po restartu chtel odeslat nejaky soubory na analizu ale nepovedlo se mu to ulozit na server
log:
ComboFix 10-12-08.04 - xp 09.12.2010 13:16:06.3.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1678 [GMT 1:00]
Spuštěný z: c:\documents and settings\xp\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus plus Firewall *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-09 do 2010-12-09 )))))))))))))))))))))))))))))))
.
2010-12-09 10:41 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-09 10:41 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-09 10:41 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-09 10:41 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-09 10:41 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-09 10:41 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-09 10:41 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-09 10:41 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-09 10:41 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\program files\Alwil Software
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-12-09 08:42 . 2010-12-09 11:37 -------- d-----w- c:\program files\trend micro
2010-12-09 08:42 . 2010-12-09 08:42 -------- d-----w- C:\rsit
2010-12-08 09:46 . 2010-12-08 09:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\xp\Data aplikací\Malwarebytes
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-08 08:03 . 2010-12-08 08:07 -------- d-----w- c:\program files\CCleaner
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\UltiDev
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\program files\UltiDev
2010-12-04 10:23 . 2010-12-04 10:26 -------- d-----w- c:\program files\AtlasSkolstvi
2010-11-29 18:10 . 2010-11-29 18:10 82944 ----a-w- c:\windows\system32\drivers\sbrmnfwt.sys
2010-11-29 12:59 . 2010-11-29 12:59 82944 ----a-w- c:\windows\system32\drivers\kjagfncm.sys
2010-11-26 21:10 . 2010-11-26 21:10 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Media Player Classic
2010-11-20 11:44 . 2010-11-20 11:44 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp8FE86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp71F86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp63F86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp62F86.FOT
2010-11-14 20:43 . 2010-11-14 20:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-12 07:29 . 2010-11-16 12:15 -------- d-----w- c:\program files\Utajeny svet umeni 2
2010-11-11 14:15 . 2010-11-11 14:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2010-11-10 07:36 . 2010-11-10 07:36 -------- d-----w- c:\documents and settings\xp\Data aplikací\Ladia Group
2010-11-10 07:36 . 2010-11-10 07:36 -------- d-----w- c:\program files\Anticky Rim
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 19:16 . 2009-12-18 14:06 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2F1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2E1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2D1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp112DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp102DF.FOT
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-12 15:51 . 2010-09-12 15:51 1409 ----a-w- c:\windows\system32\tmp3AB4E.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC286C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC186C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC086C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpB386C.FOT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBCore"="c:\program files\Common Files\Nero\Nero BackItUp 4\NBCore.exe" [2009-09-23 1598760]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"PC Suite Tray"="c:\documents and settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.12.2010 11:41 165584]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.12.2010 11:41 17744]
S2 gupdate1caacd933cab9b9;Služba Google Update (gupdate1caacd933cab9b9);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2010 19:20 133104]
S2 jsokouuuiekkaaet;Ati External Event Utility;c:\windows\system32\semibe.exe --> c:\windows\system32\semibe.exe [?]
S2 kjagfncm;kjagfncm;c:\windows\system32\drivers\kjagfncm.sys [29.11.2010 13:59 82944]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
S2 sbrmnfwt;sbrmnfwt;c:\windows\system32\drivers\sbrmnfwt.sys [29.11.2010 19:10 82944]
S2 voi0u1uiupuo;SmartLinkService;c:\windows\system32\ciroozenen.exe --> c:\windows\system32\ciroozenen.exe [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S4 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [8.2.2007 0:06 49152]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - eeCtrl
.
Obsah adresáře 'Naplánované úlohy'
2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-08 c:\windows\Tasks\Norton Security Scan for xp.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-16 07:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
FF - ProfilePath - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
SafeBoot-sbrmnfwt
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-09 13:18
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(196)
c:\windows\system32\CLBCATQ.DLL
.
Celkový čas: 2010-12-09 13:20:12
ComboFix-quarantined-files.txt 2010-12-09 12:20
ComboFix2.txt 2010-12-08 08:42
Před spuštěním: Volných bajtů: 414 875 676 672
Po spuštění: Volných bajtů: 414 867 050 496
- - End Of File - - 79698526769ED1167A601B2CDE1A77E3
USB fix log:
ComboFix 10-12-08.04 - xp 09.12.2010 13:16:06.3.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1678 [GMT 1:00]
Spuštěný z: c:\documents and settings\xp\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus plus Firewall *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-09 do 2010-12-09 )))))))))))))))))))))))))))))))
.
2010-12-09 10:41 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-09 10:41 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-09 10:41 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-09 10:41 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-09 10:41 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-09 10:41 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-09 10:41 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-09 10:41 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-09 10:41 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\program files\Alwil Software
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-12-09 08:42 . 2010-12-09 11:37 -------- d-----w- c:\program files\trend micro
2010-12-09 08:42 . 2010-12-09 08:42 -------- d-----w- C:\rsit
2010-12-08 09:46 . 2010-12-08 09:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\xp\Data aplikací\Malwarebytes
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-08 08:03 . 2010-12-08 08:07 -------- d-----w- c:\program files\CCleaner
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\UltiDev
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\program files\UltiDev
2010-12-04 10:23 . 2010-12-04 10:26 -------- d-----w- c:\program files\AtlasSkolstvi
2010-11-29 18:10 . 2010-11-29 18:10 82944 ----a-w- c:\windows\system32\drivers\sbrmnfwt.sys
2010-11-29 12:59 . 2010-11-29 12:59 82944 ----a-w- c:\windows\system32\drivers\kjagfncm.sys
2010-11-26 21:10 . 2010-11-26 21:10 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Media Player Classic
2010-11-20 11:44 . 2010-11-20 11:44 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp8FE86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp71F86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp63F86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp62F86.FOT
2010-11-14 20:43 . 2010-11-14 20:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-12 07:29 . 2010-11-16 12:15 -------- d-----w- c:\program files\Utajeny svet umeni 2
2010-11-11 14:15 . 2010-11-11 14:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2010-11-10 07:36 . 2010-11-10 07:36 -------- d-----w- c:\documents and settings\xp\Data aplikací\Ladia Group
2010-11-10 07:36 . 2010-11-10 07:36 -------- d-----w- c:\program files\Anticky Rim
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 19:16 . 2009-12-18 14:06 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2F1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2E1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2D1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp112DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp102DF.FOT
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-12 15:51 . 2010-09-12 15:51 1409 ----a-w- c:\windows\system32\tmp3AB4E.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC286C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC186C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC086C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpB386C.FOT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBCore"="c:\program files\Common Files\Nero\Nero BackItUp 4\NBCore.exe" [2009-09-23 1598760]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"PC Suite Tray"="c:\documents and settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.12.2010 11:41 165584]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.12.2010 11:41 17744]
S2 gupdate1caacd933cab9b9;Služba Google Update (gupdate1caacd933cab9b9);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2010 19:20 133104]
S2 jsokouuuiekkaaet;Ati External Event Utility;c:\windows\system32\semibe.exe --> c:\windows\system32\semibe.exe [?]
S2 kjagfncm;kjagfncm;c:\windows\system32\drivers\kjagfncm.sys [29.11.2010 13:59 82944]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
S2 sbrmnfwt;sbrmnfwt;c:\windows\system32\drivers\sbrmnfwt.sys [29.11.2010 19:10 82944]
S2 voi0u1uiupuo;SmartLinkService;c:\windows\system32\ciroozenen.exe --> c:\windows\system32\ciroozenen.exe [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S4 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [8.2.2007 0:06 49152]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - eeCtrl
.
Obsah adresáře 'Naplánované úlohy'
2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-08 c:\windows\Tasks\Norton Security Scan for xp.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-16 07:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
FF - ProfilePath - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
SafeBoot-sbrmnfwt
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-09 13:18
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(196)
c:\windows\system32\CLBCATQ.DLL
.
Celkový čas: 2010-12-09 13:20:12
ComboFix-quarantined-files.txt 2010-12-09 12:20
ComboFix2.txt 2010-12-08 08:42
Před spuštěním: Volných bajtů: 414 875 676 672
Po spuštění: Volných bajtů: 414 867 050 496
- - End Of File - - 79698526769ED1167A601B2CDE1A77E3
jinak ty soubory na ktery ste se ptala neznam
log:
ComboFix 10-12-08.04 - xp 09.12.2010 13:16:06.3.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1678 [GMT 1:00]
Spuštěný z: c:\documents and settings\xp\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus plus Firewall *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-09 do 2010-12-09 )))))))))))))))))))))))))))))))
.
2010-12-09 10:41 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-09 10:41 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-09 10:41 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-09 10:41 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-09 10:41 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-09 10:41 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-09 10:41 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-09 10:41 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-09 10:41 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\program files\Alwil Software
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-12-09 08:42 . 2010-12-09 11:37 -------- d-----w- c:\program files\trend micro
2010-12-09 08:42 . 2010-12-09 08:42 -------- d-----w- C:\rsit
2010-12-08 09:46 . 2010-12-08 09:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\xp\Data aplikací\Malwarebytes
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-08 08:03 . 2010-12-08 08:07 -------- d-----w- c:\program files\CCleaner
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\UltiDev
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\program files\UltiDev
2010-12-04 10:23 . 2010-12-04 10:26 -------- d-----w- c:\program files\AtlasSkolstvi
2010-11-29 18:10 . 2010-11-29 18:10 82944 ----a-w- c:\windows\system32\drivers\sbrmnfwt.sys
2010-11-29 12:59 . 2010-11-29 12:59 82944 ----a-w- c:\windows\system32\drivers\kjagfncm.sys
2010-11-26 21:10 . 2010-11-26 21:10 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Media Player Classic
2010-11-20 11:44 . 2010-11-20 11:44 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp8FE86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp71F86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp63F86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp62F86.FOT
2010-11-14 20:43 . 2010-11-14 20:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-12 07:29 . 2010-11-16 12:15 -------- d-----w- c:\program files\Utajeny svet umeni 2
2010-11-11 14:15 . 2010-11-11 14:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2010-11-10 07:36 . 2010-11-10 07:36 -------- d-----w- c:\documents and settings\xp\Data aplikací\Ladia Group
2010-11-10 07:36 . 2010-11-10 07:36 -------- d-----w- c:\program files\Anticky Rim
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 19:16 . 2009-12-18 14:06 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2F1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2E1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2D1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp112DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp102DF.FOT
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-12 15:51 . 2010-09-12 15:51 1409 ----a-w- c:\windows\system32\tmp3AB4E.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC286C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC186C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC086C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpB386C.FOT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBCore"="c:\program files\Common Files\Nero\Nero BackItUp 4\NBCore.exe" [2009-09-23 1598760]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"PC Suite Tray"="c:\documents and settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.12.2010 11:41 165584]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.12.2010 11:41 17744]
S2 gupdate1caacd933cab9b9;Služba Google Update (gupdate1caacd933cab9b9);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2010 19:20 133104]
S2 jsokouuuiekkaaet;Ati External Event Utility;c:\windows\system32\semibe.exe --> c:\windows\system32\semibe.exe [?]
S2 kjagfncm;kjagfncm;c:\windows\system32\drivers\kjagfncm.sys [29.11.2010 13:59 82944]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
S2 sbrmnfwt;sbrmnfwt;c:\windows\system32\drivers\sbrmnfwt.sys [29.11.2010 19:10 82944]
S2 voi0u1uiupuo;SmartLinkService;c:\windows\system32\ciroozenen.exe --> c:\windows\system32\ciroozenen.exe [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S4 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [8.2.2007 0:06 49152]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - eeCtrl
.
Obsah adresáře 'Naplánované úlohy'
2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-08 c:\windows\Tasks\Norton Security Scan for xp.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-16 07:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
FF - ProfilePath - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
SafeBoot-sbrmnfwt
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-09 13:18
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(196)
c:\windows\system32\CLBCATQ.DLL
.
Celkový čas: 2010-12-09 13:20:12
ComboFix-quarantined-files.txt 2010-12-09 12:20
ComboFix2.txt 2010-12-08 08:42
Před spuštěním: Volných bajtů: 414 875 676 672
Po spuštění: Volných bajtů: 414 867 050 496
- - End Of File - - 79698526769ED1167A601B2CDE1A77E3
USB fix log:
ComboFix 10-12-08.04 - xp 09.12.2010 13:16:06.3.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1678 [GMT 1:00]
Spuštěný z: c:\documents and settings\xp\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus plus Firewall *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-09 do 2010-12-09 )))))))))))))))))))))))))))))))
.
2010-12-09 10:41 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-09 10:41 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-09 10:41 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-09 10:41 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-09 10:41 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-09 10:41 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-09 10:41 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-09 10:41 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-09 10:41 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\program files\Alwil Software
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-12-09 08:42 . 2010-12-09 11:37 -------- d-----w- c:\program files\trend micro
2010-12-09 08:42 . 2010-12-09 08:42 -------- d-----w- C:\rsit
2010-12-08 09:46 . 2010-12-08 09:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\xp\Data aplikací\Malwarebytes
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-08 08:03 . 2010-12-08 08:07 -------- d-----w- c:\program files\CCleaner
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\UltiDev
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\program files\UltiDev
2010-12-04 10:23 . 2010-12-04 10:26 -------- d-----w- c:\program files\AtlasSkolstvi
2010-11-29 18:10 . 2010-11-29 18:10 82944 ----a-w- c:\windows\system32\drivers\sbrmnfwt.sys
2010-11-29 12:59 . 2010-11-29 12:59 82944 ----a-w- c:\windows\system32\drivers\kjagfncm.sys
2010-11-26 21:10 . 2010-11-26 21:10 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Media Player Classic
2010-11-20 11:44 . 2010-11-20 11:44 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp8FE86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp71F86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp63F86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp62F86.FOT
2010-11-14 20:43 . 2010-11-14 20:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-12 07:29 . 2010-11-16 12:15 -------- d-----w- c:\program files\Utajeny svet umeni 2
2010-11-11 14:15 . 2010-11-11 14:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2010-11-10 07:36 . 2010-11-10 07:36 -------- d-----w- c:\documents and settings\xp\Data aplikací\Ladia Group
2010-11-10 07:36 . 2010-11-10 07:36 -------- d-----w- c:\program files\Anticky Rim
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 19:16 . 2009-12-18 14:06 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2F1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2E1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2D1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp112DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp102DF.FOT
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-12 15:51 . 2010-09-12 15:51 1409 ----a-w- c:\windows\system32\tmp3AB4E.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC286C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC186C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC086C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpB386C.FOT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBCore"="c:\program files\Common Files\Nero\Nero BackItUp 4\NBCore.exe" [2009-09-23 1598760]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"PC Suite Tray"="c:\documents and settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.12.2010 11:41 165584]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.12.2010 11:41 17744]
S2 gupdate1caacd933cab9b9;Služba Google Update (gupdate1caacd933cab9b9);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2010 19:20 133104]
S2 jsokouuuiekkaaet;Ati External Event Utility;c:\windows\system32\semibe.exe --> c:\windows\system32\semibe.exe [?]
S2 kjagfncm;kjagfncm;c:\windows\system32\drivers\kjagfncm.sys [29.11.2010 13:59 82944]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
S2 sbrmnfwt;sbrmnfwt;c:\windows\system32\drivers\sbrmnfwt.sys [29.11.2010 19:10 82944]
S2 voi0u1uiupuo;SmartLinkService;c:\windows\system32\ciroozenen.exe --> c:\windows\system32\ciroozenen.exe [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S4 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [8.2.2007 0:06 49152]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - eeCtrl
.
Obsah adresáře 'Naplánované úlohy'
2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-08 c:\windows\Tasks\Norton Security Scan for xp.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-16 07:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
FF - ProfilePath - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
SafeBoot-sbrmnfwt
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-09 13:18
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(196)
c:\windows\system32\CLBCATQ.DLL
.
Celkový čas: 2010-12-09 13:20:12
ComboFix-quarantined-files.txt 2010-12-09 12:20
ComboFix2.txt 2010-12-08 08:42
Před spuštěním: Volných bajtů: 414 875 676 672
Po spuštění: Volných bajtů: 414 867 050 496
- - End Of File - - 79698526769ED1167A601B2CDE1A77E3
jinak ty soubory na ktery ste se ptala neznam
Re: pro motji - prosim o pomoc
Log z USB fixu tu nevidím, ale hlavně, spustit jste ten combofix s tím scriptem? Vypadá to že ne , nebo jste mi poslal špatný log Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: pro motji - prosim o pomoc
omlouvam se poslal sem vam stary log 
log z usb fixu v pc nemuzu nejak najit
ComboFix 10-12-07.03 - xp 08.12.2010 9:30.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1768 [GMT 1:00]
Spuštěný z: c:\documents and settings\xp\Plocha\ComboFix.exe
AV: AVG Anti-Virus plus Firewall *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\xp\secupdat.dat
c:\documents and settings\xp\suuil.exe
c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\System32\drivers\Bms54.sys
c:\windows\system32\Drivers\frke7fc.sys
c:\windows\System32\drivers\htm578e.sys
c:\windows\system32\Drivers\jrj82d4.sys
c:\windows\system32\Drivers\tle1262.sys
c:\windows\system32\Drivers\widwnjyz.sys
c:\windows\System32\drivers\Xfd44.sys
c:\windows\system32\secupdat.dat
c:\windows\system32\semibe.exe
c:\windows\system32\spool\drivers\systempro.exe
c:\windows\system32\wycyrenu.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BMS54
-------\Legacy_XFD44
-------\Service_Bms54
-------\Service_Xfd44
-------\Legacy_frke7fc
-------\Legacy_htm578e
-------\Legacy_jrj82d4
-------\Legacy_jsokouuuiekkaaet
-------\Legacy_tle1262
-------\Legacy_widwnjyz
-------\Service_frke7fc
-------\Service_htm578e
-------\Service_jrj82d4
-------\Service_jsokouuuiekkaaet
-------\Service_tle1262
-------\Service_widwnjyz
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-08 do 2010-12-08 )))))))))))))))))))))))))))))))
.
2010-12-08 08:13 . 2010-12-08 08:13 -------- d-----w- c:\windows\LastGood.Tmp
2010-12-08 08:03 . 2010-12-08 08:07 -------- d-----w- c:\program files\CCleaner
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\UltiDev
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\program files\UltiDev
2010-12-04 10:23 . 2010-12-04 10:26 -------- d-----w- c:\program files\AtlasSkolstvi
2010-11-29 18:10 . 2010-11-29 18:10 82944 ----a-w- c:\windows\system32\drivers\sbrmnfwt.sys
2010-11-29 12:59 . 2010-11-29 12:59 82944 ----a-w- c:\windows\system32\drivers\kjagfncm.sys
2010-11-27 21:43 . 2010-11-27 21:43 82944 ----a-w- c:\windows\system32\drivers\prqmrngx.sys
2010-11-26 21:10 . 2010-11-26 21:10 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Media Player Classic
2010-11-20 11:44 . 2010-11-20 11:44 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp8FE86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp71F86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp63F86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp62F86.FOT
2010-11-16 14:27 . 2010-12-02 11:24 461824 ----a-w- c:\windows\system32\mozed.exe
2010-11-16 08:55 . 2010-12-02 11:24 461824 ----a-w- c:\windows\system32\jounej.exe
2010-11-15 07:59 . 2010-12-02 11:24 461824 ----a-w- c:\windows\system32\ciroozenen.exe
2010-11-14 20:43 . 2010-11-14 20:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-12 07:29 . 2010-11-16 12:15 -------- d-----w- c:\program files\Utajeny svet umeni 2
2010-11-11 22:52 . 2010-11-11 22:52 180224 ----a-w- C:\winskd.exe
2010-11-11 14:15 . 2010-11-11 14:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2010-11-10 07:47 . 2010-11-10 07:47 77824 --sh--r- c:\documents and settings\xp\Data aplikací\juzjf.exe
2010-11-10 07:36 . 2010-11-10 07:36 -------- d-----w- c:\documents and settings\xp\Data aplikací\Ladia Group
2010-11-10 07:36 . 2010-11-10 07:36 -------- d-----w- c:\program files\Anticky Rim
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 19:16 . 2009-12-18 14:06 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-12-02 11:24 . 2010-11-15 07:59 461824 ----a-w- c:\windows\system32\wycyrenu.exe
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2F1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2E1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2D1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp112DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp102DF.FOT
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-12 15:51 . 2010-09-12 15:51 1409 ----a-w- c:\windows\system32\tmp3AB4E.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC286C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC186C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC086C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpB386C.FOT
2010-09-10 05:52 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-13 138552]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBCore"="c:\program files\Common Files\Nero\Nero BackItUp 4\NBCore.exe" [2009-09-23 1598760]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"PC Suite Tray"="c:\documents and settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"quezebab"="c:\windows\system32\wycyrenu.exe" [2010-12-02 461824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^02i5eff.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\02i5eff.exe
backup=c:\windows\pss\02i5eff.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^0fbww6i.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\0fbww6i.exe
backup=c:\windows\pss\0fbww6i.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^0ggbssn.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\0ggbssn.exe
backup=c:\windows\pss\0ggbssn.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^0jfaa70.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\0jfaa70.exe
backup=c:\windows\pss\0jfaa70.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^0jo86a8.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\0jo86a8.exe
backup=c:\windows\pss\0jo86a8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^0k5q6m8.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\0k5q6m8.exe
backup=c:\windows\pss\0k5q6m8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^0kkfwwr.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\0kkfwwr.exe
backup=c:\windows\pss\0kkfwwr.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^0lhcc6o.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\0lhcc6o.exe
backup=c:\windows\pss\0lhcc6o.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^0tpkk6w.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\0tpkk6w.exe
backup=c:\windows\pss\0tpkk6w.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^0wwriid.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\0wwriid.exe
backup=c:\windows\pss\0wwriid.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^1awwrii.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\1awwrii.exe
backup=c:\windows\pss\1awwrii.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^1cyytkk.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\1cyytkk.exe
backup=c:\windows\pss\1cyytkk.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^1f3q86c.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\1f3q86c.exe
backup=c:\windows\pss\1f3q86c.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^1ieezqq.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\1ieezqq.exe
backup=c:\windows\pss\1ieezqq.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^1kggbss.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\1kggbss.exe
backup=c:\windows\pss\1kggbss.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^1okkfww.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\1okkfww.exe
backup=c:\windows\pss\1okkfww.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^1wssnee.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\1wssnee.exe
backup=c:\windows\pss\1wssnee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^2faa6mm.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\2faa6mm.exe
backup=c:\windows\pss\2faa6mm.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^2rsn0ee.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\2rsn0ee.exe
backup=c:\windows\pss\2rsn0ee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^3iiduup.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\3iiduup.exe
backup=c:\windows\pss\3iiduup.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^3mmhyyt.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\3mmhyyt.exe
backup=c:\windows\pss\3mmhyyt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^3qqlccx.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\3qqlccx.exe
backup=c:\windows\pss\3qqlccx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^3wwriid.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\3wwriid.exe
backup=c:\windows\pss\3wwriid.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^5lhcdi8.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\5lhcdi8.exe
backup=c:\windows\pss\5lhcdi8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^5w6s81e.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\5w6s81e.exe
backup=c:\windows\pss\5w6s81e.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^60xs0zf.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\60xs0zf.exe
backup=c:\windows\pss\60xs0zf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^61avwms.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\61avwms.exe
backup=c:\windows\pss\61avwms.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^66s86up.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\66s86up.exe
backup=c:\windows\pss\66s86up.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^66u86g8.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\66u86g8.exe
backup=c:\windows\pss\66u86g8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^6ee6qq6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\6ee6qq6.exe
backup=c:\windows\pss\6ee6qq6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^6g81sde.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\6g81sde.exe
backup=c:\windows\pss\6g81sde.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^6gg6ss6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\6gg6ss6.exe
backup=c:\windows\pss\6gg6ss6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^6jzk1ab.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\6jzk1ab.exe
backup=c:\windows\pss\6jzk1ab.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^6oo6aa6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\6oo6aa6.exe
backup=c:\windows\pss\6oo6aa6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^6uu6gg6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\6uu6gg6.exe
backup=c:\windows\pss\6uu6gg6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^703u1l7.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\703u1l7.exe
backup=c:\windows\pss\703u1l7.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^70a70bx.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\70a70bx.exe
backup=c:\windows\pss\70a70bx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^70vrmm6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\70vrmm6.exe
backup=c:\windows\pss\70vrmm6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^81yjkfl.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\81yjkfl.exe
backup=c:\windows\pss\81yjkfl.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^870lhxi.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\870lhxi.exe
backup=c:\windows\pss\870lhxi.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^91cne1u.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\91cne1u.exe
backup=c:\windows\pss\91cne1u.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^91k3wrx.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\91k3wrx.exe
backup=c:\windows\pss\91k3wrx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^9k1gccx.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\9k1gccx.exe
backup=c:\windows\pss\9k1gccx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^9w1sooj.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\9w1sooj.exe
backup=c:\windows\pss\9w1sooj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^a81mxytz60b.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\a81mxytz60b.exe
backup=c:\windows\pss\a81mxytz60b.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^a81xsty81.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\a81xsty81.exe
backup=c:\windows\pss\a81xsty81.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^aavrmcs2ee.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\aavrmcs2ee.exe
backup=c:\windows\pss\aavrmcs2ee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^avmmhyyt.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\avmmhyyt.exe
backup=c:\windows\pss\avmmhyyt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^bbxnnjzzvll.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\bbxnnjzzvll.exe
backup=c:\windows\pss\bbxnnjzzvll.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^bm1cdi86.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\bm1cdi86.exe
backup=c:\windows\pss\bm1cdi86.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^bmxytjkfv.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\bmxytjkfv.exe
backup=c:\windows\pss\bmxytjkfv.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^brc1sty86.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\brc1sty86.exe
backup=c:\windows\pss\brc1sty86.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^bxsty86k8.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\bxsty86k8.exe
backup=c:\windows\pss\bxsty86k8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^c6iizz2fg.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\c6iizz2fg.exe
backup=c:\windows\pss\c6iizz2fg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ccsi1z70.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ccsi1z70.exe
backup=c:\windows\pss\ccsi1z70.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^cioeeuk1.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\cioeeuk1.exe
backup=c:\windows\pss\cioeeuk1.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^dep0a0rr.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\dep0a0rr.exe
backup=c:\windows\pss\dep0a0rr.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^dzuu6gg6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\dzuu6gg6.exe
backup=c:\windows\pss\dzuu6gg6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^dzuva86m8.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\dzuva86m8.exe
backup=c:\windows\pss\dzuva86m8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^e1awwriidu.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\e1awwriidu.exe
backup=c:\windows\pss\e1awwriidu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^e70fbww6i.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\e70fbww6i.exe
backup=c:\windows\pss\e70fbww6i.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^e9a1wssnee.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\e9a1wssnee.exe
backup=c:\windows\pss\e9a1wssnee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^eaavmmhyyt.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\eaavmmhyyt.exe
backup=c:\windows\pss\eaavmmhyyt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ejzf66w86i.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ejzf66w86i.exe
backup=c:\windows\pss\ejzf66w86i.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ejzpqlbcxn.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ejzpqlbcxn.exe
backup=c:\windows\pss\ejzpqlbcxn.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^euk1b703i0.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\euk1b703i0.exe
backup=c:\windows\pss\euk1b703i0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^euva81mxyt.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\euva81mxyt.exe
backup=c:\windows\pss\euva81mxyt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^euva870nd0.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\euva870nd0.exe
backup=c:\windows\pss\euva870nd0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ezf2lbcxd6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ezf2lbcxd6.exe
backup=c:\windows\pss\ezf2lbcxd6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ezqqlccx.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ezqqlccx.exe
backup=c:\windows\pss\ezqqlccx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^f0lhcc6oo.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\f0lhcc6oo.exe
backup=c:\windows\pss\f0lhcc6oo.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^fbww6ii6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\fbww6ii6.exe
backup=c:\windows\pss\fbww6ii6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^fgb03s0t.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\fgb03s0t.exe
backup=c:\windows\pss\fgb03s0t.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^fk81whid.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\fk81whid.exe
backup=c:\windows\pss\fk81whid.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^g3iiduupggb.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\g3iiduupggb.exe
backup=c:\windows\pss\g3iiduupggb.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^g6sio5jf.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\g6sio5jf.exe
backup=c:\windows\pss\g6sio5jf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^g86s870aaqg.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\g86s870aaqg.exe
backup=c:\windows\pss\g86s870aaqg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ggbssneezq.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ggbssneezq.exe
backup=c:\windows\pss\ggbssneezq.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^glwhc0to0f.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\glwhc0to0f.exe
backup=c:\windows\pss\glwhc0to0f.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^h66y86k8.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\h66y86k8.exe
backup=c:\windows\pss\h66y86k8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^hc1yuupggb.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\hc1yuupggb.exe
backup=c:\windows\pss\hc1yuupggb.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^hhdttpffbrr.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\hhdttpffbrr.exe
backup=c:\windows\pss\hhdttpffbrr.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^hidj66a86m.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\hidj66a86m.exe
backup=c:\windows\pss\hidj66a86m.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^hxxtjjfv.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\hxxtjjfv.exe
backup=c:\windows\pss\hxxtjjfv.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^i6uu6gg6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\i6uu6gg6.exe
backup=c:\windows\pss\i6uu6gg6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^iy0zpv66m8.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\iy0zpv66m8.exe
backup=c:\windows\pss\iy0zpv66m8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^jaavwrx870z.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\jaavwrx870z.exe
backup=c:\windows\pss\jaavwrx870z.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^jee6qq6cc.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\jee6qq6cc.exe
backup=c:\windows\pss\jee6qq6cc.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^jfvvrhhd.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\jfvvrhhd.exe
backup=c:\windows\pss\jfvvrhhd.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^jkfgb081itu.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\jkfgb081itu.exe
backup=c:\windows\pss\jkfgb081itu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^jzzvllhx.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\jzzvllhx.exe
backup=c:\windows\pss\jzzvllhx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^k3mmhyytkkf.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\k3mmhyytkkf.exe
backup=c:\windows\pss\k3mmhyytkkf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^kagbcx08.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\kagbcx08.exe
backup=c:\windows\pss\kagbcx08.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^kkfgbr3o.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\kkfgbr3o.exe
backup=c:\windows\pss\kkfgbr3o.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^lgg6ss6ee.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\lgg6ss6ee.exe
backup=c:\windows\pss\lgg6ss6ee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^lgm70njee.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\lgm70njee.exe
backup=c:\windows\pss\lgm70njee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^llhxxtjjfvv.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\llhxxtjjfvv.exe
backup=c:\windows\pss\llhxxtjjfvv.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^lmhxytz60bh.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\lmhxytz60bh.exe
backup=c:\windows\pss\lmhxytz60bh.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^lvgrsndezp.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\lvgrsndezp.exe
backup=c:\windows\pss\lvgrsndezp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^miiduupggb.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\miiduupggb.exe
backup=c:\windows\pss\miiduupggb.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^mm6yy6kk6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\mm6yy6kk6.exe
backup=c:\windows\pss\mm6yy6kk6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^mrhxytz60b.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\mrhxytz60b.exe
backup=c:\windows\pss\mrhxytz60b.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^n1y81kvm.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\n1y81kvm.exe
backup=c:\windows\pss\n1y81kvm.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^njee6qq6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\njee6qq6.exe
backup=c:\windows\pss\njee6qq6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^njefk86w8.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\njefk86w8.exe
backup=c:\windows\pss\njefk86w8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^njj2pql0.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\njj2pql0.exe
backup=c:\windows\pss\njj2pql0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^njzzvllhxx.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\njzzvllhxx.exe
backup=c:\windows\pss\njzzvllhxx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^o1kggbss.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\o1kggbss.exe
backup=c:\windows\pss\o1kggbss.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^o5k1abg86y.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\o5k1abg86y.exe
backup=c:\windows\pss\o5k1abg86y.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^oe1abg81sd.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\oe1abg81sd.exe
backup=c:\windows\pss\oe1abg81sd.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^oo6aa6mm6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\oo6aa6mm6.exe
backup=c:\windows\pss\oo6aa6mm6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ooefk86w.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ooefk86w.exe
backup=c:\windows\pss\ooefk86w.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^oojaavmmhy.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\oojaavmmhy.exe
backup=c:\windows\pss\oojaavmmhy.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^op0vqgw0.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\op0vqgw0.exe
backup=c:\windows\pss\op0vqgw0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^p66g81sd.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\p66g81sd.exe
backup=c:\windows\pss\p66g81sd.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^p70lhxi6du.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\p70lhxi6du.exe
backup=c:\windows\pss\p70lhxi6du.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^pfgbcx08.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\pfgbcx08.exe
backup=c:\windows\pss\pfgbcx08.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^pfl60ntd.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\pfl60ntd.exe
backup=c:\windows\pss\pfl60ntd.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^pk1gccxooj.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\pk1gccxooj.exe
backup=c:\windows\pss\pk1gccxooj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^pplbbxnnjzz.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\pplbbxnnjzz.exe
backup=c:\windows\pss\pplbbxnnjzz.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^pu3q1h70dz.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\pu3q1h70dz.exe
backup=c:\windows\pss\pu3q1h70dz.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^q3ssneezqql.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\q3ssneezqql.exe
backup=c:\windows\pss\q3ssneezqql.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^q6cc6oo6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\q6cc6oo6.exe
backup=c:\windows\pss\q6cc6oo6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ql03c1yze81.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ql03c1yze81.exe
backup=c:\windows\pss\ql03c1yze81.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^qqlccxoo.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\qqlccxoo.exe
backup=c:\windows\pss\qqlccxoo.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^r0xtoo6aa.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\r0xtoo6aa.exe
backup=c:\windows\pss\r0xtoo6aa.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^riiduupg.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\riiduupg.exe
backup=c:\windows\pss\riiduupg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^rmm6yy6kabw.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\rmm6yy6kabw.exe
backup=c:\windows\pss\rmm6yy6kabw.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^rmm6yy6kk.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\rmm6yy6kk.exe
backup=c:\windows\pss\rmm6yy6kk.exeStartup
log z usb fixu v pc nemuzu nejak najit ComboFix 10-12-07.03 - xp 08.12.2010 9:30.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1768 [GMT 1:00]
Spuštěný z: c:\documents and settings\xp\Plocha\ComboFix.exe
AV: AVG Anti-Virus plus Firewall *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\xp\secupdat.dat
c:\documents and settings\xp\suuil.exe
c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\System32\drivers\Bms54.sys
c:\windows\system32\Drivers\frke7fc.sys
c:\windows\System32\drivers\htm578e.sys
c:\windows\system32\Drivers\jrj82d4.sys
c:\windows\system32\Drivers\tle1262.sys
c:\windows\system32\Drivers\widwnjyz.sys
c:\windows\System32\drivers\Xfd44.sys
c:\windows\system32\secupdat.dat
c:\windows\system32\semibe.exe
c:\windows\system32\spool\drivers\systempro.exe
c:\windows\system32\wycyrenu.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BMS54
-------\Legacy_XFD44
-------\Service_Bms54
-------\Service_Xfd44
-------\Legacy_frke7fc
-------\Legacy_htm578e
-------\Legacy_jrj82d4
-------\Legacy_jsokouuuiekkaaet
-------\Legacy_tle1262
-------\Legacy_widwnjyz
-------\Service_frke7fc
-------\Service_htm578e
-------\Service_jrj82d4
-------\Service_jsokouuuiekkaaet
-------\Service_tle1262
-------\Service_widwnjyz
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-08 do 2010-12-08 )))))))))))))))))))))))))))))))
.
2010-12-08 08:13 . 2010-12-08 08:13 -------- d-----w- c:\windows\LastGood.Tmp
2010-12-08 08:03 . 2010-12-08 08:07 -------- d-----w- c:\program files\CCleaner
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\UltiDev
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\program files\UltiDev
2010-12-04 10:23 . 2010-12-04 10:26 -------- d-----w- c:\program files\AtlasSkolstvi
2010-11-29 18:10 . 2010-11-29 18:10 82944 ----a-w- c:\windows\system32\drivers\sbrmnfwt.sys
2010-11-29 12:59 . 2010-11-29 12:59 82944 ----a-w- c:\windows\system32\drivers\kjagfncm.sys
2010-11-27 21:43 . 2010-11-27 21:43 82944 ----a-w- c:\windows\system32\drivers\prqmrngx.sys
2010-11-26 21:10 . 2010-11-26 21:10 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Media Player Classic
2010-11-20 11:44 . 2010-11-20 11:44 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp8FE86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp71F86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp63F86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp62F86.FOT
2010-11-16 14:27 . 2010-12-02 11:24 461824 ----a-w- c:\windows\system32\mozed.exe
2010-11-16 08:55 . 2010-12-02 11:24 461824 ----a-w- c:\windows\system32\jounej.exe
2010-11-15 07:59 . 2010-12-02 11:24 461824 ----a-w- c:\windows\system32\ciroozenen.exe
2010-11-14 20:43 . 2010-11-14 20:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-12 07:29 . 2010-11-16 12:15 -------- d-----w- c:\program files\Utajeny svet umeni 2
2010-11-11 22:52 . 2010-11-11 22:52 180224 ----a-w- C:\winskd.exe
2010-11-11 14:15 . 2010-11-11 14:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2010-11-10 07:47 . 2010-11-10 07:47 77824 --sh--r- c:\documents and settings\xp\Data aplikací\juzjf.exe
2010-11-10 07:36 . 2010-11-10 07:36 -------- d-----w- c:\documents and settings\xp\Data aplikací\Ladia Group
2010-11-10 07:36 . 2010-11-10 07:36 -------- d-----w- c:\program files\Anticky Rim
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 19:16 . 2009-12-18 14:06 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-12-02 11:24 . 2010-11-15 07:59 461824 ----a-w- c:\windows\system32\wycyrenu.exe
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2F1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2E1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2D1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp112DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp102DF.FOT
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-12 15:51 . 2010-09-12 15:51 1409 ----a-w- c:\windows\system32\tmp3AB4E.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC286C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC186C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC086C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpB386C.FOT
2010-09-10 05:52 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-13 138552]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBCore"="c:\program files\Common Files\Nero\Nero BackItUp 4\NBCore.exe" [2009-09-23 1598760]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"PC Suite Tray"="c:\documents and settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"quezebab"="c:\windows\system32\wycyrenu.exe" [2010-12-02 461824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^02i5eff.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\02i5eff.exe
backup=c:\windows\pss\02i5eff.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^0fbww6i.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\0fbww6i.exe
backup=c:\windows\pss\0fbww6i.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^0ggbssn.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\0ggbssn.exe
backup=c:\windows\pss\0ggbssn.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^0jfaa70.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\0jfaa70.exe
backup=c:\windows\pss\0jfaa70.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^0jo86a8.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\0jo86a8.exe
backup=c:\windows\pss\0jo86a8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^0k5q6m8.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\0k5q6m8.exe
backup=c:\windows\pss\0k5q6m8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^0kkfwwr.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\0kkfwwr.exe
backup=c:\windows\pss\0kkfwwr.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^0lhcc6o.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\0lhcc6o.exe
backup=c:\windows\pss\0lhcc6o.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^0tpkk6w.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\0tpkk6w.exe
backup=c:\windows\pss\0tpkk6w.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^0wwriid.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\0wwriid.exe
backup=c:\windows\pss\0wwriid.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^1awwrii.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\1awwrii.exe
backup=c:\windows\pss\1awwrii.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^1cyytkk.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\1cyytkk.exe
backup=c:\windows\pss\1cyytkk.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^1f3q86c.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\1f3q86c.exe
backup=c:\windows\pss\1f3q86c.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^1ieezqq.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\1ieezqq.exe
backup=c:\windows\pss\1ieezqq.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^1kggbss.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\1kggbss.exe
backup=c:\windows\pss\1kggbss.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^1okkfww.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\1okkfww.exe
backup=c:\windows\pss\1okkfww.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^1wssnee.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\1wssnee.exe
backup=c:\windows\pss\1wssnee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^2faa6mm.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\2faa6mm.exe
backup=c:\windows\pss\2faa6mm.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^2rsn0ee.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\2rsn0ee.exe
backup=c:\windows\pss\2rsn0ee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^3iiduup.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\3iiduup.exe
backup=c:\windows\pss\3iiduup.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^3mmhyyt.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\3mmhyyt.exe
backup=c:\windows\pss\3mmhyyt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^3qqlccx.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\3qqlccx.exe
backup=c:\windows\pss\3qqlccx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^3wwriid.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\3wwriid.exe
backup=c:\windows\pss\3wwriid.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^5lhcdi8.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\5lhcdi8.exe
backup=c:\windows\pss\5lhcdi8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^5w6s81e.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\5w6s81e.exe
backup=c:\windows\pss\5w6s81e.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^60xs0zf.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\60xs0zf.exe
backup=c:\windows\pss\60xs0zf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^61avwms.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\61avwms.exe
backup=c:\windows\pss\61avwms.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^66s86up.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\66s86up.exe
backup=c:\windows\pss\66s86up.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^66u86g8.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\66u86g8.exe
backup=c:\windows\pss\66u86g8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^6ee6qq6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\6ee6qq6.exe
backup=c:\windows\pss\6ee6qq6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^6g81sde.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\6g81sde.exe
backup=c:\windows\pss\6g81sde.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^6gg6ss6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\6gg6ss6.exe
backup=c:\windows\pss\6gg6ss6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^6jzk1ab.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\6jzk1ab.exe
backup=c:\windows\pss\6jzk1ab.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^6oo6aa6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\6oo6aa6.exe
backup=c:\windows\pss\6oo6aa6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^6uu6gg6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\6uu6gg6.exe
backup=c:\windows\pss\6uu6gg6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^703u1l7.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\703u1l7.exe
backup=c:\windows\pss\703u1l7.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^70a70bx.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\70a70bx.exe
backup=c:\windows\pss\70a70bx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^70vrmm6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\70vrmm6.exe
backup=c:\windows\pss\70vrmm6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^81yjkfl.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\81yjkfl.exe
backup=c:\windows\pss\81yjkfl.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^870lhxi.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\870lhxi.exe
backup=c:\windows\pss\870lhxi.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^91cne1u.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\91cne1u.exe
backup=c:\windows\pss\91cne1u.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^91k3wrx.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\91k3wrx.exe
backup=c:\windows\pss\91k3wrx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^9k1gccx.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\9k1gccx.exe
backup=c:\windows\pss\9k1gccx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^9w1sooj.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\9w1sooj.exe
backup=c:\windows\pss\9w1sooj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^a81mxytz60b.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\a81mxytz60b.exe
backup=c:\windows\pss\a81mxytz60b.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^a81xsty81.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\a81xsty81.exe
backup=c:\windows\pss\a81xsty81.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^aavrmcs2ee.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\aavrmcs2ee.exe
backup=c:\windows\pss\aavrmcs2ee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^avmmhyyt.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\avmmhyyt.exe
backup=c:\windows\pss\avmmhyyt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^bbxnnjzzvll.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\bbxnnjzzvll.exe
backup=c:\windows\pss\bbxnnjzzvll.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^bm1cdi86.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\bm1cdi86.exe
backup=c:\windows\pss\bm1cdi86.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^bmxytjkfv.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\bmxytjkfv.exe
backup=c:\windows\pss\bmxytjkfv.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^brc1sty86.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\brc1sty86.exe
backup=c:\windows\pss\brc1sty86.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^bxsty86k8.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\bxsty86k8.exe
backup=c:\windows\pss\bxsty86k8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^c6iizz2fg.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\c6iizz2fg.exe
backup=c:\windows\pss\c6iizz2fg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ccsi1z70.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ccsi1z70.exe
backup=c:\windows\pss\ccsi1z70.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^cioeeuk1.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\cioeeuk1.exe
backup=c:\windows\pss\cioeeuk1.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^dep0a0rr.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\dep0a0rr.exe
backup=c:\windows\pss\dep0a0rr.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^dzuu6gg6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\dzuu6gg6.exe
backup=c:\windows\pss\dzuu6gg6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^dzuva86m8.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\dzuva86m8.exe
backup=c:\windows\pss\dzuva86m8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^e1awwriidu.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\e1awwriidu.exe
backup=c:\windows\pss\e1awwriidu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^e70fbww6i.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\e70fbww6i.exe
backup=c:\windows\pss\e70fbww6i.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^e9a1wssnee.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\e9a1wssnee.exe
backup=c:\windows\pss\e9a1wssnee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^eaavmmhyyt.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\eaavmmhyyt.exe
backup=c:\windows\pss\eaavmmhyyt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ejzf66w86i.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ejzf66w86i.exe
backup=c:\windows\pss\ejzf66w86i.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ejzpqlbcxn.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ejzpqlbcxn.exe
backup=c:\windows\pss\ejzpqlbcxn.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^euk1b703i0.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\euk1b703i0.exe
backup=c:\windows\pss\euk1b703i0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^euva81mxyt.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\euva81mxyt.exe
backup=c:\windows\pss\euva81mxyt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^euva870nd0.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\euva870nd0.exe
backup=c:\windows\pss\euva870nd0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ezf2lbcxd6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ezf2lbcxd6.exe
backup=c:\windows\pss\ezf2lbcxd6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ezqqlccx.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ezqqlccx.exe
backup=c:\windows\pss\ezqqlccx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^f0lhcc6oo.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\f0lhcc6oo.exe
backup=c:\windows\pss\f0lhcc6oo.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^fbww6ii6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\fbww6ii6.exe
backup=c:\windows\pss\fbww6ii6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^fgb03s0t.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\fgb03s0t.exe
backup=c:\windows\pss\fgb03s0t.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^fk81whid.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\fk81whid.exe
backup=c:\windows\pss\fk81whid.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^g3iiduupggb.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\g3iiduupggb.exe
backup=c:\windows\pss\g3iiduupggb.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^g6sio5jf.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\g6sio5jf.exe
backup=c:\windows\pss\g6sio5jf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^g86s870aaqg.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\g86s870aaqg.exe
backup=c:\windows\pss\g86s870aaqg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ggbssneezq.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ggbssneezq.exe
backup=c:\windows\pss\ggbssneezq.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^glwhc0to0f.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\glwhc0to0f.exe
backup=c:\windows\pss\glwhc0to0f.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^h66y86k8.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\h66y86k8.exe
backup=c:\windows\pss\h66y86k8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^hc1yuupggb.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\hc1yuupggb.exe
backup=c:\windows\pss\hc1yuupggb.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^hhdttpffbrr.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\hhdttpffbrr.exe
backup=c:\windows\pss\hhdttpffbrr.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^hidj66a86m.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\hidj66a86m.exe
backup=c:\windows\pss\hidj66a86m.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^hxxtjjfv.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\hxxtjjfv.exe
backup=c:\windows\pss\hxxtjjfv.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^i6uu6gg6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\i6uu6gg6.exe
backup=c:\windows\pss\i6uu6gg6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^iy0zpv66m8.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\iy0zpv66m8.exe
backup=c:\windows\pss\iy0zpv66m8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^jaavwrx870z.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\jaavwrx870z.exe
backup=c:\windows\pss\jaavwrx870z.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^jee6qq6cc.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\jee6qq6cc.exe
backup=c:\windows\pss\jee6qq6cc.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^jfvvrhhd.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\jfvvrhhd.exe
backup=c:\windows\pss\jfvvrhhd.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^jkfgb081itu.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\jkfgb081itu.exe
backup=c:\windows\pss\jkfgb081itu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^jzzvllhx.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\jzzvllhx.exe
backup=c:\windows\pss\jzzvllhx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^k3mmhyytkkf.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\k3mmhyytkkf.exe
backup=c:\windows\pss\k3mmhyytkkf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^kagbcx08.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\kagbcx08.exe
backup=c:\windows\pss\kagbcx08.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^kkfgbr3o.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\kkfgbr3o.exe
backup=c:\windows\pss\kkfgbr3o.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^lgg6ss6ee.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\lgg6ss6ee.exe
backup=c:\windows\pss\lgg6ss6ee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^lgm70njee.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\lgm70njee.exe
backup=c:\windows\pss\lgm70njee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^llhxxtjjfvv.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\llhxxtjjfvv.exe
backup=c:\windows\pss\llhxxtjjfvv.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^lmhxytz60bh.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\lmhxytz60bh.exe
backup=c:\windows\pss\lmhxytz60bh.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^lvgrsndezp.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\lvgrsndezp.exe
backup=c:\windows\pss\lvgrsndezp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^miiduupggb.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\miiduupggb.exe
backup=c:\windows\pss\miiduupggb.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^mm6yy6kk6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\mm6yy6kk6.exe
backup=c:\windows\pss\mm6yy6kk6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^mrhxytz60b.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\mrhxytz60b.exe
backup=c:\windows\pss\mrhxytz60b.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^n1y81kvm.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\n1y81kvm.exe
backup=c:\windows\pss\n1y81kvm.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^njee6qq6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\njee6qq6.exe
backup=c:\windows\pss\njee6qq6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^njefk86w8.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\njefk86w8.exe
backup=c:\windows\pss\njefk86w8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^njj2pql0.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\njj2pql0.exe
backup=c:\windows\pss\njj2pql0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^njzzvllhxx.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\njzzvllhxx.exe
backup=c:\windows\pss\njzzvllhxx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^o1kggbss.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\o1kggbss.exe
backup=c:\windows\pss\o1kggbss.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^o5k1abg86y.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\o5k1abg86y.exe
backup=c:\windows\pss\o5k1abg86y.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^oe1abg81sd.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\oe1abg81sd.exe
backup=c:\windows\pss\oe1abg81sd.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^oo6aa6mm6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\oo6aa6mm6.exe
backup=c:\windows\pss\oo6aa6mm6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ooefk86w.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ooefk86w.exe
backup=c:\windows\pss\ooefk86w.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^oojaavmmhy.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\oojaavmmhy.exe
backup=c:\windows\pss\oojaavmmhy.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^op0vqgw0.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\op0vqgw0.exe
backup=c:\windows\pss\op0vqgw0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^p66g81sd.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\p66g81sd.exe
backup=c:\windows\pss\p66g81sd.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^p70lhxi6du.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\p70lhxi6du.exe
backup=c:\windows\pss\p70lhxi6du.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^pfgbcx08.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\pfgbcx08.exe
backup=c:\windows\pss\pfgbcx08.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^pfl60ntd.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\pfl60ntd.exe
backup=c:\windows\pss\pfl60ntd.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^pk1gccxooj.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\pk1gccxooj.exe
backup=c:\windows\pss\pk1gccxooj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^pplbbxnnjzz.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\pplbbxnnjzz.exe
backup=c:\windows\pss\pplbbxnnjzz.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^pu3q1h70dz.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\pu3q1h70dz.exe
backup=c:\windows\pss\pu3q1h70dz.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^q3ssneezqql.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\q3ssneezqql.exe
backup=c:\windows\pss\q3ssneezqql.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^q6cc6oo6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\q6cc6oo6.exe
backup=c:\windows\pss\q6cc6oo6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ql03c1yze81.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ql03c1yze81.exe
backup=c:\windows\pss\ql03c1yze81.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^qqlccxoo.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\qqlccxoo.exe
backup=c:\windows\pss\qqlccxoo.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^r0xtoo6aa.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\r0xtoo6aa.exe
backup=c:\windows\pss\r0xtoo6aa.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^riiduupg.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\riiduupg.exe
backup=c:\windows\pss\riiduupg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^rmm6yy6kabw.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\rmm6yy6kabw.exe
backup=c:\windows\pss\rmm6yy6kabw.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^rmm6yy6kk.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\rmm6yy6kk.exe
backup=c:\windows\pss\rmm6yy6kk.exeStartup
Re: pro motji - prosim o pomoc
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^rnii6uu6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\rnii6uu6.exe
backup=c:\windows\pss\rnii6uu6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^s3uupggbssn.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\s3uupggbssn.exe
backup=c:\windows\pss\s3uupggbssn.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^s6ee6qq6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\s6ee6qq6.exe
backup=c:\windows\pss\s6ee6qq6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^s81epqlbc.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\s81epqlbc.exe
backup=c:\windows\pss\s81epqlbc.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^sdezf66w86.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\sdezf66w86.exe
backup=c:\windows\pss\sdezf66w86.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^sneezqql.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\sneezqql.exe
backup=c:\windows\pss\sneezqql.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ssneezqq.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ssneezqq.exe
backup=c:\windows\pss\ssneezqq.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^t0zvqq6cc.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\t0zvqq6cc.exe
backup=c:\windows\pss\t0zvqq6cc.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^tjju3q1h.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\tjju3q1h.exe
backup=c:\windows\pss\tjju3q1h.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^tjp66g86s81.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\tjp66g86s81.exe
backup=c:\windows\pss\tjp66g86s81.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^tju1klq3c.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\tju1klq3c.exe
backup=c:\windows\pss\tju1klq3c.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^too6aa6mm.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\too6aa6mm.exe
backup=c:\windows\pss\too6aa6mm.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^tpffbrrn.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\tpffbrrn.exe
backup=c:\windows\pss\tpffbrrn.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^tpfq0gms.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\tpfq0gms.exe
backup=c:\windows\pss\tpfq0gms.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ttpffbrrndd.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ttpffbrrndd.exe
backup=c:\windows\pss\ttpffbrrndd.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^tu70vrmm6y.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\tu70vrmm6y.exe
backup=c:\windows\pss\tu70vrmm6y.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^u1gb1cyy.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\u1gb1cyy.exe
backup=c:\windows\pss\u1gb1cyy.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^u1qmmhyytk.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\u1qmmhyytk.exe
backup=c:\windows\pss\u1qmmhyytk.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^u1vmmhyytk.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\u1vmmhyytk.exe
backup=c:\windows\pss\u1vmmhyytk.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^u3wwriiduup.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\u3wwriiduup.exe
backup=c:\windows\pss\u3wwriiduup.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^u6k81whid.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\u6k81whid.exe
backup=c:\windows\pss\u6k81whid.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^u70vrmm6y.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\u70vrmm6y.exe
backup=c:\windows\pss\u70vrmm6y.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^u81gri6de.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\u81gri6de.exe
backup=c:\windows\pss\u81gri6de.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^u9q1miiduu.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\u9q1miiduu.exe
backup=c:\windows\pss\u9q1miiduu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ukqlmh081o.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ukqlmh081o.exe
backup=c:\windows\pss\ukqlmh081o.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ull2rsn0.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ull2rsn0.exe
backup=c:\windows\pss\ull2rsn0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^upfgbrsnde.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\upfgbrsnde.exe
backup=c:\windows\pss\upfgbrsnde.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^upll2rhid.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\upll2rhid.exe
backup=c:\windows\pss\upll2rhid.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^uu30bxss6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\uu30bxss6.exe
backup=c:\windows\pss\uu30bxss6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^uupggbss.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\uupggbss.exe
backup=c:\windows\pss\uupggbss.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^v1g3c1tze8.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\v1g3c1tze8.exe
backup=c:\windows\pss\v1g3c1tze8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^v3mmhyyt.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\v3mmhyyt.exe
backup=c:\windows\pss\v3mmhyyt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^va870nd0.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\va870nd0.exe
backup=c:\windows\pss\va870nd0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^vq1miiduup.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\vq1miiduup.exe
backup=c:\windows\pss\vq1miiduup.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^vqq6cc6oo.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\vqq6cc6oo.exe
backup=c:\windows\pss\vqq6cc6oo.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^vrw81itu.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\vrw81itu.exe
backup=c:\windows\pss\vrw81itu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^vvwr081y.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\vvwr081y.exe
backup=c:\windows\pss\vvwr081y.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^w0xty86k81.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\w0xty86k81.exe
backup=c:\windows\pss\w0xty86k81.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^w1soojaa.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\w1soojaa.exe
backup=c:\windows\pss\w1soojaa.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^w6ii6uu6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\w6ii6uu6.exe
backup=c:\windows\pss\w6ii6uu6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^w70xtoo6a.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\w70xtoo6a.exe
backup=c:\windows\pss\w70xtoo6a.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^wmc0dtz66q.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\wmc0dtz66q.exe
backup=c:\windows\pss\wmc0dtz66q.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^wnn2tup0.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\wnn2tup0.exe
backup=c:\windows\pss\wnn2tup0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^wwriiduu.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\wwriiduu.exe
backup=c:\windows\pss\wwriiduu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^xi1yze86.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\xi1yze86.exe
backup=c:\windows\pss\xi1yze86.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^xnstoeu1l7.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\xnstoeu1l7.exe
backup=c:\windows\pss\xnstoeu1l7.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^xoojaavmmhy.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\xoojaavmmhy.exe
backup=c:\windows\pss\xoojaavmmhy.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^xtju1klqbrh.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\xtju1klqbrh.exe
backup=c:\windows\pss\xtju1klqbrh.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^xtoo6aa6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\xtoo6aa6.exe
backup=c:\windows\pss\xtoo6aa6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^xytup081.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\xytup081.exe
backup=c:\windows\pss\xytup081.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^y1p70wwm.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\y1p70wwm.exe
backup=c:\windows\pss\y1p70wwm.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^y1uqqlccxo.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\y1uqqlccxo.exe
backup=c:\windows\pss\y1uqqlccxo.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^y3aavmmhyyt.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\y3aavmmhyyt.exe
backup=c:\windows\pss\y3aavmmhyyt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^y9u1qmmhyy.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\y9u1qmmhyy.exe
backup=c:\windows\pss\y9u1qmmhyy.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^yjuzkvwxx.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\yjuzkvwxx.exe
backup=c:\windows\pss\yjuzkvwxx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^yjzvg6bs1ij.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\yjzvg6bs1ij.exe
backup=c:\windows\pss\yjzvg6bs1ij.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^yytkkfww.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\yytkkfww.exe
backup=c:\windows\pss\yytkkfww.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^z081grsnt.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\z081grsnt.exe
backup=c:\windows\pss\z081grsnt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^z0a1gg0xs0.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\z0a1gg0xs0.exe
backup=c:\windows\pss\z0a1gg0xs0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ze86q81c.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ze86q81c.exe
backup=c:\windows\pss\ze86q81c.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^zfbb2hid0uu.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\zfbb2hid0uu.exe
backup=c:\windows\pss\zfbb2hid0uu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^zfqb0m1doe.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\zfqb0m1doe.exe
backup=c:\windows\pss\zfqb0m1doe.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^zpv66mdnjef.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\zpv66mdnjef.exe
backup=c:\windows\pss\zpv66mdnjef.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^zuu6gg6ss.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\zuu6gg6ss.exe
backup=c:\windows\pss\zuu6gg6ss.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^zvllhxxt.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\zvllhxxt.exe
backup=c:\windows\pss\zvllhxxt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^zvqq6cc6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\zvqq6cc6.exe
backup=c:\windows\pss\zvqq6cc6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^zzvllhxxtjj.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\zzvllhxxtjj.exe
backup=c:\windows\pss\zzvllhxxtjj.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\documents and settings\xp\suuil.exe \u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hybicok]
2010-12-02 11:24 461824 ----a-w- c:\windows\system32\jounej.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quezebab]
2010-12-02 11:24 461824 ----a-w- c:\windows\system32\wycyrenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=
"c:\\WINDOWS\\system32\\jounej.exe"=
"c:\\WINDOWS\\system32\\mozed.exe"=
"c:\\WINDOWS\\system32\\wycyrenu.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\Distributed.exe"=
R2 DistributedAgentServices;DistributedAgentServices;c:\windows\system32\spool\drivers\Distributed.exe [8.12.2010 9:13 117732]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.1.2010 16:26 222968]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [8.2.2007 0:06 49152]
R2 voi0u1uiupuo;SmartLinkService;c:\windows\system32\ciroozenen.exe --> c:\windows\system32\ciroozenen.exe [?]
S2 gupdate1caacd933cab9b9;Služba Google Update (gupdate1caacd933cab9b9);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2010 19:20 133104]
S2 kjagfncm;kjagfncm;c:\windows\system32\drivers\kjagfncm.sys [29.11.2010 13:59 82944]
S2 prqmrngx;prqmrngx;c:\windows\system32\drivers\prqmrngx.sys [27.11.2010 22:43 82944]
S2 sbrmnfwt;sbrmnfwt;c:\windows\system32\drivers\sbrmnfwt.sys [29.11.2010 19:10 82944]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - eeCtrl
.
Obsah adresáře 'Naplánované úlohy'
2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-05 c:\windows\Tasks\Norton Security Scan for xp.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-16 07:48]
2010-12-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 20:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://fullarticles.net
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
FF - ProfilePath - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU-ASK&o=102349&locale=en_EU&apn_uid=942CEA21-2248-4FEA-B90C-F06A5740D854&apn_ptnrs=Q6&apn_sauid=E1D2AB8C-A9FD-4CC6-8203-0569E253DB9D&apn_dtid=YYYYYYYYCZ&q=
FF - component: c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: aTube Toolbar: toolbar@ask.com - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\extensions\toolbar@ask.com
FF - Extension: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-*{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
URLSearchHooks-*{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-NWEReboot - (no file)
Notify-avgrsstarter - avgrsstx.dll
SafeBoot-Bms54.sys
SafeBoot-cbsbznqn
SafeBoot-cuzsbzjb
SafeBoot-dumrmret
SafeBoot-gfwcbsbx
SafeBoot-reeqfjmu
SafeBoot-sbrmnfwt
SafeBoot-vjeteeri
SafeBoot-vmderixj
SafeBoot-widwnjyz.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-Xfd44.sys
MSConfigStartUp-Windows Firewall - c:\docume~1\xp\LOCALS~1\Temp\lsass.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-08 09:36
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(5868)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MSVCP71.dll
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\PhoneBrowser.dll
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\NGSCM.DLL
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\system32\spool\drivers\systempro.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-12-08 09:42:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-08 08:42
Před spuštěním: Volných bajtů: 405 951 430 656
Po spuštění: Volných bajtů: 410 634 661 888
- - End Of File - - A60446EF4522A9067B6428195587C0FC
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\rnii6uu6.exe
backup=c:\windows\pss\rnii6uu6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^s3uupggbssn.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\s3uupggbssn.exe
backup=c:\windows\pss\s3uupggbssn.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^s6ee6qq6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\s6ee6qq6.exe
backup=c:\windows\pss\s6ee6qq6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^s81epqlbc.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\s81epqlbc.exe
backup=c:\windows\pss\s81epqlbc.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^sdezf66w86.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\sdezf66w86.exe
backup=c:\windows\pss\sdezf66w86.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^sneezqql.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\sneezqql.exe
backup=c:\windows\pss\sneezqql.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ssneezqq.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ssneezqq.exe
backup=c:\windows\pss\ssneezqq.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^t0zvqq6cc.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\t0zvqq6cc.exe
backup=c:\windows\pss\t0zvqq6cc.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^tjju3q1h.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\tjju3q1h.exe
backup=c:\windows\pss\tjju3q1h.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^tjp66g86s81.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\tjp66g86s81.exe
backup=c:\windows\pss\tjp66g86s81.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^tju1klq3c.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\tju1klq3c.exe
backup=c:\windows\pss\tju1klq3c.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^too6aa6mm.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\too6aa6mm.exe
backup=c:\windows\pss\too6aa6mm.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^tpffbrrn.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\tpffbrrn.exe
backup=c:\windows\pss\tpffbrrn.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^tpfq0gms.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\tpfq0gms.exe
backup=c:\windows\pss\tpfq0gms.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ttpffbrrndd.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ttpffbrrndd.exe
backup=c:\windows\pss\ttpffbrrndd.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^tu70vrmm6y.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\tu70vrmm6y.exe
backup=c:\windows\pss\tu70vrmm6y.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^u1gb1cyy.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\u1gb1cyy.exe
backup=c:\windows\pss\u1gb1cyy.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^u1qmmhyytk.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\u1qmmhyytk.exe
backup=c:\windows\pss\u1qmmhyytk.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^u1vmmhyytk.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\u1vmmhyytk.exe
backup=c:\windows\pss\u1vmmhyytk.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^u3wwriiduup.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\u3wwriiduup.exe
backup=c:\windows\pss\u3wwriiduup.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^u6k81whid.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\u6k81whid.exe
backup=c:\windows\pss\u6k81whid.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^u70vrmm6y.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\u70vrmm6y.exe
backup=c:\windows\pss\u70vrmm6y.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^u81gri6de.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\u81gri6de.exe
backup=c:\windows\pss\u81gri6de.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^u9q1miiduu.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\u9q1miiduu.exe
backup=c:\windows\pss\u9q1miiduu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ukqlmh081o.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ukqlmh081o.exe
backup=c:\windows\pss\ukqlmh081o.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ull2rsn0.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ull2rsn0.exe
backup=c:\windows\pss\ull2rsn0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^upfgbrsnde.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\upfgbrsnde.exe
backup=c:\windows\pss\upfgbrsnde.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^upll2rhid.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\upll2rhid.exe
backup=c:\windows\pss\upll2rhid.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^uu30bxss6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\uu30bxss6.exe
backup=c:\windows\pss\uu30bxss6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^uupggbss.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\uupggbss.exe
backup=c:\windows\pss\uupggbss.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^v1g3c1tze8.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\v1g3c1tze8.exe
backup=c:\windows\pss\v1g3c1tze8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^v3mmhyyt.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\v3mmhyyt.exe
backup=c:\windows\pss\v3mmhyyt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^va870nd0.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\va870nd0.exe
backup=c:\windows\pss\va870nd0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^vq1miiduup.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\vq1miiduup.exe
backup=c:\windows\pss\vq1miiduup.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^vqq6cc6oo.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\vqq6cc6oo.exe
backup=c:\windows\pss\vqq6cc6oo.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^vrw81itu.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\vrw81itu.exe
backup=c:\windows\pss\vrw81itu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^vvwr081y.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\vvwr081y.exe
backup=c:\windows\pss\vvwr081y.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^w0xty86k81.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\w0xty86k81.exe
backup=c:\windows\pss\w0xty86k81.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^w1soojaa.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\w1soojaa.exe
backup=c:\windows\pss\w1soojaa.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^w6ii6uu6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\w6ii6uu6.exe
backup=c:\windows\pss\w6ii6uu6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^w70xtoo6a.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\w70xtoo6a.exe
backup=c:\windows\pss\w70xtoo6a.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^wmc0dtz66q.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\wmc0dtz66q.exe
backup=c:\windows\pss\wmc0dtz66q.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^wnn2tup0.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\wnn2tup0.exe
backup=c:\windows\pss\wnn2tup0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^wwriiduu.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\wwriiduu.exe
backup=c:\windows\pss\wwriiduu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^xi1yze86.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\xi1yze86.exe
backup=c:\windows\pss\xi1yze86.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^xnstoeu1l7.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\xnstoeu1l7.exe
backup=c:\windows\pss\xnstoeu1l7.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^xoojaavmmhy.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\xoojaavmmhy.exe
backup=c:\windows\pss\xoojaavmmhy.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^xtju1klqbrh.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\xtju1klqbrh.exe
backup=c:\windows\pss\xtju1klqbrh.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^xtoo6aa6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\xtoo6aa6.exe
backup=c:\windows\pss\xtoo6aa6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^xytup081.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\xytup081.exe
backup=c:\windows\pss\xytup081.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^y1p70wwm.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\y1p70wwm.exe
backup=c:\windows\pss\y1p70wwm.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^y1uqqlccxo.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\y1uqqlccxo.exe
backup=c:\windows\pss\y1uqqlccxo.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^y3aavmmhyyt.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\y3aavmmhyyt.exe
backup=c:\windows\pss\y3aavmmhyyt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^y9u1qmmhyy.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\y9u1qmmhyy.exe
backup=c:\windows\pss\y9u1qmmhyy.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^yjuzkvwxx.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\yjuzkvwxx.exe
backup=c:\windows\pss\yjuzkvwxx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^yjzvg6bs1ij.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\yjzvg6bs1ij.exe
backup=c:\windows\pss\yjzvg6bs1ij.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^yytkkfww.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\yytkkfww.exe
backup=c:\windows\pss\yytkkfww.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^z081grsnt.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\z081grsnt.exe
backup=c:\windows\pss\z081grsnt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^z0a1gg0xs0.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\z0a1gg0xs0.exe
backup=c:\windows\pss\z0a1gg0xs0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^ze86q81c.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\ze86q81c.exe
backup=c:\windows\pss\ze86q81c.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^zfbb2hid0uu.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\zfbb2hid0uu.exe
backup=c:\windows\pss\zfbb2hid0uu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^zfqb0m1doe.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\zfqb0m1doe.exe
backup=c:\windows\pss\zfqb0m1doe.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^zpv66mdnjef.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\zpv66mdnjef.exe
backup=c:\windows\pss\zpv66mdnjef.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^zuu6gg6ss.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\zuu6gg6ss.exe
backup=c:\windows\pss\zuu6gg6ss.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^zvllhxxt.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\zvllhxxt.exe
backup=c:\windows\pss\zvllhxxt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^zvqq6cc6.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\zvqq6cc6.exe
backup=c:\windows\pss\zvqq6cc6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Nabídka Start^Programy^Po spuštění^zzvllhxxtjj.exe]
path=c:\documents and settings\xp\Nabídka Start\Programy\Po spuštění\zzvllhxxtjj.exe
backup=c:\windows\pss\zzvllhxxtjj.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\documents and settings\xp\suuil.exe \u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hybicok]
2010-12-02 11:24 461824 ----a-w- c:\windows\system32\jounej.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quezebab]
2010-12-02 11:24 461824 ----a-w- c:\windows\system32\wycyrenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=
"c:\\WINDOWS\\system32\\jounej.exe"=
"c:\\WINDOWS\\system32\\mozed.exe"=
"c:\\WINDOWS\\system32\\wycyrenu.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\Distributed.exe"=
R2 DistributedAgentServices;DistributedAgentServices;c:\windows\system32\spool\drivers\Distributed.exe [8.12.2010 9:13 117732]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.1.2010 16:26 222968]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [8.2.2007 0:06 49152]
R2 voi0u1uiupuo;SmartLinkService;c:\windows\system32\ciroozenen.exe --> c:\windows\system32\ciroozenen.exe [?]
S2 gupdate1caacd933cab9b9;Služba Google Update (gupdate1caacd933cab9b9);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2010 19:20 133104]
S2 kjagfncm;kjagfncm;c:\windows\system32\drivers\kjagfncm.sys [29.11.2010 13:59 82944]
S2 prqmrngx;prqmrngx;c:\windows\system32\drivers\prqmrngx.sys [27.11.2010 22:43 82944]
S2 sbrmnfwt;sbrmnfwt;c:\windows\system32\drivers\sbrmnfwt.sys [29.11.2010 19:10 82944]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - eeCtrl
.
Obsah adresáře 'Naplánované úlohy'
2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-05 c:\windows\Tasks\Norton Security Scan for xp.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-16 07:48]
2010-12-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 20:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://fullarticles.net
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
FF - ProfilePath - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU-ASK&o=102349&locale=en_EU&apn_uid=942CEA21-2248-4FEA-B90C-F06A5740D854&apn_ptnrs=Q6&apn_sauid=E1D2AB8C-A9FD-4CC6-8203-0569E253DB9D&apn_dtid=YYYYYYYYCZ&q=
FF - component: c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: aTube Toolbar: toolbar@ask.com - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\extensions\toolbar@ask.com
FF - Extension: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-*{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
URLSearchHooks-*{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-NWEReboot - (no file)
Notify-avgrsstarter - avgrsstx.dll
SafeBoot-Bms54.sys
SafeBoot-cbsbznqn
SafeBoot-cuzsbzjb
SafeBoot-dumrmret
SafeBoot-gfwcbsbx
SafeBoot-reeqfjmu
SafeBoot-sbrmnfwt
SafeBoot-vjeteeri
SafeBoot-vmderixj
SafeBoot-widwnjyz.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-Xfd44.sys
MSConfigStartUp-Windows Firewall - c:\docume~1\xp\LOCALS~1\Temp\lsass.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-08 09:36
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(5868)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MSVCP71.dll
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\PhoneBrowser.dll
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\NGSCM.DLL
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\system32\spool\drivers\systempro.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-12-08 09:42:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-08 08:42
Před spuštěním: Volných bajtů: 405 951 430 656
Po spuštění: Volných bajtů: 410 634 661 888
- - End Of File - - A60446EF4522A9067B6428195587C0FC
Re: pro motji - prosim o pomoc
Tak ted jste mi poslal ještě starší 
, ale vypadá tedy strašně
ComboFix 10-12-07.03 - xp 08.12.2010 9:30.1.2 - x86 NETWORK
Zkuste najít s dnešním datem, nebo mi sem vložte alespon nový log ze Rsitu,ať vidím, co tam zůstalo
Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
, ale vypadá tedy strašně ComboFix 10-12-07.03 - xp 08.12.2010 9:30.1.2 - x86 NETWORK
Zkuste najít s dnešním datem, nebo mi sem vložte alespon nový log ze Rsitu,ať vidím, co tam zůstalo
Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: pro motji - prosim o pomoc
omlouvam se za zmatky mel sem nejakej spatnej den nasel sem snad ten spravnej log z combofixu a dokonce sem nasel i log z toho USB fixu a jeste sem udelal i novy log z rsitu a na MBAM se ted pracuje
combofix:
ComboFix 10-12-08.04 - xp 10.12.2010 9:30.4.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1779 [GMT 1:00]
Spuštěný z: c:\documents and settings\xp\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\xp\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus plus Firewall *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
file zipped: c:\windows\system32\drivers\kjagfncm.sys
file zipped: c:\windows\system32\drivers\sbrmnfwt.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\SweetIM\Messenger\
c:\program files\SweetIM\Messenger\\default.xml
c:\program files\SweetIM\Messenger\\mgAdaptersProxy.dll
c:\program files\SweetIM\Messenger\\mgAIMAuto.dll
c:\program files\SweetIM\Messenger\\mgAIMMessengerAdapter.dll
c:\program files\SweetIM\Messenger\\mgArchive.dll
c:\program files\SweetIM\Messenger\\mgcommon.dll
c:\program files\SweetIM\Messenger\\mgcommunication.dll
c:\program files\SweetIM\Messenger\\mgconfig.dll
c:\program files\SweetIM\Messenger\\mgFlashPlayer.dll
c:\program files\SweetIM\Messenger\\mghooking.dll
c:\program files\SweetIM\Messenger\\mgICQAuto.dll
c:\program files\SweetIM\Messenger\\mgICQMessengerAdapter.dll
c:\program files\SweetIM\Messenger\\mgIEPlayer.dll
c:\program files\SweetIM\Messenger\\mglogger.dll
c:\program files\SweetIM\Messenger\\mgMediaPlayer.dll
c:\program files\SweetIM\Messenger\\mgMsnAuto.dll
c:\program files\SweetIM\Messenger\\mgMsnMessengerAdapter.dll
c:\program files\SweetIM\Messenger\\mgsimcommon.dll
c:\program files\SweetIM\Messenger\\mgSweetIM.dll
c:\program files\SweetIM\Messenger\\mgUpdateSupport.dll
c:\program files\SweetIM\Messenger\\mgxml_wrapper.dll
c:\program files\SweetIM\Messenger\\mgYahooAuto.dll
c:\program files\SweetIM\Messenger\\mgYahooMessengerAdapter.dll
c:\program files\SweetIM\Messenger\\msvcp71.dll
c:\program files\SweetIM\Messenger\\msvcr71.dll
c:\program files\SweetIM\Messenger\\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\\resources\images\GamesButton.png
c:\program files\SweetIM\Messenger\\resources\images\KeyboardButton.png
c:\program files\SweetIM\Messenger\\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\\SweetIM.exe
c:\windows\system32\drivers\kjagfncm.sys
c:\windows\system32\drivers\sbrmnfwt.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_JSOKOUUUIEKKAAET
-------\Legacy_KJAGFNCM
-------\Legacy_VOI0U1UIUPUO
-------\Service_jsokouuuiekkaaet
-------\Service_kjagfncm
-------\Service_voi0u1uiupuo
-------\Legacy_sbrmnfwt
-------\Service_sbrmnfwt
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-10 do 2010-12-10 )))))))))))))))))))))))))))))))
.
2010-12-09 10:41 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-09 10:41 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-09 10:41 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-09 10:41 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-09 10:41 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-09 10:41 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-09 10:41 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-09 10:41 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-09 10:41 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\program files\Alwil Software
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-12-09 08:42 . 2010-12-09 12:23 -------- d-----w- C:\rsit
2010-12-09 08:42 . 2010-12-09 11:37 -------- d-----w- c:\program files\trend micro
2010-12-08 09:46 . 2010-12-08 09:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\xp\Data aplikací\Malwarebytes
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-08 08:03 . 2010-12-08 08:07 -------- d-----w- c:\program files\CCleaner
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\UltiDev
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\program files\UltiDev
2010-12-04 10:23 . 2010-12-04 10:26 -------- d-----w- c:\program files\AtlasSkolstvi
2010-11-26 21:10 . 2010-11-26 21:10 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Media Player Classic
2010-11-20 11:44 . 2010-11-20 11:44 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp8FE86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp71F86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp63F86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp62F86.FOT
2010-11-14 20:43 . 2010-11-14 20:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-12 07:29 . 2010-11-16 12:15 -------- d-----w- c:\program files\Utajeny svet umeni 2
2010-11-11 14:15 . 2010-11-11 14:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 19:16 . 2009-12-18 14:06 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2F1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2E1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2D1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp112DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp102DF.FOT
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-12 15:51 . 2010-09-12 15:51 1409 ----a-w- c:\windows\system32\tmp3AB4E.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC286C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC186C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC086C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpB386C.FOT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBCore"="c:\program files\Common Files\Nero\Nero BackItUp 4\NBCore.exe" [2009-09-23 1598760]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"PC Suite Tray"="c:\documents and settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.12.2010 11:41 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.12.2010 11:41 17744]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
S2 gupdate1caacd933cab9b9;Služba Google Update (gupdate1caacd933cab9b9);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2010 19:20 133104]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S4 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [8.2.2007 0:06 49152]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - eeCtrl
.
Obsah adresáře 'Naplánované úlohy'
2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-08 c:\windows\Tasks\Norton Security Scan for xp.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-16 07:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
FF - ProfilePath - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-10 09:36
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(424)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\PhoneBrowser.dll
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\NGSCM.DLL
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-12-10 09:40:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-10 08:40
ComboFix2.txt 2010-12-08 08:42
Před spuštěním: Volných bajtů: 414 864 470 016
Po spuštění: Volných bajtů: 414 822 531 072
- - End Of File - - CED47CFF45042B05403F4072176C1392
USB FIX:
############################## | UsbFix 7.014 | [Research]
User: xp (Administrator) # XP-76C410822E8E [ ]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 09:42:10 | 10/12/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
CPU 2: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall: Enabled
Antivirus: AVG Anti-Virus plus Firewall 8.5 [Enabled | Updated]
Antivirus: avast! Antivirus 5.0.83886757 [(!) Disabled | Updated]
Firewall: AVG Firewall 8.5 [(!) Disabled]
RAM -> 2046 Mb
C:\ (%systemdrive%) -> Fixed drive # 466 Gb (386 Mb free - 83%) [] # NTFS
D:\ -> Removable drive # 15 Gb (1 Mb free - 9%) [CORSAIR] # FAT32
E:\ -> CD-ROM
################## | Files # Infected Folders |
################## | Registry |
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
################## | Mountpoints2 |
################## | Vaccin |
(!) This computer is not vaccinated!
################## | E.O.F |
RSIT log:
Logfile of random's system information tool 1.08 (written by random/random)
Run by xp at 2010-12-13 09:21:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 396 GB (83%) free of 477 GB
Total RAM: 2046 MB (82% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:22:02, on 13.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Documents and Settings\xp\Plocha\RSIT.exe
C:\Program Files\trend micro\xp.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.irfanview.net/faq.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [NBCore] "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Documents and Settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate1caacd933cab9b9) (gupdate1caacd933cab9b9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5513 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for xp.job
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-03-28 13684736]
"nwiz"=nwiz.exe /install []
"ASUSGamerOSD"=C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [2007-07-12 380928]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-03-28 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NBCore"=C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe [2009-09-23 1598760]
"Nero PhotoShow Media Manager"=C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe [2006-05-10 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-06-01 94208]
"PC Suite Tray"=C:\Documents and Settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbrmnfwt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sbrmnfwt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe"="C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe:*:Enabled:SweetIM Installer"
"C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe"="C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe:LocalSubNet:Enabled:UltiDev Cassini Web Server for ASP.NET 2.0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-12-10 09:44:55 ----SHD---- C:\RECYCLER
2010-12-10 09:41:51 ----D---- C:\UsbFix
2010-12-10 09:34:47 ----D---- C:\WINDOWS\temp
2010-12-09 13:13:59 ----A---- C:\WINDOWS\ntbtlog.txt
2010-12-09 12:44:09 ----A---- C:\WINDOWS\zip.exe
2010-12-09 12:44:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-12-09 12:44:09 ----A---- C:\WINDOWS\SWSC.exe
2010-12-09 12:44:09 ----A---- C:\WINDOWS\SWREG.exe
2010-12-09 12:44:09 ----A---- C:\WINDOWS\sed.exe
2010-12-09 12:44:09 ----A---- C:\WINDOWS\PEV.exe
2010-12-09 12:44:09 ----A---- C:\WINDOWS\NIRCMD.exe
2010-12-09 12:44:09 ----A---- C:\WINDOWS\MBR.exe
2010-12-09 12:44:09 ----A---- C:\WINDOWS\grep.exe
2010-12-09 12:43:52 ----D---- C:\Qoobox
2010-12-09 11:41:37 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-12-09 11:41:37 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-12-09 11:41:37 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-12-09 11:41:37 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-12-09 11:41:37 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-12-09 11:41:37 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-12-09 11:41:37 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-12-09 11:41:32 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-12-09 11:41:29 ----D---- C:\Program Files\Alwil Software
2010-12-09 11:41:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-12-09 10:58:31 ----D---- C:\WINDOWS\pss
2010-12-09 09:42:50 ----D---- C:\rsit
2010-12-09 09:42:50 ----D---- C:\Program Files\trend micro
2010-12-08 10:46:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-12-08 09:47:39 ----D---- C:\Documents and Settings\xp\Data aplikací\Malwarebytes
2010-12-08 09:47:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-12-08 09:21:22 ----D---- C:\WINDOWS\ERDNT
2010-12-08 09:14:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-12-08 09:03:21 ----D---- C:\Program Files\CCleaner
2010-12-04 23:13:56 ----D---- C:\WINDOWS\system32\XPSViewer
2010-12-04 23:13:54 ----D---- C:\WINDOWS\system32\en-US
2010-12-04 23:13:54 ----D---- C:\Program Files\MSBuild
2010-12-04 23:13:51 ----D---- C:\Program Files\Reference Assemblies
2010-12-04 23:13:40 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-12-04 23:13:40 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-12-04 23:13:40 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-12-04 23:13:40 ----D---- C:\78319564220aa529f1
2010-12-04 11:26:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\UltiDev
2010-12-04 11:26:33 ----D---- C:\Program Files\UltiDev
2010-12-04 11:24:24 ----RSD---- C:\WINDOWS\assembly
2010-12-04 11:24:03 ----D---- C:\WINDOWS\Microsoft.NET
2010-12-04 11:23:42 ----D---- C:\Program Files\AtlasSkolstvi
2010-11-23 23:41:30 ----RA---- C:\Documents and Settings\xp\Data aplikací\nK6Nk.txt
2010-11-23 09:08:56 ----RA---- C:\Documents and Settings\xp\Data aplikací\hDlkH.txt
2010-11-22 09:44:35 ----RA---- C:\Documents and Settings\xp\Data aplikací\k6jLC.txt
2010-11-14 21:47:33 ----A---- C:\WINDOWS\system32\MRT.INI
2010-11-14 21:43:24 ----D---- C:\Program Files\Common Files\Adobe
2010-11-14 21:43:24 ----D---- C:\Program Files\Adobe
======List of files/folders modified in the last 1 months======
2010-12-13 09:11:41 ----D---- C:\WINDOWS\Prefetch
2010-12-10 17:03:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-10 17:03:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-10 09:41:25 ----D---- C:\WINDOWS\system32\drivers
2010-12-10 09:36:00 ----D---- C:\WINDOWS
2010-12-10 09:36:00 ----A---- C:\WINDOWS\system.ini
2010-12-10 09:35:49 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-10 09:34:54 ----D---- C:\WINDOWS\system32\config
2010-12-10 09:34:36 ----D---- C:\Program Files\SweetIM
2010-12-10 09:33:43 ----D---- C:\WINDOWS\system32
2010-12-10 09:33:43 ----D---- C:\WINDOWS\AppPatch
2010-12-10 09:33:42 ----D---- C:\Program Files\Common Files
2010-12-09 12:44:07 ----SHD---- C:\System Volume Information
2010-12-09 12:44:07 ----D---- C:\WINDOWS\system32\Restore
2010-12-09 11:41:36 ----SHD---- C:\WINDOWS\Installer
2010-12-09 11:41:36 ----D---- C:\Config.Msi
2010-12-09 11:41:35 ----D---- C:\WINDOWS\WinSxS
2010-12-09 11:41:29 ----RD---- C:\Program Files
2010-12-09 11:25:04 ----ASH---- C:\boot.ini
2010-12-09 11:25:04 ----A---- C:\WINDOWS\win.ini
2010-12-09 11:14:19 ----HD---- C:\WINDOWS\inf
2010-12-09 10:53:35 ----D---- C:\WINDOWS\Minidump
2010-12-09 10:53:35 ----D---- C:\WINDOWS\Debug
2010-12-09 10:50:56 ----SD---- C:\WINDOWS\Tasks
2010-12-08 11:27:30 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-12-08 10:31:36 ----D---- C:\WINDOWS\Driver Cache
2010-12-08 09:51:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2010-12-08 09:33:28 ----D---- C:\Program Files\ICQ6.5
2010-12-08 09:14:10 ----D---- C:\WINDOWS\system32\CatRoot
2010-12-08 09:14:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-08 09:09:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-07 15:50:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-12-07 15:50:20 ----D---- C:\Documents and Settings\xp\Data aplikací\AVGTOOLBAR
2010-12-07 15:50:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
2010-12-07 15:49:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg8
2010-12-07 15:48:44 ----SD---- C:\Documents and Settings\xp\Data aplikací\Microsoft
2010-12-05 21:48:17 ----A---- C:\WINDOWS\NeroDigital.ini
2010-12-05 20:08:20 ----D---- C:\Temp
2010-12-04 23:13:53 ----RSD---- C:\WINDOWS\Fonts
2010-12-04 23:13:45 ----D---- C:\WINDOWS\system32\spool
2010-12-04 23:12:54 ----D---- C:\Program Files\Internet Explorer
2010-12-04 17:46:43 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-12-04 15:40:27 ----D---- C:\Program Files\LG PC Suite II
2010-12-04 11:24:10 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-12-04 11:24:03 ----D---- C:\WINDOWS\pchealth
2010-12-03 20:12:55 ----D---- C:\Documents and Settings\xp\Data aplikací\ICQ
2010-11-20 12:44:59 ----D---- C:\WINDOWS\system32\wbem
2010-11-20 12:44:58 ----D---- C:\WINDOWS\Registration
2010-11-16 13:15:04 ----D---- C:\Program Files\Utajeny svet umeni 2
2010-11-14 21:43:51 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-14 21:43:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2005-08-18 93568]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2007-07-12 11136]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-11-16 50704]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-03-28 6280416]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-09-30 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-09-30 13056]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2007-07-12 10752]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
S3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mbr;mbr; \??\C:\DOCUME~1\xp\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-28 163908]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2007-07-12 257024]
S2 gupdate1caacd933cab9b9;Služba Google Update (gupdate1caacd933cab9b9); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-13 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-22 208896]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0; C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2010-08-09 49152]
-----------------EOF-----------------
nasel sem snad ten spravnej log z combofixu a dokonce sem nasel i log z toho USB fixu a jeste sem udelal i novy log z rsitu a na MBAM se ted pracujecombofix:
ComboFix 10-12-08.04 - xp 10.12.2010 9:30.4.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1779 [GMT 1:00]
Spuštěný z: c:\documents and settings\xp\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\xp\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus plus Firewall *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
file zipped: c:\windows\system32\drivers\kjagfncm.sys
file zipped: c:\windows\system32\drivers\sbrmnfwt.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\SweetIM\Messenger\
c:\program files\SweetIM\Messenger\\default.xml
c:\program files\SweetIM\Messenger\\mgAdaptersProxy.dll
c:\program files\SweetIM\Messenger\\mgAIMAuto.dll
c:\program files\SweetIM\Messenger\\mgAIMMessengerAdapter.dll
c:\program files\SweetIM\Messenger\\mgArchive.dll
c:\program files\SweetIM\Messenger\\mgcommon.dll
c:\program files\SweetIM\Messenger\\mgcommunication.dll
c:\program files\SweetIM\Messenger\\mgconfig.dll
c:\program files\SweetIM\Messenger\\mgFlashPlayer.dll
c:\program files\SweetIM\Messenger\\mghooking.dll
c:\program files\SweetIM\Messenger\\mgICQAuto.dll
c:\program files\SweetIM\Messenger\\mgICQMessengerAdapter.dll
c:\program files\SweetIM\Messenger\\mgIEPlayer.dll
c:\program files\SweetIM\Messenger\\mglogger.dll
c:\program files\SweetIM\Messenger\\mgMediaPlayer.dll
c:\program files\SweetIM\Messenger\\mgMsnAuto.dll
c:\program files\SweetIM\Messenger\\mgMsnMessengerAdapter.dll
c:\program files\SweetIM\Messenger\\mgsimcommon.dll
c:\program files\SweetIM\Messenger\\mgSweetIM.dll
c:\program files\SweetIM\Messenger\\mgUpdateSupport.dll
c:\program files\SweetIM\Messenger\\mgxml_wrapper.dll
c:\program files\SweetIM\Messenger\\mgYahooAuto.dll
c:\program files\SweetIM\Messenger\\mgYahooMessengerAdapter.dll
c:\program files\SweetIM\Messenger\\msvcp71.dll
c:\program files\SweetIM\Messenger\\msvcr71.dll
c:\program files\SweetIM\Messenger\\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\\resources\images\GamesButton.png
c:\program files\SweetIM\Messenger\\resources\images\KeyboardButton.png
c:\program files\SweetIM\Messenger\\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\\SweetIM.exe
c:\windows\system32\drivers\kjagfncm.sys
c:\windows\system32\drivers\sbrmnfwt.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_JSOKOUUUIEKKAAET
-------\Legacy_KJAGFNCM
-------\Legacy_VOI0U1UIUPUO
-------\Service_jsokouuuiekkaaet
-------\Service_kjagfncm
-------\Service_voi0u1uiupuo
-------\Legacy_sbrmnfwt
-------\Service_sbrmnfwt
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-10 do 2010-12-10 )))))))))))))))))))))))))))))))
.
2010-12-09 10:41 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-09 10:41 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-09 10:41 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-09 10:41 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-09 10:41 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-09 10:41 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-09 10:41 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-09 10:41 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-09 10:41 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\program files\Alwil Software
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-12-09 08:42 . 2010-12-09 12:23 -------- d-----w- C:\rsit
2010-12-09 08:42 . 2010-12-09 11:37 -------- d-----w- c:\program files\trend micro
2010-12-08 09:46 . 2010-12-08 09:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\xp\Data aplikací\Malwarebytes
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-08 08:03 . 2010-12-08 08:07 -------- d-----w- c:\program files\CCleaner
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\UltiDev
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\program files\UltiDev
2010-12-04 10:23 . 2010-12-04 10:26 -------- d-----w- c:\program files\AtlasSkolstvi
2010-11-26 21:10 . 2010-11-26 21:10 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Media Player Classic
2010-11-20 11:44 . 2010-11-20 11:44 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp8FE86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp71F86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp63F86.FOT
2010-11-20 11:34 . 2010-11-20 11:34 1409 ----a-w- c:\windows\system32\tmp62F86.FOT
2010-11-14 20:43 . 2010-11-14 20:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-12 07:29 . 2010-11-16 12:15 -------- d-----w- c:\program files\Utajeny svet umeni 2
2010-11-11 14:15 . 2010-11-11 14:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 19:16 . 2009-12-18 14:06 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2F1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2E1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp2D1DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp112DF.FOT
2010-10-09 13:04 . 2010-10-09 13:04 1409 ----a-w- c:\windows\system32\tmp102DF.FOT
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-12 15:51 . 2010-09-12 15:51 1409 ----a-w- c:\windows\system32\tmp3AB4E.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC286C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC186C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpC086C.FOT
2010-09-12 15:32 . 2010-09-12 15:32 1409 ----a-w- c:\windows\system32\tmpB386C.FOT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBCore"="c:\program files\Common Files\Nero\Nero BackItUp 4\NBCore.exe" [2009-09-23 1598760]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"PC Suite Tray"="c:\documents and settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.12.2010 11:41 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.12.2010 11:41 17744]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
S2 gupdate1caacd933cab9b9;Služba Google Update (gupdate1caacd933cab9b9);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2010 19:20 133104]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S4 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [8.2.2007 0:06 49152]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - eeCtrl
.
Obsah adresáře 'Naplánované úlohy'
2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-08 c:\windows\Tasks\Norton Security Scan for xp.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-16 07:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
FF - ProfilePath - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-10 09:36
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(424)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\PhoneBrowser.dll
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\NGSCM.DLL
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-12-10 09:40:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-10 08:40
ComboFix2.txt 2010-12-08 08:42
Před spuštěním: Volných bajtů: 414 864 470 016
Po spuštění: Volných bajtů: 414 822 531 072
- - End Of File - - CED47CFF45042B05403F4072176C1392
USB FIX:
############################## | UsbFix 7.014 | [Research]
User: xp (Administrator) # XP-76C410822E8E [ ]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 09:42:10 | 10/12/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
CPU 2: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall: Enabled
Antivirus: AVG Anti-Virus plus Firewall 8.5 [Enabled | Updated]
Antivirus: avast! Antivirus 5.0.83886757 [(!) Disabled | Updated]
Firewall: AVG Firewall 8.5 [(!) Disabled]
RAM -> 2046 Mb
C:\ (%systemdrive%) -> Fixed drive # 466 Gb (386 Mb free - 83%) [] # NTFS
D:\ -> Removable drive # 15 Gb (1 Mb free - 9%) [CORSAIR] # FAT32
E:\ -> CD-ROM
################## | Files # Infected Folders |
################## | Registry |
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
################## | Mountpoints2 |
################## | Vaccin |
(!) This computer is not vaccinated!
################## | E.O.F |
RSIT log:
Logfile of random's system information tool 1.08 (written by random/random)
Run by xp at 2010-12-13 09:21:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 396 GB (83%) free of 477 GB
Total RAM: 2046 MB (82% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:22:02, on 13.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Documents and Settings\xp\Plocha\RSIT.exe
C:\Program Files\trend micro\xp.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.irfanview.net/faq.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [NBCore] "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Documents and Settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate1caacd933cab9b9) (gupdate1caacd933cab9b9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5513 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for xp.job
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-03-28 13684736]
"nwiz"=nwiz.exe /install []
"ASUSGamerOSD"=C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [2007-07-12 380928]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-03-28 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NBCore"=C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe [2009-09-23 1598760]
"Nero PhotoShow Media Manager"=C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe [2006-05-10 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-06-01 94208]
"PC Suite Tray"=C:\Documents and Settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbrmnfwt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sbrmnfwt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe"="C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe:*:Enabled:SweetIM Installer"
"C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe"="C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe:LocalSubNet:Enabled:UltiDev Cassini Web Server for ASP.NET 2.0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-12-10 09:44:55 ----SHD---- C:\RECYCLER
2010-12-10 09:41:51 ----D---- C:\UsbFix
2010-12-10 09:34:47 ----D---- C:\WINDOWS\temp
2010-12-09 13:13:59 ----A---- C:\WINDOWS\ntbtlog.txt
2010-12-09 12:44:09 ----A---- C:\WINDOWS\zip.exe
2010-12-09 12:44:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-12-09 12:44:09 ----A---- C:\WINDOWS\SWSC.exe
2010-12-09 12:44:09 ----A---- C:\WINDOWS\SWREG.exe
2010-12-09 12:44:09 ----A---- C:\WINDOWS\sed.exe
2010-12-09 12:44:09 ----A---- C:\WINDOWS\PEV.exe
2010-12-09 12:44:09 ----A---- C:\WINDOWS\NIRCMD.exe
2010-12-09 12:44:09 ----A---- C:\WINDOWS\MBR.exe
2010-12-09 12:44:09 ----A---- C:\WINDOWS\grep.exe
2010-12-09 12:43:52 ----D---- C:\Qoobox
2010-12-09 11:41:37 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-12-09 11:41:37 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-12-09 11:41:37 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-12-09 11:41:37 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-12-09 11:41:37 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-12-09 11:41:37 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-12-09 11:41:37 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-12-09 11:41:32 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-12-09 11:41:29 ----D---- C:\Program Files\Alwil Software
2010-12-09 11:41:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-12-09 10:58:31 ----D---- C:\WINDOWS\pss
2010-12-09 09:42:50 ----D---- C:\rsit
2010-12-09 09:42:50 ----D---- C:\Program Files\trend micro
2010-12-08 10:46:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-12-08 09:47:39 ----D---- C:\Documents and Settings\xp\Data aplikací\Malwarebytes
2010-12-08 09:47:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-12-08 09:21:22 ----D---- C:\WINDOWS\ERDNT
2010-12-08 09:14:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-12-08 09:03:21 ----D---- C:\Program Files\CCleaner
2010-12-04 23:13:56 ----D---- C:\WINDOWS\system32\XPSViewer
2010-12-04 23:13:54 ----D---- C:\WINDOWS\system32\en-US
2010-12-04 23:13:54 ----D---- C:\Program Files\MSBuild
2010-12-04 23:13:51 ----D---- C:\Program Files\Reference Assemblies
2010-12-04 23:13:40 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-12-04 23:13:40 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-12-04 23:13:40 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-12-04 23:13:40 ----D---- C:\78319564220aa529f1
2010-12-04 11:26:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\UltiDev
2010-12-04 11:26:33 ----D---- C:\Program Files\UltiDev
2010-12-04 11:24:24 ----RSD---- C:\WINDOWS\assembly
2010-12-04 11:24:03 ----D---- C:\WINDOWS\Microsoft.NET
2010-12-04 11:23:42 ----D---- C:\Program Files\AtlasSkolstvi
2010-11-23 23:41:30 ----RA---- C:\Documents and Settings\xp\Data aplikací\nK6Nk.txt
2010-11-23 09:08:56 ----RA---- C:\Documents and Settings\xp\Data aplikací\hDlkH.txt
2010-11-22 09:44:35 ----RA---- C:\Documents and Settings\xp\Data aplikací\k6jLC.txt
2010-11-14 21:47:33 ----A---- C:\WINDOWS\system32\MRT.INI
2010-11-14 21:43:24 ----D---- C:\Program Files\Common Files\Adobe
2010-11-14 21:43:24 ----D---- C:\Program Files\Adobe
======List of files/folders modified in the last 1 months======
2010-12-13 09:11:41 ----D---- C:\WINDOWS\Prefetch
2010-12-10 17:03:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-10 17:03:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-10 09:41:25 ----D---- C:\WINDOWS\system32\drivers
2010-12-10 09:36:00 ----D---- C:\WINDOWS
2010-12-10 09:36:00 ----A---- C:\WINDOWS\system.ini
2010-12-10 09:35:49 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-10 09:34:54 ----D---- C:\WINDOWS\system32\config
2010-12-10 09:34:36 ----D---- C:\Program Files\SweetIM
2010-12-10 09:33:43 ----D---- C:\WINDOWS\system32
2010-12-10 09:33:43 ----D---- C:\WINDOWS\AppPatch
2010-12-10 09:33:42 ----D---- C:\Program Files\Common Files
2010-12-09 12:44:07 ----SHD---- C:\System Volume Information
2010-12-09 12:44:07 ----D---- C:\WINDOWS\system32\Restore
2010-12-09 11:41:36 ----SHD---- C:\WINDOWS\Installer
2010-12-09 11:41:36 ----D---- C:\Config.Msi
2010-12-09 11:41:35 ----D---- C:\WINDOWS\WinSxS
2010-12-09 11:41:29 ----RD---- C:\Program Files
2010-12-09 11:25:04 ----ASH---- C:\boot.ini
2010-12-09 11:25:04 ----A---- C:\WINDOWS\win.ini
2010-12-09 11:14:19 ----HD---- C:\WINDOWS\inf
2010-12-09 10:53:35 ----D---- C:\WINDOWS\Minidump
2010-12-09 10:53:35 ----D---- C:\WINDOWS\Debug
2010-12-09 10:50:56 ----SD---- C:\WINDOWS\Tasks
2010-12-08 11:27:30 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-12-08 10:31:36 ----D---- C:\WINDOWS\Driver Cache
2010-12-08 09:51:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2010-12-08 09:33:28 ----D---- C:\Program Files\ICQ6.5
2010-12-08 09:14:10 ----D---- C:\WINDOWS\system32\CatRoot
2010-12-08 09:14:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-08 09:09:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-07 15:50:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-12-07 15:50:20 ----D---- C:\Documents and Settings\xp\Data aplikací\AVGTOOLBAR
2010-12-07 15:50:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
2010-12-07 15:49:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg8
2010-12-07 15:48:44 ----SD---- C:\Documents and Settings\xp\Data aplikací\Microsoft
2010-12-05 21:48:17 ----A---- C:\WINDOWS\NeroDigital.ini
2010-12-05 20:08:20 ----D---- C:\Temp
2010-12-04 23:13:53 ----RSD---- C:\WINDOWS\Fonts
2010-12-04 23:13:45 ----D---- C:\WINDOWS\system32\spool
2010-12-04 23:12:54 ----D---- C:\Program Files\Internet Explorer
2010-12-04 17:46:43 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-12-04 15:40:27 ----D---- C:\Program Files\LG PC Suite II
2010-12-04 11:24:10 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-12-04 11:24:03 ----D---- C:\WINDOWS\pchealth
2010-12-03 20:12:55 ----D---- C:\Documents and Settings\xp\Data aplikací\ICQ
2010-11-20 12:44:59 ----D---- C:\WINDOWS\system32\wbem
2010-11-20 12:44:58 ----D---- C:\WINDOWS\Registration
2010-11-16 13:15:04 ----D---- C:\Program Files\Utajeny svet umeni 2
2010-11-14 21:43:51 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-14 21:43:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2005-08-18 93568]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2007-07-12 11136]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-11-16 50704]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-03-28 6280416]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-09-30 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-09-30 13056]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2007-07-12 10752]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
S3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mbr;mbr; \??\C:\DOCUME~1\xp\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-28 163908]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2007-07-12 257024]
S2 gupdate1caacd933cab9b9;Služba Google Update (gupdate1caacd933cab9b9); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-13 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-22 208896]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0; C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2010-08-09 49152]
-----------------EOF-----------------
Re: pro motji - prosim o pomoc
log z MBAM:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Verze databáze: 5304
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
13.12.2010 10:20:58
mbam-log-2010-12-13 (10-20-45).txt
Typ kontroly: Úplný test (C:\|)
Testované objekty: 198209
Uplynulý čas: 23 minut, 39 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 1
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\documents and settings\all users\data aplikací\common.data (Malware.Trace) -> No action taken.
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Verze databáze: 5304
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
13.12.2010 10:20:58
mbam-log-2010-12-13 (10-20-45).txt
Typ kontroly: Úplný test (C:\|)
Testované objekty: 198209
Uplynulý čas: 23 minut, 39 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 1
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\documents and settings\all users\data aplikací\common.data (Malware.Trace) -> No action taken.
Re: pro motji - prosim o pomoc
V pořádku, každý občas něco poplete, i já .
V mbamu vše smažte.
otestujte na www.virustotal.com
c:\windows\system32\tmp3AB4E.FOT
-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače
Avg vyhodíme uplně a necháte si jen avast?
. V mbamu vše smažte. otestujte na www.virustotal.comc:\windows\system32\tmp3AB4E.FOT
-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače
Avg vyhodíme uplně a necháte si jen avast?Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: pro motji - prosim o pomoc
Mbam vse uspesne smazal.na virustotalu sem ten soubor otestoval a je cistej,tech souboru s koncovkou *.FOT je 28 muzu je smazat??AVG sem odebral avg removerem ale asi to neodstranil vsechno, chci tam nechat jen avasta
Re: pro motji - prosim o pomoc
Můžete ty soubory smazat.
Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
Driver::
Avgfwdx
Avgfwfd
Folder::
C:\Documents and Settings\All Users\Data aplikací\avg9
C:\Documents and Settings\xp\Data aplikací\AVGTOOLBAR
C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
C:\Documents and Settings\All Users\Data aplikací\avg8
File::
C:\Documents and Settings\xp\Data aplikací\nK6Nk.txt
C:\Documents and Settings\xp\Data aplikací\hDlkH.txt
C:\Documents and Settings\xp\Data aplikací\k6jLC.txt
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: pro motji - prosim o pomoc
novy log:
ComboFix 10-12-14.05 - xp 15.12.2010 9:41.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1614 [GMT 1:00]
Spuštěný z: c:\documents and settings\xp\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\xp\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus plus Firewall *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
"c:\documents and settings\xp\Data aplikací\hDlkH.txt"
"c:\documents and settings\xp\Data aplikací\k6jLC.txt"
"c:\documents and settings\xp\Data aplikací\nK6Nk.txt"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_108d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_128d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_148d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_228d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_2a8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_348d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_3a8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_408d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_428d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_468d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_588d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_5a8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_5c8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_628d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_688d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_768d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_7a8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_7c8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_848d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_88d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_948d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_9c8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_9e8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_a08d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_a28d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_a48d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_b08d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_b48d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_bc8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_c28d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_c88d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_d48d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_d88d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_da8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_e08d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_ee8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_f08d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_fa8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_fe8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\avg8
c:\documents and settings\All Users\Data aplikací\avg8\AvgAm\avgam.lck
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\erd.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\krnl.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\mail.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\scan.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\setup.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\sched.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\update.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\updatecomps.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\user.cfg
c:\documents and settings\All Users\Data aplikací\avg8\cfgall\fw.cfg
c:\documents and settings\All Users\Data aplikací\avg8\cfgall\changecfgreg.cfg
c:\documents and settings\All Users\Data aplikací\avg8\cfgall\updateall.cfg
c:\documents and settings\All Users\Data aplikací\avg8\dumps\avgfws8.exe_129101091079531250_M.dmp
c:\documents and settings\All Users\Data aplikací\avg8\emc\Log\emc.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\adminclilog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\amlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgam.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgam.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcfg.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcfg.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.10
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.4
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.5
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.6
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.7
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.8
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.9
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgfw8u.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgfw8u.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgfw8u.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgfw8u.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgfw8u.log.4
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgfw8u.log.5
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgfw8u.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgldr.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgldr.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgldr.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgldr.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgldr.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.10
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.4
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.5
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.6
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.7
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.8
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.9
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.10
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.4
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.5
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.6
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.7
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.8
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.9
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.10
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.4
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.5
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.6
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.7
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.8
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.9
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgscan.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgscan.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log.4
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log.5
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log.6
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log.7
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log.8
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log.9
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsrm.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsrm.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgui.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgui.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgui.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgui.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgui.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avguilog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgupd.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgupd.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.10
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.4
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.5
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.6
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.7
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.8
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.9
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwdsvc.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwdsvc.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwdsvc.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwdsvc.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwdsvc.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\cfgexlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\cfglog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpriv.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpriv.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpriv.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpriv.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpriv.log.4
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpriv.log.5
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpriv.log.6
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpriv.log.7
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpriv.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpub.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpub.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpub.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpub.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\corelog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\fixcfg.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\fixcfg.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\history.xml
c:\documents and settings\All Users\Data aplikací\avg8\Log\ldrlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\lnglog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\nslog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\privlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\publog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\rslog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\scanlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\schedlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\srmlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\updlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\vaultlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\wdlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\wdsvclog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Lsdb\Prev\prvcache.dat
c:\documents and settings\All Users\Data aplikací\avg8\Lsdb\Prev\prvglbl.dat
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000005.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000006.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000007.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000008.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000009.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000010.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000011.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000012.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000013.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000014.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000015.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\srm.idx
c:\documents and settings\All Users\Data aplikací\avg8\temp\200c51d5-fb63-4f16-905f-2a56dc192815-6b0-oopp.tmp
c:\documents and settings\All Users\Data aplikací\avg8\temp\4c9b0d87-d52a-4247-a06b-744d143cfd02-6d0-oopp.tmp
c:\documents and settings\All Users\Data aplikací\avg8\temp\540bd0f4-a003-45e1-a25e-df2d44af4a14-1b4-oopp.tmp
c:\documents and settings\All Users\Data aplikací\avg8\temp\86987222-0d4d-4570-9885-3e87fe9029df.tmp
c:\documents and settings\All Users\Data aplikací\avg8\temp\8ee37636-022b-45f5-91d6-6c66b5c6879c-320-oopp.tmp
c:\documents and settings\All Users\Data aplikací\avg8\temp\d693704e-43e7-40f5-a5fa-3d5b3d197154-198-oopp.tmp
c:\documents and settings\All Users\Data aplikací\avg8\temp\e93c1e54-cef9-4e71-a33b-1beecc208d77.tmp
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avg7api.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avg8cz.chm
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avg8cz.lng
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avg8us.chm
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avg8us.lng
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgabout.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgamnot.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgapix.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgar8cz.chm
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgar8us.chm
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgatend.stp
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgatupd.stp
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgcclix.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgcfgex.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgcfgx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgclitx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgcmgr.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgcorex.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgcrlpx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgcsrvx.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgdg8cz.chm
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgdg8us.chm
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgdiag.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgdiag.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgdiagex.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgdumpx.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfrw.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfw_m.inf
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfw8cz.chm
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfw8fd.ini
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfw8us.chm
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfwda.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfwda.sys
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfwdx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfwdx.sys
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfwfd.cat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfwfd.inf
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfws8.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfwui.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfwwiz.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfwwiz.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avginet.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgiproxy.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgldx86.sys
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avglngx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avglogx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgmail.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgmfx86.sys
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgmvflx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgmwdef_cz.mht
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgmwdef_us.mht
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgrkx86.sys
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgrsstx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgrsx.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgscanx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgscanx.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgse.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgsched.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgsrmax.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgsrmx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgssie.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgtdix.sys
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\AVGToolbarInstall.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgtray.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgui.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avguiadv.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avguilog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avguires.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgupd.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgupd.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgvvx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgwd.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgwdsvc.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgwdwsc.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\cf.dat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\cfgexlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\cfglog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\contacts_cz.html
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\contacts_us.html
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\corelog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\dfncfg.dat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\fixcfg.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\incavi.avm
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\ldrlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\lnglog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\ph.dat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\privlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\publog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\rslog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\sb.dat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\sb.dat.xcd
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\sb2.dat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\sc.dat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\sc.dat.xcd
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\scanlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\setup.dat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\setup.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\setupcz.lns
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\setupus.lns
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\schedlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\srmlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\update-payment-details-bkg.png
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\update-payment-details-btn.png
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\update-payment-details-style.css
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\update-payment-details.htm
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\updlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\vaultlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\wdlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\wdsvclog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\download\avginfoavi.ctf
c:\documents and settings\All Users\Data aplikací\avg8\update\download\avginfowin.ctf
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u7avi1848bo.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u7avi1850u17056z.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u7avi1852u1705b0.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u7avi1855u1705j3.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u7avi1856u17057.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u7iavi2624bo.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u7iavi2626u262470.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u7iavi2628u2626b1.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u7iavi2632u2627j4.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2634u2632fl.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2636u2634lr.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2638u2636ke.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2642u2637ek.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2648u2638pb.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2655u2644kp.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2656u2655mh.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2659u2654ge.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2661u2659hw.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2662u2661qn.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2673u2653ro.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2675u2673vb.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2677u2675mk.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8am404e7.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8arkt401e7.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8arktx300e7.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8core406e7.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8core432za.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8core435r4325t.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8corex402e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8emc401e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8eml403e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8fc47wf.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8fc48q4.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8fw403e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8fw408za.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8fwd304e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8hlpcz384z9.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8hlpus384z9.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8imx300e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8krnl404e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8krnl431za.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8krnlx204e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8lngcz406e7.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8lngcz428z9.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8lngcz434r4285p.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8lngus406e7.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8lngus428za.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8lngus434r4285q.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8ls401e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8ls427r4011v.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8lsiex405e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8lsiex427r4051v.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8lsimg204e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8ns404e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8nsx401e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8ofc401e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8rsx401e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8setup405e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8setup420zb.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8tb401e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8tbig364sj.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8tdix314e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8ui406e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8ui427zb.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8ui434r4275t.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8upd406e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8upd427zb.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplcf_6ai.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplph_12gj.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb_112s2.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb_114d112g9.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb_115d114ka.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb_116d115hy.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb_117d1167m.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb_118d117jq.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb2_129s2.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb2_130g9.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb2_131ob.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsc_168o9.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsc_169d168in.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsc_170d169c8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsc_171d170ob.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsc_172d1714g.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsc_173d1727m.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsc_174d173ws.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsc_177d174rs.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\prepare\incavi.avm
c:\documents and settings\All Users\Data aplikací\avg8\update\prepare\sb.dat.prepare
c:\documents and settings\All Users\Data aplikací\avg8\update\prepare\sc.dat.prepare
c:\documents and settings\All Users\Data aplikací\avg9
c:\documents and settings\All Users\Data aplikací\avg9\update\prepare\temp\cty.cty
c:\documents and settings\xp\Data aplikací\AVGTOOLBAR
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Avgfwdx
-------\Service_Avgfwfd
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-15 do 2010-12-15 )))))))))))))))))))))))))))))))
.
2010-12-15 08:13 . 2010-12-15 08:13 -------- d-----w- c:\windows\LastGood.Tmp
2010-12-13 08:47 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-13 08:47 . 2010-12-13 08:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-13 08:47 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-10 08:41 . 2010-12-10 08:42 -------- d-----w- C:\UsbFix
2010-12-09 10:41 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-09 10:41 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-09 10:41 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-09 10:41 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-09 10:41 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-09 10:41 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-09 10:41 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-09 10:41 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-09 10:41 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\program files\Alwil Software
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-12-09 08:42 . 2010-12-13 08:22 -------- d-----w- c:\program files\trend micro
2010-12-09 08:42 . 2010-12-13 08:21 -------- d-----w- C:\rsit
2010-12-08 09:46 . 2010-12-08 09:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\xp\Data aplikací\Malwarebytes
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-08 08:03 . 2010-12-08 08:07 -------- d-----w- c:\program files\CCleaner
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\UltiDev
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\program files\UltiDev
2010-12-04 10:23 . 2010-12-04 10:26 -------- d-----w- c:\program files\AtlasSkolstvi
2010-11-26 21:10 . 2010-11-26 21:10 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Media Player Classic
2010-11-20 11:44 . 2010-11-20 11:44 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 19:16 . 2009-12-18 14:06 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBCore"="c:\program files\Common Files\Nero\Nero BackItUp 4\NBCore.exe" [2009-09-23 1598760]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"PC Suite Tray"="c:\documents and settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.12.2010 11:41 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.12.2010 11:41 17744]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
S2 gupdate1caacd933cab9b9;Služba Google Update (gupdate1caacd933cab9b9);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2010 19:20 133104]
S4 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [8.2.2007 0:06 49152]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - eeCtrl
.
Obsah adresáře 'Naplánované úlohy'
2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-14 c:\windows\Tasks\Norton Security Scan for xp.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-16 07:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
FF - ProfilePath - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-15 09:48
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3752)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\PhoneBrowser.dll
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\NGSCM.DLL
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-12-15 09:55:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-15 08:55
ComboFix2.txt 2010-12-08 08:42
Před spuštěním: Volných bajtů: 414 474 571 776
Po spuštění: Volných bajtů: 414 474 670 080
- - End Of File - - FBFA50B51CCECA8C51D0DE467E745BFC
ComboFix 10-12-14.05 - xp 15.12.2010 9:41.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1614 [GMT 1:00]
Spuštěný z: c:\documents and settings\xp\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\xp\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus plus Firewall *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
"c:\documents and settings\xp\Data aplikací\hDlkH.txt"
"c:\documents and settings\xp\Data aplikací\k6jLC.txt"
"c:\documents and settings\xp\Data aplikací\nK6Nk.txt"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_108d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_128d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_148d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_228d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_2a8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_348d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_3a8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_408d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_428d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_468d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_588d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_5a8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_5c8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_628d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_688d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_768d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_7a8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_7c8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_848d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_88d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_948d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_9c8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_9e8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_a08d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_a28d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_a48d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_b08d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_b48d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_bc8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_c28d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_c88d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_d48d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_d88d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_da8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_e08d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_ee8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_f08d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_fa8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar\cache\cu_fe8d2ecead206258.cache
c:\documents and settings\All Users\Data aplikací\avg8
c:\documents and settings\All Users\Data aplikací\avg8\AvgAm\avgam.lck
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\erd.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\krnl.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\mail.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\scan.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\setup.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\sched.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\update.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\updatecomps.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\user.cfg
c:\documents and settings\All Users\Data aplikací\avg8\cfgall\fw.cfg
c:\documents and settings\All Users\Data aplikací\avg8\cfgall\changecfgreg.cfg
c:\documents and settings\All Users\Data aplikací\avg8\cfgall\updateall.cfg
c:\documents and settings\All Users\Data aplikací\avg8\dumps\avgfws8.exe_129101091079531250_M.dmp
c:\documents and settings\All Users\Data aplikací\avg8\emc\Log\emc.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\adminclilog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\amlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgam.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgam.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcfg.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcfg.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.10
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.4
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.5
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.6
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.7
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.8
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.9
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgfw8u.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgfw8u.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgfw8u.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgfw8u.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgfw8u.log.4
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgfw8u.log.5
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgfw8u.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgldr.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgldr.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgldr.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgldr.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgldr.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.10
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.4
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.5
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.6
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.7
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.8
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.9
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.10
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.4
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.5
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.6
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.7
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.8
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.9
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.10
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.4
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.5
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.6
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.7
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.8
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.9
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgscan.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgscan.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log.4
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log.5
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log.6
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log.7
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log.8
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log.9
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsrm.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsrm.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgui.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgui.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgui.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgui.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgui.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avguilog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgupd.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgupd.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.10
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.4
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.5
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.6
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.7
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.8
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.9
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwdsvc.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwdsvc.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwdsvc.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwdsvc.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwdsvc.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\cfgexlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\cfglog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpriv.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpriv.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpriv.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpriv.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpriv.log.4
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpriv.log.5
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpriv.log.6
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpriv.log.7
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpriv.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpub.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpub.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpub.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpub.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\corelog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\fixcfg.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\fixcfg.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\history.xml
c:\documents and settings\All Users\Data aplikací\avg8\Log\ldrlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\lnglog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\nslog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\privlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\publog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\rslog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\scanlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\schedlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\srmlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\updlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\vaultlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\wdlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\wdsvclog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Lsdb\Prev\prvcache.dat
c:\documents and settings\All Users\Data aplikací\avg8\Lsdb\Prev\prvglbl.dat
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000005.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000006.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000007.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000008.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000009.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000010.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000011.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000012.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000013.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000014.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000015.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\srm.idx
c:\documents and settings\All Users\Data aplikací\avg8\temp\200c51d5-fb63-4f16-905f-2a56dc192815-6b0-oopp.tmp
c:\documents and settings\All Users\Data aplikací\avg8\temp\4c9b0d87-d52a-4247-a06b-744d143cfd02-6d0-oopp.tmp
c:\documents and settings\All Users\Data aplikací\avg8\temp\540bd0f4-a003-45e1-a25e-df2d44af4a14-1b4-oopp.tmp
c:\documents and settings\All Users\Data aplikací\avg8\temp\86987222-0d4d-4570-9885-3e87fe9029df.tmp
c:\documents and settings\All Users\Data aplikací\avg8\temp\8ee37636-022b-45f5-91d6-6c66b5c6879c-320-oopp.tmp
c:\documents and settings\All Users\Data aplikací\avg8\temp\d693704e-43e7-40f5-a5fa-3d5b3d197154-198-oopp.tmp
c:\documents and settings\All Users\Data aplikací\avg8\temp\e93c1e54-cef9-4e71-a33b-1beecc208d77.tmp
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avg7api.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avg8cz.chm
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avg8cz.lng
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avg8us.chm
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avg8us.lng
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgabout.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgamnot.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgapix.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgar8cz.chm
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgar8us.chm
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgatend.stp
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgatupd.stp
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgcclix.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgcfgex.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgcfgx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgclitx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgcmgr.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgcorex.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgcrlpx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgcsrvx.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgdg8cz.chm
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgdg8us.chm
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgdiag.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgdiag.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgdiagex.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgdumpx.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfrw.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfw_m.inf
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfw8cz.chm
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfw8fd.ini
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfw8us.chm
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfwda.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfwda.sys
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfwdx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfwdx.sys
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfwfd.cat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfwfd.inf
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfws8.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfwui.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfwwiz.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfwwiz.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avginet.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgiproxy.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgldx86.sys
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avglngx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avglogx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgmail.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgmfx86.sys
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgmvflx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgmwdef_cz.mht
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgmwdef_us.mht
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgrkx86.sys
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgrsstx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgrsx.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgscanx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgscanx.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgse.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgsched.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgsrmax.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgsrmx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgssie.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgtdix.sys
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\AVGToolbarInstall.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgtray.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgui.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avguiadv.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avguilog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avguires.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgupd.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgupd.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgvvx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgwd.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgwdsvc.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgwdwsc.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\cf.dat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\cfgexlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\cfglog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\contacts_cz.html
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\contacts_us.html
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\corelog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\dfncfg.dat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\fixcfg.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\incavi.avm
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\ldrlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\lnglog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\ph.dat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\privlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\publog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\rslog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\sb.dat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\sb.dat.xcd
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\sb2.dat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\sc.dat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\sc.dat.xcd
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\scanlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\setup.dat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\setup.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\setupcz.lns
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\setupus.lns
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\schedlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\srmlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\update-payment-details-bkg.png
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\update-payment-details-btn.png
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\update-payment-details-style.css
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\update-payment-details.htm
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\updlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\vaultlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\wdlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\wdsvclog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\download\avginfoavi.ctf
c:\documents and settings\All Users\Data aplikací\avg8\update\download\avginfowin.ctf
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u7avi1848bo.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u7avi1850u17056z.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u7avi1852u1705b0.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u7avi1855u1705j3.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u7avi1856u17057.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u7iavi2624bo.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u7iavi2626u262470.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u7iavi2628u2626b1.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u7iavi2632u2627j4.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2634u2632fl.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2636u2634lr.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2638u2636ke.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2642u2637ek.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2648u2638pb.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2655u2644kp.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2656u2655mh.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2659u2654ge.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2661u2659hw.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2662u2661qn.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2673u2653ro.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2675u2673vb.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi2677u2675mk.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8am404e7.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8arkt401e7.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8arktx300e7.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8core406e7.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8core432za.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8core435r4325t.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8corex402e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8emc401e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8eml403e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8fc47wf.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8fc48q4.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8fw403e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8fw408za.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8fwd304e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8hlpcz384z9.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8hlpus384z9.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8imx300e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8krnl404e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8krnl431za.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8krnlx204e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8lngcz406e7.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8lngcz428z9.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8lngcz434r4285p.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8lngus406e7.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8lngus428za.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8lngus434r4285q.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8ls401e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8ls427r4011v.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8lsiex405e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8lsiex427r4051v.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8lsimg204e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8ns404e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8nsx401e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8ofc401e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8rsx401e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8setup405e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8setup420zb.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8tb401e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8tbig364sj.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8tdix314e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8ui406e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8ui427zb.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8ui434r4275t.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8upd406e8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\w8upd427zb.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplcf_6ai.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplph_12gj.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb_112s2.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb_114d112g9.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb_115d114ka.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb_116d115hy.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb_117d1167m.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb_118d117jq.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb2_129s2.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb2_130g9.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb2_131ob.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsc_168o9.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsc_169d168in.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsc_170d169c8.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsc_171d170ob.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsc_172d1714g.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsc_173d1727m.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsc_174d173ws.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsc_177d174rs.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\prepare\incavi.avm
c:\documents and settings\All Users\Data aplikací\avg8\update\prepare\sb.dat.prepare
c:\documents and settings\All Users\Data aplikací\avg8\update\prepare\sc.dat.prepare
c:\documents and settings\All Users\Data aplikací\avg9
c:\documents and settings\All Users\Data aplikací\avg9\update\prepare\temp\cty.cty
c:\documents and settings\xp\Data aplikací\AVGTOOLBAR
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Avgfwdx
-------\Service_Avgfwfd
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-15 do 2010-12-15 )))))))))))))))))))))))))))))))
.
2010-12-15 08:13 . 2010-12-15 08:13 -------- d-----w- c:\windows\LastGood.Tmp
2010-12-13 08:47 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-13 08:47 . 2010-12-13 08:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-13 08:47 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-10 08:41 . 2010-12-10 08:42 -------- d-----w- C:\UsbFix
2010-12-09 10:41 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-09 10:41 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-09 10:41 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-09 10:41 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-09 10:41 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-09 10:41 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-09 10:41 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-09 10:41 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-09 10:41 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\program files\Alwil Software
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-12-09 08:42 . 2010-12-13 08:22 -------- d-----w- c:\program files\trend micro
2010-12-09 08:42 . 2010-12-13 08:21 -------- d-----w- C:\rsit
2010-12-08 09:46 . 2010-12-08 09:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\xp\Data aplikací\Malwarebytes
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-08 08:03 . 2010-12-08 08:07 -------- d-----w- c:\program files\CCleaner
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\UltiDev
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\program files\UltiDev
2010-12-04 10:23 . 2010-12-04 10:26 -------- d-----w- c:\program files\AtlasSkolstvi
2010-11-26 21:10 . 2010-11-26 21:10 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Media Player Classic
2010-11-20 11:44 . 2010-11-20 11:44 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 19:16 . 2009-12-18 14:06 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBCore"="c:\program files\Common Files\Nero\Nero BackItUp 4\NBCore.exe" [2009-09-23 1598760]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"PC Suite Tray"="c:\documents and settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.12.2010 11:41 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.12.2010 11:41 17744]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
S2 gupdate1caacd933cab9b9;Služba Google Update (gupdate1caacd933cab9b9);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2010 19:20 133104]
S4 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [8.2.2007 0:06 49152]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - eeCtrl
.
Obsah adresáře 'Naplánované úlohy'
2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-14 c:\windows\Tasks\Norton Security Scan for xp.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-16 07:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
FF - ProfilePath - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-15 09:48
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3752)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\PhoneBrowser.dll
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\NGSCM.DLL
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\documents and settings\xp\Plocha\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-12-15 09:55:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-15 08:55
ComboFix2.txt 2010-12-08 08:42
Před spuštěním: Volných bajtů: 414 474 571 776
Po spuštění: Volných bajtů: 414 474 670 080
- - End Of File - - FBFA50B51CCECA8C51D0DE467E745BFC
Re: pro motji - prosim o pomoc
Ach jo, tak ještě jeden skript, vykopat AVG ze systému to je horor
Použijte tento skript:
Použijte tento skript:
Kód: Vybrat vše
SecCenter::
{7591DB91-41F0-48A3-B128-1A293FD8233D}
{17DDD097-36FF-435F-9E1B-52D74245D6BF}Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: pro motji - prosim o pomoc
novy log,tipnul bych to ze bude jeste jeden script 
ComboFix 10-12-14.05 - xp 15.12.2010 10:29:05.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1642 [GMT 1:00]
Spuštěný z: c:\documents and settings\xp\Plocha\ComboFix.exe
Použité ovládací přepínače :: D:\CFScript.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-15 do 2010-12-15 )))))))))))))))))))))))))))))))
.
2010-12-13 08:47 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-13 08:47 . 2010-12-13 08:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-13 08:47 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-10 08:41 . 2010-12-10 08:42 -------- d-----w- C:\UsbFix
2010-12-09 10:41 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-09 10:41 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-09 10:41 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-09 10:41 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-09 10:41 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-09 10:41 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-09 10:41 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-09 10:41 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-09 10:41 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\program files\Alwil Software
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-12-09 08:42 . 2010-12-13 08:22 -------- d-----w- c:\program files\trend micro
2010-12-09 08:42 . 2010-12-13 08:21 -------- d-----w- C:\rsit
2010-12-08 09:46 . 2010-12-08 09:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\xp\Data aplikací\Malwarebytes
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-08 08:03 . 2010-12-08 08:07 -------- d-----w- c:\program files\CCleaner
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\UltiDev
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\program files\UltiDev
2010-12-04 10:23 . 2010-12-04 10:26 -------- d-----w- c:\program files\AtlasSkolstvi
2010-11-26 21:10 . 2010-11-26 21:10 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Media Player Classic
2010-11-20 11:44 . 2010-11-20 11:44 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 19:16 . 2009-12-18 14:06 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-12-09_12.18.53 )))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBCore"="c:\program files\Common Files\Nero\Nero BackItUp 4\NBCore.exe" [2009-09-23 1598760]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"PC Suite Tray"="c:\documents and settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.12.2010 11:41 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.12.2010 11:41 17744]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
S2 gupdate1caacd933cab9b9;Služba Google Update (gupdate1caacd933cab9b9);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2010 19:20 133104]
S4 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [8.2.2007 0:06 49152]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - eeCtrl
.
Obsah adresáře 'Naplánované úlohy'
2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-14 c:\windows\Tasks\Norton Security Scan for xp.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-16 07:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
FF - ProfilePath - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-15 10:31
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3912)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-12-15 10:32:21
ComboFix-quarantined-files.txt 2010-12-15 09:32
ComboFix2.txt 2010-12-15 08:55
ComboFix3.txt 2010-12-08 08:42
Před spuštěním: Volných bajtů: 414 397 476 864
Po spuštění: Volných bajtů: 414 386 810 880
- - End Of File - - 4CED5394768140B92C9F8296E44981EC
ComboFix 10-12-14.05 - xp 15.12.2010 10:29:05.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1642 [GMT 1:00]
Spuštěný z: c:\documents and settings\xp\Plocha\ComboFix.exe
Použité ovládací přepínače :: D:\CFScript.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-15 do 2010-12-15 )))))))))))))))))))))))))))))))
.
2010-12-13 08:47 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-13 08:47 . 2010-12-13 08:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-13 08:47 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-10 08:41 . 2010-12-10 08:42 -------- d-----w- C:\UsbFix
2010-12-09 10:41 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-09 10:41 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-09 10:41 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-09 10:41 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-09 10:41 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-09 10:41 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-09 10:41 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-09 10:41 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-09 10:41 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\program files\Alwil Software
2010-12-09 10:41 . 2010-12-09 10:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-12-09 08:42 . 2010-12-13 08:22 -------- d-----w- c:\program files\trend micro
2010-12-09 08:42 . 2010-12-13 08:21 -------- d-----w- C:\rsit
2010-12-08 09:46 . 2010-12-08 09:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\xp\Data aplikací\Malwarebytes
2010-12-08 08:47 . 2010-12-08 08:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-08 08:03 . 2010-12-08 08:07 -------- d-----w- c:\program files\CCleaner
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\UltiDev
2010-12-04 10:26 . 2010-12-04 10:26 -------- d-----w- c:\program files\UltiDev
2010-12-04 10:23 . 2010-12-04 10:26 -------- d-----w- c:\program files\AtlasSkolstvi
2010-11-26 21:10 . 2010-11-26 21:10 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Media Player Classic
2010-11-20 11:44 . 2010-11-20 11:44 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 19:16 . 2009-12-18 14:06 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-12-09_12.18.53 )))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBCore"="c:\program files\Common Files\Nero\Nero BackItUp 4\NBCore.exe" [2009-09-23 1598760]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"PC Suite Tray"="c:\documents and settings\xp\Plocha\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.12.2010 11:41 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.12.2010 11:41 17744]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
S2 gupdate1caacd933cab9b9;Služba Google Update (gupdate1caacd933cab9b9);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2010 19:20 133104]
S4 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [8.2.2007 0:06 49152]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - eeCtrl
.
Obsah adresáře 'Naplánované úlohy'
2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:20]
2010-12-14 c:\windows\Tasks\Norton Security Scan for xp.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-16 07:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
FF - ProfilePath - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\7hx0h7mp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\documents and settings\xp\Plocha\Nokia PC Suite 7\bkmrksync
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-15 10:31
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3912)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-12-15 10:32:21
ComboFix-quarantined-files.txt 2010-12-15 09:32
ComboFix2.txt 2010-12-15 08:55
ComboFix3.txt 2010-12-08 08:42
Před spuštěním: Volných bajtů: 414 397 476 864
Po spuštění: Volných bajtů: 414 386 810 880
- - End Of File - - 4CED5394768140B92C9F8296E44981EC
Přispějete na provoz fóra?