pro Motji - Win srv 2003 a rootkit

[dopa]

Tak píšu... předem děkuji. Posílám log (je rozdělen na dvě části. nevešelo se tom celéú:

Logfile of random's system information tool 1.08 (written by random/random)
Run by administrator at 2010-12-14 07:07:00
Microsoft(R) Windows(R) Server 2003 for Small Business Server Service Pack 2
System drive C: has 441 MB (4%) free of 12 GB
Total RAM: 3062 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:07:43, on 14.12.2010
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBAttachServer.exe
C:\WINDOWS\system32\certsrv.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
F:\xampplite\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\rinetd\Srvany.exe
C:\WINDOWS\System32\wins.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\Program Files\Exchsrvr\bin\mad.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows Small Business Server\monitoring\WbLogSvc.exe
C:\WINDOWS\System32\dns.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe
F:\xampplite\apache\bin\Apache.exe
F:\xampplite\apache\bin\Apache.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\inetsrv\w3wp.exe
f:\asPI\aspiusrv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Java\jre1.5.0_14\bin\jucheck.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Java\jre1.5.0_14\bin\jucheck.exe
C:\Program Files\Exchsrvr\bin\store.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryAgent.exe
C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe
C:\WINDOWS\system32\mmc.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\ntbackup.exe
C:\WINDOWS\system32\rsmsink.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory\windows-kb890830-v3.13.exe
f:\1b4a8507d003cd6f0febe041\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-238689707-2352026256-1297099887-1194\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'blackberry')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: GuildFTPd FTP Deamon.lnk = C:\Program Files\GuildFTPd\GuildFTPd.exe
O4 - Startup: setup_9.0.0.722_13.12.2010_10-22.lnk = F:\Virus Removal Tool1\setup_9.0.0.722_13.12.2010_10-22\startup.exe
O4 - Startup: Správa serverů.lnk = ?
O4 - Startup: _uninst_setup_9.0.0.722_18.10.2010_00-41.exe.lnk = C:\Documents and Settings\Administrator\Local Settings\Temp\1\_uninst_setup_9.0.0.722_18.10.2010_00-41.exe.bat
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\npjpi150_14.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\npjpi150_14.dll
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O15 - ESC Trusted Zone: http://alcatel.allin1.cz
O15 - ESC Trusted Zone: http://view.atdmt.com
O15 - ESC Trusted Zone: http://www.boutell.com
O15 - ESC Trusted Zone: http://www.dynawell.com
O15 - ESC Trusted Zone: http://the.earth.li
O15 - ESC Trusted Zone: http://clients1.google.cz
O15 - ESC Trusted Zone: http://www.google.cz
O15 - ESC Trusted Zone: http://www.gtopala.net
O15 - ESC Trusted Zone: http://cz.download.kerio.com
O15 - ESC Trusted Zone: http://www.kerio.cz
O15 - ESC Trusted Zone: http://*.msexchangeteam.com
O15 - ESC Trusted Zone: http://ads1.msn.com
O15 - ESC Trusted Zone: http://rad.msn.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://*.onanet.eu
O15 - ESC Trusted Zone: http://www.smc-prc.com
O15 - ESC Trusted Zone: http://surfnet.dl.sourceforge.net
O15 - ESC Trusted Zone: http://ftp.stahuj.cz
O15 - ESC Trusted Zone: http://sdlc-esd.sun.com
O15 - ESC Trusted Zone: http://*.tredosoft.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://www.zive.cz
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://216.223.71.45
O15 - ESC Trusted IP range: http://192.168.0.1
O15 - ESC Trusted IP range: http://192.168.0.254
O15 - ESC Trusted IP range: http://192.168.0.250
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7427992464
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = smedjorgensen.local
O17 - HKLM\Software\..\Telephony: DomainName = smedjorgensen.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF1BE4C8-44B2-4372-AC2D-860697B7CAAE}: NameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1DA5514-9A7B-40C1-8506-6729D0A56B85}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF43106F-4796-41AF-A65F-6740E59D1078}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = smedjorgensen.local
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apache2 - Apache Software Foundation - F:\xampplite\apache\bin\Apache.exe
O23 - Service: Aspi Server - Unknown owner - f:\asPI\aspiusrv.exe
O23 - Service: BlackBerry Attachment Service (BBAttachServer) - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBAttachServer.exe
O23 - Service: BlackBerry Controller - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryController.exe
O23 - Service: BlackBerry Dispatcher - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryDispatcher.exe
O23 - Service: BlackBerry MDS Connection Service - Research In Motion - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\bin\bmds.exe
O23 - Service: BlackBerry Policy Service - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\ITAdminServer.exe
O23 - Service: BlackBerry Router - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BypassRouter\BlackberryRouter.exe
O23 - Service: BlackBerry Alert (BlackBerry Server Alert) - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BESAlert.exe
O23 - Service: BlackBerry Synchronization Service (BlackBerry SyncServer) - Research In Motion Limited - C:\Program Files\Research In Motion\BlackBerry Enterprise Server\SyncServer\BlackBerrySyncServer.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: mysql - Unknown owner - F:\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: srvany - Unknown owner - c:\rinetd\Srvany.exe

--
End of file - 11443 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ShadowCopyVolume{756783ac-95b0-11db-b2da-806e6f6e6963}.job
C:\WINDOWS\tasks\Shromáždit data o využití.job
C:\WINDOWS\tasks\Shromáždit data o výkonu serveru.job
C:\WINDOWS\tasks\Small Business Server - Server Status Report - Zpráva o využití serveru.job
C:\WINDOWS\tasks\Small Business Server - Server Status Report - Zpráva o výkonu serveru.job
C:\WINDOWS\tasks\ZalohaNT.job
C:\WINDOWS\tasks\Úloha automatického schválení služby Update Services.job
C:\WINDOWS\tasks\Úloha konfigurace služby Update Services.job
C:\WINDOWS\tasks\Úloha synchronizace služby Update Services.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll [2007-10-05 452080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2009-03-25 615696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe [2007-10-05 75256]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-11-29 963976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2007-02-17 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2007-11-20 218496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Desktop Manager.lnk]
C:\PROGRA~1\RESEAR~1\BLACKB~2\DESKTO~1.EXE [2009-03-25 1545488]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
GuildFTPd FTP Deamon.lnk - C:\Program Files\GuildFTPd\GuildFTPd.exe
setup_9.0.0.722_13.12.2010_10-22.lnk - F:\Virus Removal Tool1\setup_9.0.0.722_13.12.2010_10-22\startup.exe
Správa serverů.lnk - C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe
_uninst_setup_9.0.0.722_18.10.2010_00-41.exe.lnk - C:\Documents and Settings\Administrator\Local Settings\Temp\1\_uninst_setup_9.0.0.722_18.10.2010_00-41.exe.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
C:\WINDOWS\system32\crypt32.dll [2008-02-06 598528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
C:\WINDOWS\system32\cryptnet.dll [2007-02-17 62464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
C:\WINDOWS\system32\cscdll.dll [2007-02-17 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
C:\WINDOWS\system32\dimsntfy.dll [2007-02-17 19456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
C:\WINDOWS\system32\sclgntfy.dll [2006-06-05 21504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
C:\WINDOWS\system32\WlNotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll [2010-07-27 8366080]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll [2010-07-27 8366080]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll [2009-03-08 236544]
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll [2007-02-17 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll [2010-09-09 1033728]
Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll [2010-09-09 1033728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=C:\WINDOWS\system32\shell32.dll [2010-07-27 8366080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=RASSFM
KDCSVC
WDIGEST
scecli
dsrestor

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, pwdssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCore]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmadmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmboot.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmload.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ip6fw.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NtLmSsp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpcdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpwd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBCore]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdpipe.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdtcp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\termservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WZCSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[dopa]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"disablecad"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ShowSuperHidden"=1
"HonorAutoRunSetting"=1
"NoWelcomeScreen"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-12-14 07:07:01 ----D---- C:\Program Files\trend micro
2010-12-14 07:07:00 ----D---- C:\rsit
2010-12-13 16:46:20 ----N---- C:\WINDOWS\system32\drivers\03621182.sys
2010-12-13 16:46:20 ----N---- C:\WINDOWS\system32\drivers\03621181.sys
2010-12-13 16:46:20 ----N---- C:\WINDOWS\system32\drivers\0362118.sys
2010-12-13 14:46:08 ----D---- C:\Program Files\LogMeIn Hamachi
2010-12-13 13:40:01 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Hamachi
2010-12-13 13:38:56 ----H---- C:\WINDOWS\system32\drivers\hamachi.sys
2010-12-13 10:34:17 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2010-12-13 10:33:59 ----N---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-12-13 10:33:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-12-13 10:33:52 ----N---- C:\WINDOWS\system32\drivers\mbam.sys
2010-12-13 10:33:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-13 10:20:04 ----D---- C:\WINDOWS\LastGood

======List of files/folders modified in the last 1 months======

2010-12-14 07:07:01 ----RD---- C:\Program Files
2010-12-14 07:05:24 ----D---- C:\WINDOWS\Temp
2010-12-14 07:05:09 ----D---- C:\WINDOWS\system32\inetsrv
2010-12-14 07:04:00 ----D---- C:\WINDOWS
2010-12-14 06:56:08 ----D---- C:\Program Files\Mozilla Firefox
2010-12-14 06:17:48 ----D---- C:\WINDOWS\system32\dhcp
2010-12-14 06:16:47 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Wireshark
2010-12-14 06:16:15 ----D---- C:\WINDOWS\system32\FxsTmp
2010-12-13 21:51:32 ----D---- C:\Program Files\WinPcap
2010-12-13 21:51:29 ----D---- C:\WINDOWS\system32
2010-12-13 21:51:11 ----D---- C:\WINDOWS\system32\drivers
2010-12-13 20:00:07 ----D---- C:\WINDOWS\system32\NtmsData
2010-12-13 19:48:14 ----D---- C:\WINDOWS\system32\LogFiles
2010-12-13 17:36:34 ----D---- C:\WINDOWS\security
2010-12-13 17:03:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2010-12-13 16:59:21 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-13 16:55:12 ----D---- C:\WINDOWS\inf
2010-12-13 16:38:53 ----N---- C:\WINDOWS\wincmd.ini
2010-12-13 14:47:33 ----SHD---- C:\WINDOWS\Installer
2010-12-13 14:47:29 ----SHD---- C:\Config.Msi
2010-12-13 12:37:49 ----D---- C:\WINDOWS\system32\ias
2010-12-13 10:24:06 ----SHD---- C:\System Volume Information
2010-12-11 04:15:11 ----D---- C:\WINDOWS\Debug
2010-12-08 13:59:36 ----D---- C:\WINDOWS\NTDS
2010-11-15 18:43:02 ----N---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 03621182;03621182 Boot Guard Driver; C:\WINDOWS\system32\DRIVERS\03621182.sys [2009-10-22 37392]
R0 ACPI;Microsoft ACPI Driver; C:\WINDOWS\system32\DRIVERS\ACPI.sys [2007-02-17 194560]
R0 atapi;Standardní řadič disku IDE či ESDI; C:\WINDOWS\system32\DRIVERS\atapi.sys [2007-02-17 96768]
R0 crcdisk;Ovladač filtru disku CRC; C:\WINDOWS\system32\DRIVERS\crcdisk.sys [2007-02-17 17920]
R0 DfsDriver;DfsDriver; C:\WINDOWS\system32\drivers\Dfs.sys [2007-02-17 34816]
R0 Disk;Ovladač disku; C:\WINDOWS\system32\DRIVERS\disk.sys [2007-02-17 39936]
R0 dmio;Ovladač správce logických disků; C:\WINDOWS\System32\drivers\dmio.sys [2007-02-17 151552]
R0 dmload;dmload; C:\WINDOWS\System32\drivers\dmload.sys [2006-06-05 7680]
R0 FltMgr;FltMgr; C:\WINDOWS\system32\drivers\fltmgr.sys [2007-02-17 130560]
R0 Ftdisk;Ovladač správce svazků; C:\WINDOWS\system32\DRIVERS\ftdisk.sys [2007-02-17 137216]
R0 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2007-02-17 7680]
R0 isapnp;Řadič Plug and Play sběrnice ISA/EISA; C:\WINDOWS\system32\DRIVERS\isapnp.sys [2007-02-17 38912]
R0 KSecDD;KSecDD; C:\WINDOWS\system32\drivers\KSecDD.sys [2009-06-15 134656]
R0 MegaIDE;MegaIDE; C:\WINDOWS\system32\drivers\MegaIDE.sys [2005-10-11 177152]
R0 MountMgr;Správce přípojných bodů; C:\WINDOWS\system32\drivers\MountMgr.sys [2007-02-17 46592]
R0 Mup;Služba Multiple UNC Provider; C:\WINDOWS\system32\drivers\Mup.sys [2007-02-17 103424]
R0 NDIS;Systémový ovladač NDIS; C:\WINDOWS\system32\drivers\NDIS.sys [2007-02-17 210432]
R0 PartMgr;Správce oddílů; C:\WINDOWS\system32\drivers\PartMgr.sys [2007-02-17 25088]
R0 PCI;Řadič sběrnice PCI; C:\WINDOWS\system32\DRIVERS\pci.sys [2007-02-17 75264]
R0 PCIIde;PCIIde; C:\WINDOWS\system32\drivers\PCIIde.sys [2006-06-05 5632]
R0 VolSnap;Paměťové svazky; C:\WINDOWS\system32\DRIVERS\volsnap.sys [2007-02-17 153600]
R1 03621181;03621181; C:\WINDOWS\system32\DRIVERS\03621181.sys [2009-09-25 128016]
R1 AFD;AFD; C:\WINDOWS\System32\drivers\afd.sys [2008-10-16 150528]
R1 Beep;Beep; C:\WINDOWS\system32\drivers\Beep.sys [2006-06-05 6144]
R1 Cdrom;Ovladač jednotky CD-ROM; C:\WINDOWS\system32\DRIVERS\cdrom.sys [2007-02-17 52224]
R1 Fips;Fips; C:\WINDOWS\system32\drivers\Fips.sys [2007-02-17 45568]
R1 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver; C:\WINDOWS\system32\DRIVERS\i8042prt.sys [2007-02-17 55296]
R1 IPSec;Ovladač IPSEC; C:\WINDOWS\system32\DRIVERS\ipsec.sys [2007-02-17 82432]
R1 Kbdclass;Ovladač třídy klávesnic; C:\WINDOWS\system32\DRIVERS\kbdclass.sys [2007-02-17 25600]
R1 mnmdd;mnmdd; C:\WINDOWS\system32\drivers\mnmdd.sys [2006-06-05 6144]
R1 Mouclass;Ovladač třídy myší; C:\WINDOWS\system32\DRIVERS\mouclass.sys [2006-06-05 23040]
R1 MRxSmb;MRXSMB; C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [2010-02-24 438784]
R1 Msfs;Msfs; C:\WINDOWS\system32\drivers\Msfs.sys [2007-02-17 21504]
R1 NetBIOS;Rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\netbios.sys [2007-02-17 34816]
R1 NetBT;Rozhraní NetBios nad protokolem TCP/IP; C:\WINDOWS\system32\DRIVERS\netbt.sys [2007-02-17 180224]
R1 Npfs;Npfs; C:\WINDOWS\system32\drivers\Npfs.sys [2007-02-17 32256]
R1 Null;Null; C:\WINDOWS\system32\drivers\Null.sys [2006-06-05 4608]
R1 RasAcd;Ovladač automatického připojení pomocí vzdáleného přístupu; C:\WINDOWS\system32\DRIVERS\rasacd.sys [2006-06-05 10752]
R1 Rdbss;Rdbss; C:\WINDOWS\system32\DRIVERS\rdbss.sys [2010-02-24 177664]
R1 RDPCDD;RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [2006-06-05 6144]
R1 redbook;Digital CD Audio Playback Filter Driver; C:\WINDOWS\system32\DRIVERS\redbook.sys [2007-02-17 61952]
R1 Serial;Ovladač sériového portu; C:\WINDOWS\system32\DRIVERS\serial.sys [2007-02-17 65536]
R1 Tcpip;Ovladač protokolu TCP/IP; C:\WINDOWS\system32\DRIVERS\tcpip.sys [2009-08-15 393216]
R1 TermDD;Ovladač terminálového zařízení; C:\WINDOWS\system32\DRIVERS\termdd.sys [2007-02-17 41608]
R2 EXIFS;EXIFS; \??\C:\WINDOWS\system32\drivers\exifs.sys []
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2010-06-25 35088]
R2 Parvdm;Parvdm; C:\WINDOWS\system32\DRIVERS\parvdm.sys [2006-06-05 8704]
R3 audstub;Prázdný zvukový ovladač; C:\WINDOWS\system32\DRIVERS\audstub.sys [2003-03-25 5120]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-10-03 158208]
R3 Fdc;Ovladač řadiče disketové jednotky; C:\WINDOWS\system32\DRIVERS\fdc.sys [2007-02-17 24576]
R3 Flpydisk;Ovladač disketové jednotky; C:\WINDOWS\system32\DRIVERS\flpydisk.sys [2006-06-05 18432]
R3 Gpc;Obecné třídění paketů; C:\WINDOWS\system32\DRIVERS\msgpc.sys [2007-02-17 39424]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 HTTP;Služba HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [2010-04-19 294400]
R3 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-02-17 40448]
R3 IpFilterDriver;IP Traffic Filter Driver; C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [2007-02-17 32768]
R3 IpNat;IP Network Address Translator; C:\WINDOWS\system32\DRIVERS\ipnat.sys [2007-02-17 119296]
R3 Modem;Modem; C:\WINDOWS\system32\drivers\Modem.sys [2007-02-17 31232]
R3 MRxDAV;Přesměrovač klienta WebDav; C:\WINDOWS\system32\DRIVERS\mrxdav.sys [2007-12-17 188928]
R3 mssmbios;Ovladač Microsoft System Management BIOS; C:\WINDOWS\system32\DRIVERS\mssmbios.sys [2007-02-17 19968]
R3 NdisTapi;Ovladač Remote Access NDIS TAPI; C:\WINDOWS\system32\DRIVERS\ndistapi.sys [2007-02-17 12288]
R3 NdisWan;Ovladač Remote Access NDIS WAN; C:\WINDOWS\system32\DRIVERS\ndiswan.sys [2007-02-17 89600]
R3 NDProxy;Služba NDIS Proxy; C:\WINDOWS\system32\drivers\NDProxy.sys [2007-02-17 40960]
R3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2007-02-17 42496]
R3 Parport;Ovladač paralelního portu; C:\WINDOWS\system32\DRIVERS\parport.sys [2007-02-17 81408]
R3 PptpMiniport;Připojení WAN Miniport (PPTP); C:\WINDOWS\system32\DRIVERS\raspptp.sys [2007-02-17 59904]
R3 Ptilink;Direct Parallel Link Driver; C:\WINDOWS\system32\DRIVERS\ptilink.sys [2007-02-17 20480]
R3 Rasl2tp;WAN Miniport (L2TP); C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [2007-02-17 65536]
R3 RasPppoe;Ovladač pro vzdálený přístup PPPOE; C:\WINDOWS\system32\DRIVERS\raspppoe.sys [2007-02-17 40960]
R3 Raspti;Přímé propojení paralelním kabelem; C:\WINDOWS\system32\DRIVERS\raspti.sys [2007-02-17 19968]
R3 rdpdr;Ovladač přesměrovače zařízení terminálového serveru; C:\WINDOWS\system32\DRIVERS\rdpdr.sys [2007-02-17 200192]
R3 RDPWD;RDPWD; C:\WINDOWS\system32\drivers\RDPWD.sys [2007-02-17 152200]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-06-05 7680]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2005-03-24 20992]
R3 serenum;Ovladač filtru Serenum; C:\WINDOWS\system32\DRIVERS\serenum.sys [2007-02-17 17920]
R3 Srv;Srv; C:\WINDOWS\system32\DRIVERS\srv.sys [2010-08-16 380928]
R3 swenum;Softwarový ovladač sběrnice; C:\WINDOWS\system32\DRIVERS\swenum.sys [2007-02-17 4736]
R3 TDTCP;TDTCP; C:\WINDOWS\system32\drivers\TDTCP.sys [2007-02-17 24200]
R3 Update;Ovladač aktualizace mikrokódu; C:\WINDOWS\system32\DRIVERS\update.sys [2007-05-28 365056]
R3 usbehci;Ovladač Miniport vylepšeného hostitelského řadiče Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-02-17 27520]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-02-17 60416]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-02-17 20864]
R3 vga;vga; C:\WINDOWS\system32\DRIVERS\vgapnp.sys [2007-02-17 24064]
R3 Wanarp;Ovladač Remote Access IP ARP; C:\WINDOWS\system32\DRIVERS\wanarp.sys [2007-02-17 36352]
R4 80856891;80856891; C:\WINDOWS\system32\DRIVERS\80856891.sys []
R4 Cdfs;Cdfs; C:\WINDOWS\system32\drivers\Cdfs.sys [2007-02-17 65536]
R4 Fastfat;Fastfat; C:\WINDOWS\system32\drivers\Fastfat.sys [2007-02-17 151040]
R4 Ntfs;Ntfs; C:\WINDOWS\system32\drivers\Ntfs.sys [2007-02-17 589824]
S1 Changer;Changer; C:\WINDOWS\system32\drivers\Changer.sys []
S1 i2omgmt;i2omgmt; C:\WINDOWS\system32\drivers\i2omgmt.sys []
S1 imapi;CD-Burning Filter Driver; C:\WINDOWS\system32\DRIVERS\imapi.sys [2007-02-17 43520]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2007-02-17 17408]
S1 Sfloppy;Sfloppy; C:\WINDOWS\system32\drivers\Sfloppy.sys [2006-06-05 12288]
S1 VgaSave;Grafický řadič VGA; C:\WINDOWS\System32\drivers\vga.sys [2007-02-17 23552]
S3 AsyncMac;Ovladač asynchronních médií připojení RAS; C:\WINDOWS\system32\DRIVERS\asyncmac.sys [2006-06-05 16384]
S3 Atmarpc;Protokol ATM ARP Client; C:\WINDOWS\system32\DRIVERS\atmarpc.sys [2007-02-17 59392]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2003-03-25 11776]
S3 Ip6Fw;Ovladač IPv6 brány firewall systému Windows; C:\WINDOWS\system32\drivers\ip6fw.sys [2007-02-17 36352]
S3 IpInIp;IP in IP Tunnel Driver; C:\WINDOWS\system32\DRIVERS\ipinip.sys []
S3 IRENUM;Služba čítače výčtu IR; C:\WINDOWS\system32\DRIVERS\irenum.sys [2007-02-17 12800]
S3 kvpndev;Kerio VPN adapter; C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2006-03-29 59392]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2003-05-15 13312]
S3 Ndisuio;Protokol NDIS uživatelského režimu V/V; C:\WINDOWS\system32\DRIVERS\ndisuio.sys [2007-02-17 16384]
S3 PDCOMP;PDCOMP; C:\WINDOWS\system32\drivers\PDCOMP.sys []
S3 PDFRAME;PDFRAME; C:\WINDOWS\system32\drivers\PDFRAME.sys []
S3 PDRELI;PDRELI; C:\WINDOWS\system32\drivers\PDRELI.sys []
S3 PDRFRAME;PDRFRAME; C:\WINDOWS\system32\drivers\PDRFRAME.sys []
S3 RimUsb;zařízení BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 Secdrv;Secdrv; C:\WINDOWS\system32\DRIVERS\secdrv.sys [2007-11-13 20480]
S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 TDPIPE;TDPIPE; C:\WINDOWS\system32\drivers\TDPIPE.sys [2007-02-17 12936]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2007-02-17 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-02-17 28160]
S3 WDICA;WDICA; C:\WINDOWS\system32\drivers\WDICA.sys []
S3 WLBS;Vyrovnávání zatížení sítě; C:\WINDOWS\system32\DRIVERS\wlbs.sys [2007-02-17 177152]
S4 Abiosdsk;Abiosdsk; C:\WINDOWS\system32\drivers\Abiosdsk.sys []
S4 ACPIEC;ACPIEC; C:\WINDOWS\system32\drivers\ACPIEC.sys [2006-06-05 13312]
S4 adpu160m;adpu160m; C:\WINDOWS\system32\drivers\adpu160m.sys []
S4 adpu320;adpu320; C:\WINDOWS\system32\drivers\adpu320.sys []
S4 afcnt;afcnt; C:\WINDOWS\system32\drivers\afcnt.sys []
S4 aic78u2;aic78u2; C:\WINDOWS\system32\drivers\aic78u2.sys []
S4 aic78xx;aic78xx; C:\WINDOWS\system32\drivers\aic78xx.sys []
S4 AliIde;AliIde; C:\WINDOWS\system32\drivers\AliIde.sys []
S4 AmdIde;AmdIde; C:\WINDOWS\system32\drivers\AmdIde.sys [2007-02-17 7680]
S4 arc;arc; C:\WINDOWS\system32\drivers\arc.sys [2007-02-17 43520]
S4 Atdisk;Atdisk; C:\WINDOWS\system32\drivers\Atdisk.sys []
S4 cbidf2k;cbidf2k; C:\WINDOWS\system32\drivers\cbidf2k.sys [2006-06-05 15360]
S4 cd20xrnt;cd20xrnt; C:\WINDOWS\system32\drivers\cd20xrnt.sys []
S4 ClusDisk;Cluster Disk Driver; C:\WINDOWS\system32\DRIVERS\ClusDisk.sys [2007-02-17 69120]
S4 CmdIde;CmdIde; C:\WINDOWS\system32\drivers\CmdIde.sys []
S4 Cpqarray;Cpqarray; C:\WINDOWS\system32\drivers\Cpqarray.sys []
S4 cpqarry2;cpqarry2; C:\WINDOWS\system32\drivers\cpqarry2.sys []
S4 cpqcissm;cpqcissm; C:\WINDOWS\system32\drivers\cpqcissm.sys []
S4 cpqfcalm;cpqfcalm; C:\WINDOWS\system32\drivers\cpqfcalm.sys []
S4 dac2w2k;dac2w2k; C:\WINDOWS\system32\drivers\dac2w2k.sys []
S4 dac960nt;dac960nt; C:\WINDOWS\system32\drivers\dac960nt.sys []
S4 dellcerc;dellcerc; C:\WINDOWS\system32\drivers\dellcerc.sys []
S4 dmboot;dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [2007-02-17 268800]
S4 dpti2o;dpti2o; C:\WINDOWS\system32\drivers\dpti2o.sys []
S4 elxstor;elxstor; C:\WINDOWS\system32\drivers\elxstor.sys []
S4 hpcisss;hpcisss; C:\WINDOWS\system32\drivers\hpcisss.sys [2007-02-17 23552]
S4 hpn;hpn; C:\WINDOWS\system32\drivers\hpn.sys []
S4 hpt3xx;hpt3xx; C:\WINDOWS\system32\drivers\hpt3xx.sys []
S4 i2omp;i2omp; C:\WINDOWS\system32\drivers\i2omp.sys []
S4 iirsp;iirsp; C:\WINDOWS\system32\drivers\iirsp.sys []
S4 ipsraidn;ipsraidn; C:\WINDOWS\system32\drivers\ipsraidn.sys []
S4 lp6nds35;lp6nds35; C:\WINDOWS\system32\drivers\lp6nds35.sys []
S4 mraid35x;mraid35x; C:\WINDOWS\system32\drivers\mraid35x.sys []
S4 nfrd960;nfrd960; C:\WINDOWS\system32\drivers\nfrd960.sys []
S4 Pcmcia;Pcmcia; C:\WINDOWS\system32\drivers\Pcmcia.sys [2007-02-17 121856]
S4 perc2;perc2; C:\WINDOWS\system32\drivers\perc2.sys []
S4 perc2hib;perc2hib; C:\WINDOWS\system32\drivers\perc2hib.sys []
S4 ql1080;ql1080; C:\WINDOWS\system32\drivers\ql1080.sys []
S4 Ql10wnt;Ql10wnt; C:\WINDOWS\system32\drivers\Ql10wnt.sys []
S4 ql12160;ql12160; C:\WINDOWS\system32\drivers\ql12160.sys []
S4 ql1240;ql1240; C:\WINDOWS\system32\drivers\ql1240.sys []
S4 ql1280;ql1280; C:\WINDOWS\system32\drivers\ql1280.sys []
S4 ql2100;ql2100; C:\WINDOWS\system32\drivers\ql2100.sys []
S4 ql2200;ql2200; C:\WINDOWS\system32\drivers\ql2200.sys []
S4 ql2300;ql2300; C:\WINDOWS\system32\drivers\ql2300.sys []
S4 Simbad;Simbad; C:\WINDOWS\system32\drivers\Simbad.sys []
S4 sym_hi;sym_hi; C:\WINDOWS\system32\drivers\sym_hi.sys []
S4 sym_u3;sym_u3; C:\WINDOWS\system32\drivers\sym_u3.sys []
S4 symc810;symc810; C:\WINDOWS\system32\drivers\symc810.sys []
S4 symc8xx;symc8xx; C:\WINDOWS\system32\drivers\symc8xx.sys []
S4 symmpi;symmpi; C:\WINDOWS\system32\drivers\symmpi.sys []
S4 TosIde;TosIde; C:\WINDOWS\system32\drivers\TosIde.sys []
S4 Udfs;Udfs; C:\WINDOWS\system32\drivers\Udfs.sys [2007-02-17 67584]
S4 ultra;ultra; C:\WINDOWS\system32\drivers\ultra.sys []
S4 ViaIde;ViaIde; C:\WINDOWS\system32\drivers\ViaIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AeLookupSvc;Služba vyhledávání zkušeností aplikací; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 Apache2;Apache2; F:\xampplite\apache\bin\Apache.exe [2005-02-16 20536]
R2 Aspi Server;Aspi Server; f:\asPI\aspiusrv.exe [2010-03-05 81920]
R2 BBAttachServer;BlackBerry Attachment Service; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBAttachServer.exe [2008-07-16 749703]
R2 BlackBerry Controller;BlackBerry Controller; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryController.exe [2008-07-16 884864]
R2 BlackBerry Dispatcher;BlackBerry Dispatcher; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryDispatcher.exe [2008-07-16 2621574]
R2 BlackBerry MDS Connection Service;BlackBerry MDS Connection Service; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\bin\bmds.exe [2008-07-16 73728]
R2 BlackBerry Policy Service;BlackBerry Policy Service; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\ITAdminServer.exe [2008-07-16 5652600]
R2 BlackBerry Router;BlackBerry Router; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BypassRouter\BlackberryRouter.exe [2008-07-16 1060982]
R2 BlackBerry Server Alert;BlackBerry Alert; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BESAlert.exe [2008-07-16 557176]
R2 BlackBerry SyncServer;BlackBerry Synchronization Service; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\SyncServer\BlackBerrySyncServer.exe [2008-07-16 2105471]
R2 Browser;Prohledávání počítačů; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 CertSvc;Certifikační služba; C:\WINDOWS\system32\certsrv.exe [2007-02-17 317440]
R2 CryptSvc;Šifrování; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 DcomLaunch;Spouštěč procesů serveru DCOM; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 Dfs;Systém souborů DFS; C:\WINDOWS\system32\Dfssvc.exe [2007-02-17 164864]
R2 Dhcp;Klient DHCP; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 DHCPServer;Server DHCP; C:\WINDOWS\system32\tcpsvcs.exe [2006-06-05 21504]
R2 dmserver;Správce logických disků; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 DNS;Server DNS; C:\WINDOWS\System32\dns.exe [2009-02-17 449024]
R2 Dnscache;Klient DNS; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 ERSvc;Zasílání zpráv o chybách; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Eventlog;Protokol událostí; C:\WINDOWS\system32\services.exe [2009-02-09 113664]
R2 EventSystem;Systém událostí COM+; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 HidServ;HID Input Service; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 HTTPFilter;Služba HTTP SSL; C:\WINDOWS\system32\lsass.exe [2006-06-05 16384]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-02-17 14336]
R2 IMAP4Svc;Microsoft Exchange IMAP4; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-02-17 14336]
R2 kdc;Centrum distribuce klíčů modulu Kerberos; C:\WINDOWS\System32\lsass.exe [2006-06-05 16384]
R2 lanmanserver;Server; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 lanmanworkstation;Pracovní stanice; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 LicenseService;Protokolování licence; C:\WINDOWS\System32\llssrv.exe [2007-02-17 94720]
R2 LmHosts;Podpora rozhraní NetBIOS nad protokolem TCP/IP; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 MSDTC;Koordinátor DTC; C:\WINDOWS\system32\msdtc.exe [2008-07-23 6144]
R2 MSExchangeIS;Microsoft Exchange Information Store; C:\Program Files\Exchsrvr\bin\store.exe [2005-10-04 5227520]
R2 MSExchangeMGMT;Microsoft Exchange Management; C:\Program Files\Exchsrvr\bin\exmgmt.exe [2005-08-25 3217408]
R2 MSExchangeSA;Microsoft Exchange System Attendant; C:\Program Files\Exchsrvr\bin\mad.exe [2005-08-25 8920064]
R2 MSFtpsvc;Služba Publikování FTP; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-02-17 14336]
R2 MSPOP3Connector;Microsoft Connector for POP3 Mailboxes; C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe [2005-05-25 33600]
R2 MSSEARCH;Microsoft Search; C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe [2006-06-05 69632]
R2 MSSQL$MICROSOFT##SSEE;Windows Internal Database (MICROSOFT##SSEE); C:\WINDOWS\SYSMSI\SSEE\MSSQL.2005\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R2 MSSQL$SBSMONITORING;MSSQL$SBSMONITORING; C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe [2005-05-04 9150464]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2002-12-17 7520337]
R2 mysql;mysql; F:\xampplite\mysql\bin\mysqld-nt --defaults-file=F:\xampplite\mysql\bin\my.cnf mysql []
R2 Netlogon;Přihlašování k síti; C:\WINDOWS\system32\lsass.exe [2006-06-05 16384]
R2 NtFrs;Služba replikace souborů; C:\WINDOWS\system32\ntfrs.exe [2007-02-17 792576]
R2 PlugPlay;Plug and Play; C:\WINDOWS\system32\services.exe [2009-02-09 113664]
R2 PolicyAgent;Služby IPSEC; C:\WINDOWS\system32\lsass.exe [2006-06-05 16384]
R2 POP3Svc;Microsoft Exchange POP3; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-02-17 14336]
R2 ProtectedStorage;Chráněné úložiště; C:\WINDOWS\system32\lsass.exe [2006-06-05 16384]
R2 RemoteAccess;Směrování a vzdálený přístup; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 RemoteRegistry;Vzdálený registr; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 RESvc;Microsoft Exchange Routing Engine; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-02-17 14336]
R2 RpcSs;Vzdálené volání procedur (RPC); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 SamSs;Správce zabezpečení účtů; C:\WINDOWS\system32\lsass.exe [2006-06-05 16384]
R2 seclogon;Sekundární přihlašování; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 SENS;Oznamování systémových událostí; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 ShellHWDetection;Rozpoznávání hardwaru; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Schedule;Plánovač úloh; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-02-17 14336]
R2 Spooler;Zařazování tisku; C:\WINDOWS\system32\spoolsv.exe [2010-08-17 58880]
R2 SQLAgent$SBSMONITORING;SQLAgent$SBSMONITORING; C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE [2005-05-03 323584]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 srvany;srvany; c:\rinetd\Srvany.exe [1999-02-13 8464]
R2 W32Time;Systémový čas; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 W3SVC;Služba Publikování na webu; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 WBLOGSVC;Služba protokolování webového využití; C:\Program Files\Microsoft Windows Small Business Server\monitoring\WbLogSvc.exe [2005-05-25 22336]
R2 WebClient;Webový klient; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 winmgmt;Služba WMI; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 WINS;WINS; C:\WINDOWS\System32\wins.exe [2009-05-28 157696]
R2 WsusService;Služba Update Service; C:\Program Files\Update Services\Service\bin\WsusService.exe [2008-01-23 26224]
R2 wuauserv;Automatické aktualizace; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R3 ALG;Služba brány aplikačního rozhraní; C:\WINDOWS\System32\alg.exe [2007-02-17 45056]
R3 BITS;Služba inteligentního přenosu na pozadí; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R3 Netman;Síťová připojení; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R3 Nla;Sledování umístění v síti (NLA); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R3 NtLmSsp;Zprostředkovatel zabezpečení NT LM; C:\WINDOWS\system32\lsass.exe [2006-06-05 16384]
R3 NtmsSvc;Vyměnitelné úložiště; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R3 RasMan;Správce vzdáleného přístupu; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R3 swprv;Microsoft Software Shadow Copy Provider; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R3 TapiSrv;Telefonní subsystém; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R3 TermService;Terminálová služba; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R3 VSS;Stínová kopie svazku; C:\WINDOWS\System32\vssvc.exe [2007-02-17 837632]
S2 SharedAccess;Brána Firewall / Sdílení připojení k Internetu (ICS); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S2 SysmonLog;Výstrahy a protokolování výkonu; C:\WINDOWS\system32\smlogsvc.exe [2007-02-17 96768]
S3 AppMgmt;Správa aplikací; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AudioSrv;Zvuk systému Windows; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 CiSvc;Indexing Service; C:\WINDOWS\system32\cisvc.exe [2007-02-17 6656]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 COMSysApp;Systémové aplikace modelu COM+; C:\WINDOWS\system32\dllhost.exe [2007-02-17 5632]
S3 dmadmin;Služba správy pro Správce logických disků; C:\WINDOWS\System32\dmadmin.exe [2007-02-17 235008]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2007-02-17 269824]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSExchangeES;Microsoft Exchange Event; C:\Program Files\Exchsrvr\bin\events.exe [2003-06-03 94720]
S3 MSIServer;Služba Windows Installer; C:\WINDOWS\system32\msiexec.exe [2007-02-17 78848]
S3 MSSQL$SHAREPOINT;MSSQL$SHAREPOINT; C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe [2008-12-16 9158656]
S3 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S3 RDSessMgr;Správce relací nápovědy ke vzdálené ploše; C:\WINDOWS\system32\sessmgr.exe [2007-02-17 124928]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 RpcLocator;Lokátor vzdáleného volání procedur (RPC); C:\WINDOWS\system32\locator.exe [2006-06-05 71680]
S3 RSoPProv;Poskytovatel výsledné sady zásad; C:\WINDOWS\system32\RSoPProv.exe [2007-02-17 67072]
S3 sacsvr;Pomocník pro práci se speciální konzolou pro správu; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 SCardSvr;Smart Card; C:\WINDOWS\System32\SCardSvr.exe [2007-02-17 92160]
S3 SQLAgent$SHAREPOINT;SQLAgent$SHAREPOINT; C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlagent.EXE [2008-12-16 323584]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2002-12-17 311872]
S3 TrkWks;Klient služby sledování distribuovaných propojení; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 UMWdf;Sada ovladačů pro uživatelský režim systému Windows; C:\WINDOWS\system32\wdfmgr.exe [2007-02-17 39424]
S3 UPS;Nepřerušitelný zdroj napájení (UPS); C:\WINDOWS\System32\ups.exe [2006-06-05 16896]
S3 vds;Virtual Disk Service; C:\WINDOWS\System32\vds.exe [2007-02-17 353280]
S3 WinHttpAutoProxySvc;Služba WinHTTP WPAD; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 Wmi;Rozšíření ovladače WMI; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 WmiApSrv;Adaptér výkonu služby WMI; C:\WINDOWS\system32\wbem\wmiapsrv.exe [2007-02-17 127488]
S3 WSusCertServer;WSusCertServer; C:\Program Files\Update Services\Service\bin\WsusCertServer.exe [2008-01-23 69232]
S3 WZCSVC;Konfigurace bezdrátových zařízení; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 xmlprov;Služba pro síťová ustanovení; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S4 Alerter;Výstrahy; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 BlackBerry Database Consistency Service;BlackBerry Database Consistency Service; C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\bin\DBConsistency.exe [2008-07-16 2654340]
S4 ClipSrv;Síťová schránka; C:\WINDOWS\system32\clipsrv.exe [2006-06-05 32256]
S4 ImapiService;Služba modelu COM pro zápis na disk CD (IMAPI); C:\WINDOWS\system32\imapi.exe [2007-02-17 157184]
S4 IsmServ;Mezisíťové zasílání zpráv; C:\WINDOWS\System32\ismserv.exe [2007-02-17 40448]
S4 Messenger;Kurýrní služba; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 mnmsrvc;NetMeeting - Vzdálené sdílení plochy; C:\WINDOWS\system32\mnmsrvc.exe [2007-02-17 32768]
S4 MSExchangeMTA;Microsoft Exchange MTA Stacks; C:\Program Files\Exchsrvr\bin\emsmta.exe [2005-08-25 3592704]
S4 MSExchangeSRS;Microsoft Exchange Site Replication Service; C:\Program Files\Exchsrvr\bin\srsmain.exe [2005-08-25 339456]
S4 NetDDE;Služba DDE v síti; C:\WINDOWS\system32\netdde.exe [2007-02-17 111104]
S4 NetDDEdsdm;Správce DSDM služby DDE v síti; C:\WINDOWS\system32\netdde.exe [2007-02-17 111104]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NntpSvc;NNTP (Network News Transfer Protocol); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-02-17 14336]
S4 RasAuto;Správce automatického připojení pomocí vzdáleného přístupu; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 stisvc;Načítání obrázků (WIA); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 Themes;Motivy; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S4 TrkSvr;Server sledování distribuovaného propojení; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 Tssdis;Terminal Services Session Directory; C:\WINDOWS\System32\tssdis.exe [2007-02-17 71168]
S4 WmdmPmSN;Portable Media Serial Number Service; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]

-----------------EOF-----------------

[motji]

Dobré ranko
Můžu vidět log z mbamu?



Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT 

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

[dopa]

Zde je log MBAM:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 5304

Windows 5.2.3790 Service Pack 2
Internet Explorer 8.0.6001.18702

13.12.2010 20:16:00
mbam-log-2010-12-13 (20-16-00).txt

Typ kontroly: Úplný test (C:\|E:\|F:\|)
Testované objekty: 480070
Uplynulý čas: 8 hodin, 31 minut, 27 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 1
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[motji]

V mbamu to smažte a udělejte ten OTL

[dopa]

Logy OTL:

OTL.txt:

OTL logfile created on: 14.12.2010 8:54:53 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 26,00% Memory free
6,00 Gb Paging File | 3,00 Gb Available in Paging File | 48,00% Paging File free
Paging file location(s): e:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 11,72 Gb Total Space | 0,27 Gb Free Space | 2,26% Space Free | Partition Type: NTFS
Drive E: | 5,86 Gb Total Space | 2,84 Gb Free Space | 48,40% Space Free | Partition Type: NTFS
Drive F: | 215,17 Gb Total Space | 11,84 Gb Free Space | 5,50% Space Free | Partition Type: NTFS

Computer Name: SERVER | User Name: administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010.12.14 08:52:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory\OTL.exe
PRC - [2010.12.13 22:35:10 | 011,843,016 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory\windows-kb890830-v3.13.exe
PRC - [2010.11.02 16:47:12 | 000,082,376 | ---- | M] (Microsoft Corporation) -- f:\1b4a8507d003cd6f0febe041\mrtstub.exe
PRC - [2010.03.30 11:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010.03.05 10:57:50 | 000,081,920 | ---- | M] () -- f:\ASPI\aspiusrv.exe
PRC - [2009.05.28 18:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wins.exe
PRC - [2009.03.25 20:32:24 | 000,615,696 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009.02.17 09:19:33 | 000,449,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
PRC - [2008.11.24 21:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSMSI\SSEE\MSSQL.2005\MSSQL\Binn\sqlservr.exe
PRC - [2008.08.08 07:04:10 | 001,091,768 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2008.07.16 17:02:00 | 002,105,471 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\SyncServer\BlackBerrySyncServer.exe
PRC - [2008.07.16 17:02:00 | 001,060,982 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BypassRouter\BlackberryRouter.exe
PRC - [2008.07.16 17:01:52 | 000,749,703 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBAttachServer.exe
PRC - [2008.07.16 17:01:52 | 000,659,585 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
PRC - [2008.07.16 17:01:50 | 000,073,728 | ---- | M] (Research In Motion) -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\bin\bmds.exe
PRC - [2008.07.16 17:01:46 | 005,542,010 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryAgent.exe
PRC - [2008.07.16 17:01:46 | 000,884,864 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryController.exe
PRC - [2008.07.16 17:01:46 | 000,557,176 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BESAlert.exe
PRC - [2008.07.16 16:57:24 | 005,652,600 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\ITAdminServer.exe
PRC - [2008.07.16 16:57:22 | 002,621,574 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryDispatcher.exe
PRC - [2008.01.23 21:43:48 | 000,026,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Update Services\service\bin\wsusservice.exe
PRC - [2007.10.05 02:32:55 | 000,075,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe
PRC - [2007.10.05 02:32:54 | 000,251,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_14\bin\jucheck.exe
PRC - [2007.02.17 23:10:24 | 001,415,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe
PRC - [2007.02.17 23:10:00 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\llssrv.exe
PRC - [2007.02.17 06:07:22 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.02.17 06:06:10 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\certsrv.exe
PRC - [2007.02.17 06:04:20 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2007.02.17 06:02:38 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sbscrexe.exe
PRC - [2007.02.17 06:02:18 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2007.02.17 06:01:20 | 000,792,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe
PRC - [2007.02.17 06:01:16 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntbackup.exe
PRC - [2007.02.17 05:46:50 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\w3wp.exe
PRC - [2007.02.17 05:45:56 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsmsink.exe
PRC - [2007.02.17 05:43:52 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2007.02.17 05:43:14 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe
PRC - [2006.06.05 23:41:18 | 000,186,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2006.06.05 23:41:18 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
PRC - [2005.10.04 21:17:18 | 005,227,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\store.exe
PRC - [2005.08.25 19:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\mad.exe
PRC - [2005.08.25 19:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe
PRC - [2005.05.25 01:50:34 | 000,022,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows Small Business Server\Monitoring\wblogsvc.exe
PRC - [2005.05.25 01:43:16 | 000,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe
PRC - [2005.02.16 16:01:32 | 000,020,536 | ---- | M] (Apache Software Foundation) -- F:\xampplite\apache\bin\Apache.exe
PRC - [2005.02.14 14:27:34 | 003,497,984 | ---- | M] () -- F:\xampplite\mysql\bin\mysqld-nt.exe
PRC - [1999.02.13 21:02:00 | 000,008,464 | ---- | M] () -- c:\rinetd\Srvany.exe


========== Modules (SafeList) ==========

MOD - [2010.12.14 08:52:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory\OTL.exe
MOD - [2010.09.07 13:10:38 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_05FDF087\comctl32.dll
MOD - [2007.02.17 05:47:04 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WinHttpAutoProxySvc)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.03.05 10:57:50 | 000,081,920 | ---- | M] () [Auto | Running] -- f:\ASPI\aspiusrv.exe -- (Aspi Server)
SRV - [2009.05.28 18:14:55 | 000,157,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wins.exe -- (WINS)
SRV - [2009.02.17 09:19:33 | 000,449,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS)
SRV - [2008.11.24 21:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSMSI\SSEE\MSSQL.2005\MSSQL\Binn\sqlservr.exe -- (MSSQL$MICROSOFT##SSEE) Windows Internal Database (MICROSOFT##SSEE)
SRV - [2008.07.16 17:02:00 | 002,105,471 | ---- | M] (Research In Motion Limited) [Auto | Running] -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\SyncServer\BlackBerrySyncServer.exe -- (BlackBerry SyncServer)
SRV - [2008.07.16 17:02:00 | 001,060,982 | ---- | M] (Research In Motion Limited) [Auto | Running] -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BypassRouter\BlackberryRouter.exe -- (BlackBerry Router)
SRV - [2008.07.16 17:01:52 | 000,749,703 | ---- | M] (Research In Motion Limited) [Auto | Running] -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBAttachServer.exe -- (BBAttachServer)
SRV - [2008.07.16 17:01:50 | 002,654,340 | ---- | M] (Research In Motion Limited) [Disabled | Stopped] -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\bin\DBConsistency.exe -- (BlackBerry Database Consistency Service)
SRV - [2008.07.16 17:01:50 | 000,073,728 | ---- | M] (Research In Motion) [Auto | Running] -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\bin\bmds.exe -- (BlackBerry MDS Connection Service)
SRV - [2008.07.16 17:01:46 | 000,884,864 | ---- | M] (Research In Motion Limited) [Auto | Running] -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryController.exe -- (BlackBerry Controller)
SRV - [2008.07.16 17:01:46 | 000,557,176 | ---- | M] (Research In Motion Limited) [Auto | Running] -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BESAlert.exe -- (BlackBerry Server Alert)
SRV - [2008.07.16 16:57:24 | 005,652,600 | ---- | M] (Research In Motion Limited) [Auto | Running] -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\ITAdminServer.exe -- (BlackBerry Policy Service)
SRV - [2008.07.16 16:57:22 | 002,621,574 | ---- | M] (Research In Motion Limited) [Auto | Running] -- C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryDispatcher.exe -- (BlackBerry Dispatcher)
SRV - [2008.01.23 21:43:48 | 000,026,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Update Services\Service\bin\WsusService.exe -- (WsusService)
SRV - [2008.01.23 21:41:44 | 000,069,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Update Services\Service\bin\WsusCertServer.exe -- (WSusCertServer)
SRV - [2007.02.17 23:10:00 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007.02.17 06:06:10 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\certsrv.exe -- (CertSvc)
SRV - [2007.02.17 06:02:38 | 000,037,888 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\WINDOWS\system32\sbscrexe.exe -- (SBCore)
SRV - [2007.02.17 06:02:32 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007.02.17 06:01:20 | 000,792,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007.02.17 05:59:44 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007.02.17 05:43:56 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007.02.17 05:43:52 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) SMTP (Simple Mail Transfer Protocol)
SRV - [2007.02.17 05:43:52 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (RESvc)
SRV - [2007.02.17 05:43:52 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (POP3Svc)
SRV - [2007.02.17 05:43:52 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (NntpSvc) NNTP (Network News Transfer Protocol)
SRV - [2007.02.17 05:43:52 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2007.02.17 05:43:52 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IMAP4Svc)
SRV - [2007.02.17 05:43:52 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007.02.17 05:43:50 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2007.02.17 05:43:14 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2006.06.05 23:41:18 | 000,069,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH)
SRV - [2006.06.05 23:41:18 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2006.06.05 23:41:18 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
SRV - [2005.10.04 21:17:18 | 005,227,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\store.exe -- (MSExchangeIS)
SRV - [2005.08.25 19:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\mad.exe -- (MSExchangeSA)
SRV - [2005.08.25 19:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\exmgmt.exe -- (MSExchangeMGMT)
SRV - [2005.08.25 18:34:34 | 003,592,704 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Exchsrvr\bin\emsmta.exe -- (MSExchangeMTA)
SRV - [2005.08.25 18:29:52 | 000,339,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Exchsrvr\bin\srsmain.exe -- (MSExchangeSRS)
SRV - [2005.05.25 01:50:34 | 000,022,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows Small Business Server\Monitoring\wblogsvc.exe -- (WBLOGSVC)
SRV - [2005.05.25 01:43:16 | 000,033,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe -- (MSPOP3Connector)
SRV - [2005.02.16 16:01:32 | 000,020,536 | ---- | M] (Apache Software Foundation) [Auto | Running] -- F:\xampplite\apache\bin\Apache.exe -- (Apache2)
SRV - [2005.02.14 14:27:34 | 003,497,984 | ---- | M] () [Auto | Running] -- F:\xampplite\mysql\bin\mysqld-nt.exe -- (mysql)
SRV - [2003.06.03 08:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Exchsrvr\bin\events.exe -- (MSExchangeES)
SRV - [1999.02.13 21:02:00 | 000,008,464 | ---- | M] () [Auto | Running] -- c:\rinetd\Srvany.exe -- (srvany)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Unknown | Running] -- -- (setup_9.0.0.722_13.12.2010_10-22drv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Unknown | Running] -- -- (80856892)
DRV - File not found [Kernel | Disabled | Running] -- C:\WINDOWS\System32\DRIVERS\80856891.sys -- (80856891)
DRV - [2010.06.25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010.02.03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.10.22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\03621182.sys -- (03621182)
DRV - [2009.09.25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\03621181.sys -- (03621181)
DRV - [2007.02.17 06:00:32 | 000,177,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2007.02.17 05:45:02 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007.02.17 05:43:46 | 000,023,552 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\hpcisss.sys -- (hpcisss)
DRV - [2007.02.17 05:43:12 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver)
DRV - [2007.02.17 05:43:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\clusdisk.sys -- (ClusDisk)
DRV - [2007.02.17 05:42:42 | 000,043,520 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\arc.sys -- (arc)
DRV - [2006.10.03 12:15:00 | 000,158,208 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006.10.01 13:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2006.03.29 21:06:16 | 000,059,392 | ---- | M] (Kerio Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kvpndrv.sys -- (kvpndev)
DRV - [2005.10.11 11:13:54 | 000,177,152 | ---- | M] (LSI Logic Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MegaIDE.sys -- (MegaIDE)
DRV - [2005.08.25 17:29:06 | 000,196,192 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\exifs.sys -- (EXIFS)
DRV - [2005.03.24 18:56:54 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-238689707-2352026256-1297099887-1194\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-238689707-2352026256-1297099887-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
IE - HKU\S-1-5-21-238689707-2352026256-1297099887-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}:5.0.14

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.12 13:34:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.12 13:34:17 | 000,000,000 | ---D | M]

[2010.05.02 12:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2010.12.13 13:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\xbzd3d4m.default\extensions
[2010.10.25 15:19:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\xbzd3d4m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.14 10:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\xbzd3d4m.default\extensions\firebug@software.joehewitt.com
[2010.12.13 10:19:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.10.25 10:16:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
[2007.11.20 16:52:00 | 002,884,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2010.10.12 13:34:05 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.10.12 13:34:05 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.10.12 13:34:05 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.10.12 13:34:05 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.10.12 13:34:05 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2006.06.05 23:41:18 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-238689707-2352026256-1297099887-500..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\GuildFTPd FTP Deamon.lnk = C:\Program Files\GuildFTPd\GuildFTPd.exe File not found
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\setup_9.0.0.722_13.12.2010_10-22.lnk = F:\Virus Removal Tool1\setup_9.0.0.722_13.12.2010_10-22\startup.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\Správa serverů.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\_uninst_setup_9.0.0.722_18.10.2010_00-41.exe.lnk = C:\Documents and Settings\Administrator\Local Settings\Temp\1\_uninst_setup_9.0.0.722_18.10.2010_00-41.exe.bat File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-238689707-2352026256-1297099887-1194\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-238689707-2352026256-1297099887-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\NPJPI150_14.dll (Sun Microsystems, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 7427992464 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = smedjorgensen.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.12.27 14:10:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sacsvr - C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)
NetSvcs: TrkSvr - C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
SystemRestore not available.

========== Files/Folders - Created Within 30 Days ==========

[2010.12.14 07:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Temp
[2010.12.14 07:35:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google
[2010.12.14 07:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.12.14 07:07:00 | 000,000,000 | ---D | C] -- C:\rsit
[2010.12.13 16:46:20 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\0362118.sys
[2010.12.13 16:46:20 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\03621181.sys
[2010.12.13 16:46:20 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\03621182.sys
[2010.12.13 14:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\LogMeIn Hamachi
[2010.12.13 14:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010.12.13 13:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Hamachi
[2010.12.13 13:38:56 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys
[2010.12.13 10:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
[2010.12.13 10:33:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.12.13 10:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.12.13 10:33:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.12.13 10:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.12.13 10:20:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.12.14 08:59:00 | 000,000,670 | ---- | M] () -- C:\WINDOWS\tasks\Úloha synchronizace služby Update Services.job
[2010.12.14 08:52:17 | 000,045,628 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa
[2010.12.14 08:49:56 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\Shromáždit data o výkonu serveru.job
[2010.12.14 08:41:09 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-238689707-2352026256-1297099887-500UA.job
[2010.12.14 08:29:04 | 000,000,662 | ---- | M] () -- C:\WINDOWS\tasks\Úloha automatického schválení služby Update Services.job
[2010.12.14 07:46:09 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Google Chrome.lnk
[2010.12.14 07:40:04 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-238689707-2352026256-1297099887-500Core.job
[2010.12.14 07:36:15 | 000,065,536 | ---- | M] () -- C:\WINDOWS\NETLOGON.CHG
[2010.12.14 07:02:14 | 000,000,754 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{756783ac-95b0-11db-b2da-806e6f6e6963}.job
[2010.12.14 06:02:02 | 000,000,562 | ---- | M] () -- C:\WINDOWS\tasks\Small Business Server - Server Status Report - Zpráva o výkonu serveru.job
[2010.12.14 05:12:41 | 000,005,910 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010.12.14 05:06:09 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\Shromáždit data o využití.job
[2010.12.13 21:51:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\-1
[2010.12.13 20:00:00 | 000,000,824 | ---- | M] () -- C:\WINDOWS\tasks\ZalohaNT.job
[2010.12.13 18:29:03 | 000,000,796 | ---- | M] () -- C:\WINDOWS\tasks\Úloha konfigurace služby Update Services.job
[2010.12.13 17:02:24 | 000,001,229 | ---- | M] () -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\setup_9.0.0.722_13.12.2010_10-22.lnk
[2010.12.13 16:38:53 | 000,005,396 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.12.13 10:34:00 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.12.06 06:30:22 | 000,000,576 | ---- | M] () -- C:\WINDOWS\tasks\Small Business Server - Server Status Report - Zpráva o využití serveru.job
[2010.12.04 22:10:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.11.15 18:43:03 | 001,140,268 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.15 18:43:02 | 001,146,878 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.11.15 18:43:02 | 000,359,968 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.11.15 18:43:02 | 000,337,154 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.15 18:41:08 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.12.14 07:46:09 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Google Chrome.lnk
[2010.12.14 07:36:11 | 000,001,058 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-238689707-2352026256-1297099887-500UA.job
[2010.12.14 07:35:58 | 000,001,006 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-238689707-2352026256-1297099887-500Core.job
[2010.12.13 21:51:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\-1
[2010.12.13 17:02:24 | 000,001,229 | ---- | C] () -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\setup_9.0.0.722_13.12.2010_10-22.lnk
[2010.12.13 10:34:00 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.07.07 14:14:11 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\swscale-0.7.2.dll
[2010.07.07 14:14:10 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\avformat-52.46.0.dll
[2010.07.07 14:14:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\avutil-50.7.0.dll
[2010.07.07 14:14:10 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\avdevice-52.2.0.dll
[2010.07.07 14:14:09 | 000,877,056 | ---- | C] () -- C:\WINDOWS\System32\avcodec-52.45.0.dll
[2010.07.07 14:14:09 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\AVC_AP_JPEG.dll
[2010.07.07 14:14:09 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\AVC_AP_SCALE.dll
[2010.07.07 14:14:02 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\swscale-0.dll
[2010.07.07 14:14:02 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\avformat-52.dll
[2010.07.07 14:14:02 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\avutil-50.dll
[2010.07.07 14:14:02 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\avdevice-52.dll
[2010.07.07 14:14:01 | 000,877,568 | ---- | C] () -- C:\WINDOWS\System32\avcodec-52.dll
[2010.07.07 14:14:01 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\Deinterlace.dll
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.11.10 11:17:11 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AVC_AP_H264.dll
[2009.11.10 11:16:51 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\AVC_JPEG.dll
[2009.11.10 11:16:50 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AVC_H264.dll
[2008.04.22 11:18:31 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2007.05.19 19:24:09 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\PUTTY.RND
[2007.01.27 23:40:02 | 000,000,534 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2007.01.02 12:35:05 | 000,000,062 | ---- | C] () -- C:\WINDOWS\my.ini
[2007.01.02 12:28:51 | 000,002,171 | ---- | C] () -- C:\WINDOWS\my.ini.old
[2006.12.28 18:40:25 | 000,001,364 | ---- | C] () -- C:\WINDOWS\LMAAG2DD.ini
[2006.12.27 19:43:09 | 000,011,964 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2006.12.27 18:50:44 | 000,005,396 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006.12.27 18:28:28 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\fusioncache.dat
[2006.12.27 16:07:53 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
[2006.12.27 15:37:34 | 000,003,526 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006.12.27 15:26:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2006.12.27 15:25:57 | 000,035,920 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini
[2006.12.27 15:19:58 | 000,024,120 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
[2006.12.27 15:16:32 | 000,004,626 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2006.12.27 14:54:50 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.12.27 14:03:51 | 000,044,291 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006.12.27 14:03:51 | 000,002,069 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006.12.27 14:03:18 | 000,078,484 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2006.12.27 14:03:18 | 000,015,645 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2006.12.27 14:03:16 | 000,018,184 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2006.06.05 23:41:18 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2006.06.05 23:41:18 | 000,051,600 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2006.06.05 23:41:18 | 000,039,968 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2006.06.05 23:41:18 | 000,022,854 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2006.06.05 23:41:18 | 000,022,725 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2006.06.05 23:41:18 | 000,010,209 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini

========== LOP Check ==========

[2007.01.07 15:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Kerio
[2009.04.18 12:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Research In Motion
[2010.12.14 06:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Wireshark
[2010.06.16 08:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.04.18 11:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blackberry\Data aplikací\Research In Motion
[2010.12.14 06:04:00 | 000,032,490 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
[2010.12.14 07:02:14 | 000,000,754 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{756783ac-95b0-11db-b2da-806e6f6e6963}.job
[2010.12.14 05:06:09 | 000,000,484 | ---- | M] () -- C:\WINDOWS\Tasks\Shromáždit data o využití.job
[2010.12.14 08:49:56 | 000,000,504 | ---- | M] () -- C:\WINDOWS\Tasks\Shromáždit data o výkonu serveru.job
[2010.12.06 06:30:22 | 000,000,576 | ---- | M] () -- C:\WINDOWS\Tasks\Small Business Server - Server Status Report - Zpráva o využití serveru.job
[2010.12.14 06:02:02 | 000,000,562 | ---- | M] () -- C:\WINDOWS\Tasks\Small Business Server - Server Status Report - Zpráva o výkonu serveru.job
[2010.12.13 20:00:00 | 000,000,824 | ---- | M] () -- C:\WINDOWS\Tasks\ZalohaNT.job
[2010.12.14 08:29:04 | 000,000,662 | ---- | M] () -- C:\WINDOWS\Tasks\Úloha automatického schválení služby Update Services.job
[2010.12.13 18:29:03 | 000,000,796 | ---- | M] () -- C:\WINDOWS\Tasks\Úloha konfigurace služby Update Services.job
[2010.12.14 09:04:02 | 000,000,670 | ---- | M] () -- C:\WINDOWS\Tasks\Úloha synchronizace služby Update Services.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2007.02.17 05:43:06 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Google Update" = "C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c -- [2010.12.14 07:35:37 | 000,136,176 | ---- | M] (Google Inc.)

< c:\windows\*.* /U >
[9 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2007.02.17 23:11:30 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\msizap.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008.02.06 18:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Adobe
[2010.12.13 14:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Hamachi
[2007.04.26 11:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Help
[2006.12.27 14:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Identities
[2007.01.07 15:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Kerio
[2008.02.06 18:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
[2010.12.13 10:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
[2008.05.12 15:45:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2010.05.02 12:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
[2009.04.18 12:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Research In Motion
[2007.11.27 10:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Sun
[2009.03.05 11:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\WinRAR
[2010.12.14 06:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Wireshark

< %APPDATA%\*.exe /s >


< MD5 for: AGP440.SYS >
[2006.06.05 23:41:18 | 014,236,855 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:AGP440.sys
[2007.02.17 23:16:10 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2007.02.17 23:16:10 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2007.02.17 05:42:40 | 000,044,032 | ---- | M] (Microsoft Corporation) MD5=B9985042687A43685FC64B282B627653 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2007.02.17 06:58:53 | 000,044,032 | ---- | M] (Microsoft Corporation) MD5=B9985042687A43685FC64B282B627653 -- C:\WINDOWS\SoftwareDistribution\Download\aab131abb1def7f2959dd6227dab4418\agp440.sys

< MD5 for: ATAPI.SYS >
[2006.06.05 23:41:18 | 014,236,855 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2007.02.17 23:16:10 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2007.02.17 23:16:10 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2007.02.17 05:42:44 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=FF953A8F08CA3F822127654375786BBE -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2007.02.17 07:07:35 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=FF953A8F08CA3F822127654375786BBE -- C:\WINDOWS\SoftwareDistribution\Download\aab131abb1def7f2959dd6227dab4418\atapi.sys
[2007.02.17 05:42:44 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=FF953A8F08CA3F822127654375786BBE -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CDROM.SYS >
[2006.06.05 23:41:18 | 014,236,855 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2007.02.17 23:16:10 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2007.02.17 23:16:10 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2007.02.17 05:42:56 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=825AA877A852ECC731FA0C39C8C37744 -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2007.02.17 07:07:50 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=825AA877A852ECC731FA0C39C8C37744 -- C:\WINDOWS\SoftwareDistribution\Download\aab131abb1def7f2959dd6227dab4418\cdrom.sys
[2007.02.17 05:42:56 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=825AA877A852ECC731FA0C39C8C37744 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2007.02.17 06:06:42 | 000,056,320 | ---- | M] (Společnost Microsoft) MD5=0DB8AE9DB459A146788E32F4B0DAFF83 -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2007.02.17 16:44:30 | 000,056,320 | ---- | M] (Společnost Microsoft) MD5=0DB8AE9DB459A146788E32F4B0DAFF83 -- C:\WINDOWS\SoftwareDistribution\Download\aab131abb1def7f2959dd6227dab4418\cryptsvc.dll
[2007.02.17 06:06:42 | 000,056,320 | ---- | M] (Společnost Microsoft) MD5=0DB8AE9DB459A146788E32F4B0DAFF83 -- C:\WINDOWS\system32\cryptsvc.dll
[2007.02.17 06:06:42 | 000,056,320 | ---- | M] (Společnost Microsoft) MD5=0DB8AE9DB459A146788E32F4B0DAFF83 -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2007.02.17 06:07:20 | 000,068,608 | ---- | M] (Microsoft Corporation) MD5=0BC23215395B93E3F9FBC035192BEDE1 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2007.02.17 16:44:50 | 000,068,608 | ---- | M] (Microsoft Corporation) MD5=0BC23215395B93E3F9FBC035192BEDE1 -- C:\WINDOWS\SoftwareDistribution\Download\aab131abb1def7f2959dd6227dab4418\eventlog.dll
[2007.02.17 06:07:20 | 000,068,608 | ---- | M] (Microsoft Corporation) MD5=0BC23215395B93E3F9FBC035192BEDE1 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2007.02.17 06:07:20 | 000,068,608 | ---- | M] (Microsoft Corporation) MD5=0BC23215395B93E3F9FBC035192BEDE1 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2007.02.17 06:07:22 | 001,054,208 | ---- | M] (Microsoft Corporation) MD5=8A981A02DCAEAF5CDCCBB23924322B19 -- C:\WINDOWS\explorer.exe
[2007.02.17 06:07:22 | 001,054,208 | ---- | M] (Microsoft Corporation) MD5=8A981A02DCAEAF5CDCCBB23924322B19 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.02.17 16:47:44 | 001,054,208 | ---- | M] (Microsoft Corporation) MD5=8A981A02DCAEAF5CDCCBB23924322B19 -- C:\WINDOWS\SoftwareDistribution\Download\aab131abb1def7f2959dd6227dab4418\explorer.exe
[2007.02.17 06:07:22 | 001,054,208 | ---- | M] (Microsoft Corporation) MD5=8A981A02DCAEAF5CDCCBB23924322B19 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2006.06.05 23:41:18 | 014,236,855 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2007.02.17 23:16:10 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2007.02.17 23:16:10 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2007.02.17 05:43:42 | 000,109,568 | ---- | M] (Microsoft Corporation) MD5=AAEB2584E1C36F2B23523FD3BBE86009 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2007.02.17 06:48:32 | 000,109,568 | ---- | M] (Microsoft Corporation) MD5=AAEB2584E1C36F2B23523FD3BBE86009 -- C:\WINDOWS\SoftwareDistribution\Download\aab131abb1def7f2959dd6227dab4418\hal.dll
[2007.02.17 05:43:42 | 000,119,808 | ---- | M] (Microsoft Corporation) MD5=E209A057AB4D30EABF19CA71FE36A6B6 -- C:\WINDOWS\system32\HAL.DLL

< MD5 for: CHANGER.SYS >
[2006.06.05 23:41:18 | 014,236,855 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:Changer.sys
[2007.02.17 23:16:10 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2007.02.17 23:16:10 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2007.02.17 05:42:58 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=B6B2B04E34F0644450F4C28A5DF63B01 -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2007.02.17 07:08:19 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=B6B2B04E34F0644450F4C28A5DF63B01 -- C:\WINDOWS\SoftwareDistribution\Download\aab131abb1def7f2959dd6227dab4418\changer.sys

< MD5 for: ISAPNP.SYS >
[2007.02.17 23:16:10 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:isapnp.sys
[2007.02.17 23:16:10 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:isapnp.sys
[2007.02.17 06:04:10 | 000,038,912 | ---- | M] (Microsoft Corporation) MD5=594B3575841CCE2D61FB1378D4D21C4B -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2007.02.17 16:04:08 | 000,038,912 | ---- | M] (Microsoft Corporation) MD5=594B3575841CCE2D61FB1378D4D21C4B -- C:\WINDOWS\SoftwareDistribution\Download\aab131abb1def7f2959dd6227dab4418\isapnp.sys
[2007.02.17 06:04:10 | 000,038,912 | ---- | M] (Microsoft Corporation) MD5=594B3575841CCE2D61FB1378D4D21C4B -- C:\WINDOWS\system32\drivers\isapnp.sys
[2006.06.05 23:41:18 | 000,037,888 | ---- | M] (Microsoft Corporation) MD5=BF676ED0555DD290C3F39B7457344B93 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2006.06.05 23:41:18 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=AB43A68417864C942222BC64CE5932B3 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2006.06.05 23:41:18 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=AB43A68417864C942222BC64CE5932B3 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2007.02.17 05:45:00 | 000,210,432 | ---- | M] (Microsoft Corporation) MD5=33739AB31D36184772AF1EE132D5C2E2 -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2007.02.17 07:29:57 | 000,210,432 | ---- | M] (Microsoft Corporation) MD5=33739AB31D36184772AF1EE132D5C2E2 -- C:\WINDOWS\SoftwareDistribution\Download\aab131abb1def7f2959dd6227dab4418\ndis.sys
[2007.02.17 05:45:00 | 000,210,432 | ---- | M] (Microsoft Corporation) MD5=33739AB31D36184772AF1EE132D5C2E2 -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2007.02.17 06:05:36 | 000,431,104 | ---- | M] (Microsoft Corporation) MD5=EBBB6B80D84736D6E5D7F79BC777B9A9 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2007.02.17 16:45:43 | 000,431,104 | ---- | M] (Microsoft Corporation) MD5=EBBB6B80D84736D6E5D7F79BC777B9A9 -- C:\WINDOWS\SoftwareDistribution\Download\aab131abb1def7f2959dd6227dab4418\netlogon.dll
[2007.02.17 06:05:36 | 000,431,104 | ---- | M] (Microsoft Corporation) MD5=EBBB6B80D84736D6E5D7F79BC777B9A9 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2007.02.17 06:05:36 | 000,431,104 | ---- | M] (Microsoft Corporation) MD5=EBBB6B80D84736D6E5D7F79BC777B9A9 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2007.02.17 06:02:40 | 000,195,072 | ---- | M] (Microsoft Corporation) MD5=A1D694FAC77753536E8D7FD87EABE5CB -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2007.02.17 16:46:19 | 000,195,072 | ---- | M] (Microsoft Corporation) MD5=A1D694FAC77753536E8D7FD87EABE5CB -- C:\WINDOWS\SoftwareDistribution\Download\aab131abb1def7f2959dd6227dab4418\scecli.dll
[2007.02.17 06:02:40 | 000,195,072 | ---- | M] (Microsoft Corporation) MD5=A1D694FAC77753536E8D7FD87EABE5CB -- C:\WINDOWS\system32\dllcache\scecli.dll
[2007.02.17 06:02:40 | 000,195,072 | ---- | M] (Microsoft Corporation) MD5=A1D694FAC77753536E8D7FD87EABE5CB -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2007.02.17 05:46:00 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=96DB9FDEDA11EBAB8BCFE72AA90DE632 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2007.02.17 16:48:09 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=96DB9FDEDA11EBAB8BCFE72AA90DE632 -- C:\WINDOWS\SoftwareDistribution\Download\aab131abb1def7f2959dd6227dab4418\smss.exe
[2007.02.17 05:46:00 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=96DB9FDEDA11EBAB8BCFE72AA90DE632 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2007.02.17 05:46:26 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=979D1325D4A7E827638991D3CDDB497A -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2007.02.17 16:48:10 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=979D1325D4A7E827638991D3CDDB497A -- C:\WINDOWS\SoftwareDistribution\Download\aab131abb1def7f2959dd6227dab4418\svchost.exe
[2007.02.17 05:46:26 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=979D1325D4A7E827638991D3CDDB497A -- C:\WINDOWS\system32\dllcache\svchost.exe
[2007.02.17 05:46:26 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=979D1325D4A7E827638991D3CDDB497A -- C:\WINDOWS\system32\svchost.exe

< MD5 for: SYMMPI.SYS >
[2006.06.05 23:41:18 | 014,236,855 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:symmpi.sys
[2007.02.17 23:16:10 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:symmpi.sys
[2007.02.17 23:16:10 | 016,239,805 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:symmpi.sys
[2007.02.17 05:46:26 | 000,049,664 | ---- | M] (LSI Logic) MD5=868204832E011E2D64281D7EABEE572E -- C:\WINDOWS\ServicePackFiles\i386\symmpi.sys
[2007.02.17 07:14:59 | 000,049,664 | ---- | M] (LSI Logic) MD5=868204832E011E2D64281D7EABEE572E -- C:\WINDOWS\SoftwareDistribution\Download\aab131abb1def7f2959dd6227dab4418\symmpi.sys

< MD5 for: TCPIP.SYS >
[2009.08.15 10:57:09 | 000,393,216 | ---- | M] (Microsoft Corporation) MD5=238DC2B879D1B37B91F8D5D44F3815D3 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2009.08.15 10:57:09 | 000,393,216 | ---- | M] (Microsoft Corporation) MD5=238DC2B879D1B37B91F8D5D44F3815D3 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2009.08.15 09:27:57 | 000,400,896 | ---- | M] (Microsoft Corporation) MD5=2617E35A208F1570D6928C13E63019FF -- C:\WINDOWS\$hf_mig$\KB967723\SP2QFE\tcpip.sys
[2008.06.20 12:01:56 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=2639B8D757793C4BF30B237C8FEF877C -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.06.20 12:01:56 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=2639B8D757793C4BF30B237C8FEF877C -- C:\WINDOWS\$hf_mig$\KB961063\SP2QFE\tcpip.sys
[2007.02.17 05:46:26 | 000,383,488 | ---- | M] (Microsoft Corporation) MD5=76788FA017C0FD42E32D21555AB4FD89 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2007.02.17 07:29:42 | 000,383,488 | ---- | M] (Microsoft Corporation) MD5=76788FA017C0FD42E32D21555AB4FD89 -- C:\WINDOWS\SoftwareDistribution\Download\aab131abb1def7f2959dd6227dab4418\tcpip.sys

< MD5 for: USERINIT.EXE >
[2007.02.17 05:59:56 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=65DED424F5F46CF4073D656AC853CE3C -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2007.02.17 16:48:13 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=65DED424F5F46CF4073D656AC853CE3C -- C:\WINDOWS\SoftwareDistribution\Download\aab131abb1def7f2959dd6227dab4418\userinit.exe
[2007.02.17 05:59:56 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=65DED424F5F46CF4073D656AC853CE3C -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2007.02.17 06:00:26 | 000,528,384 | ---- | M] (Microsoft Corporation) MD5=06B5C31D008FACD5B33C5EF7C1AE4DE0 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2007.02.17 16:48:16 | 000,528,384 | ---- | M] (Microsoft Corporation) MD5=06B5C31D008FACD5B33C5EF7C1AE4DE0 -- C:\WINDOWS\SoftwareDistribution\Download\aab131abb1def7f2959dd6227dab4418\winlogon.exe
[2007.02.17 06:00:26 | 000,528,384 | ---- | M] (Microsoft Corporation) MD5=06B5C31D008FACD5B33C5EF7C1AE4DE0 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2007.02.17 06:00:26 | 000,528,384 | ---- | M] (Microsoft Corporation) MD5=06B5C31D008FACD5B33C5EF7C1AE4DE0 -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2007.02.17 05:47:10 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=0388CBD8E2E0575AC917C8419E263416 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2007.02.17 16:47:23 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=0388CBD8E2E0575AC917C8419E263416 -- C:\WINDOWS\SoftwareDistribution\Download\aab131abb1def7f2959dd6227dab4418\ws2_32.dll
[2007.02.17 05:47:10 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=0388CBD8E2E0575AC917C8419E263416 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2007.02.17 05:47:10 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=0388CBD8E2E0575AC917C8419E263416 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007.02.17 05:43:26 | 000,031,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\eventcls.dll
[2010.03.09 14:25:11 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006.12.27 14:51:51 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.12.27 14:51:51 | 000,745,472 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.12.27 14:51:51 | 000,499,712 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2007.02.17 05:43:26 | 000,031,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\eventcls.dll
[2010.03.09 14:25:11 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
No captured output from command...

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
No captured output from command...

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
No captured output from command...

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.12.13 21:51:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\-1
[2010.12.14 09:40:13 | 008,108,350 | ---- | M] () -- C:\WINDOWS\system32\hmdebug.log
[2010.12.14 09:22:17 | 000,045,628 | ---- | M] () -- C:\WINDOWS\system32\licstr.cpa
[2010.12.14 05:12:41 | 000,005,910 | ---- | M] () -- C:\WINDOWS\system32\mapisvc.inf
[2010.12.14 09:40:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

[dopa]

EXTRAS.txt


OTL Extras logfile created on: 14.12.2010 8:54:53 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 26,00% Memory free
6,00 Gb Paging File | 3,00 Gb Available in Paging File | 48,00% Paging File free
Paging file location(s): e:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 11,72 Gb Total Space | 0,27 Gb Free Space | 2,26% Space Free | Partition Type: NTFS
Drive E: | 5,86 Gb Total Space | 2,84 Gb Free Space | 48,40% Space Free | Partition Type: NTFS
Drive F: | 215,17 Gb Total Space | 11,84 Gb Free Space | 5,50% Space Free | Partition Type: NTFS

Computer Name: SERVER | User Name: administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-238689707-2352026256-1297099887-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05DEE64C-B63B-495A-B36C-4277663FAAA0}" = Aplikace ActiveSync pro Windows Small Business Server
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{108BE742-0564-4734-AE54-74F81263FB04}" = Správa licencí serveru Windows Small Business Server
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2C0D7E35-EE6E-4DC7-BA13-2C68AEDEB59D}" = Microsoft Windows Server Update Services 3.0 SP1
"{3248F0A8-6813-11D6-A77B-00B0D0150140}" = J2SE Runtime Environment 5.0 Update 14
"{35AB24D1-8D47-46DB-99FA-F762E10C7FF6}" = BlackBerry Professional Software for Microsoft Exchange
"{37A59E85-010A-49D3-BA1C-A9CDCF065033}" = BlackBerry Desktop Software 4.7
"{3CE06D54-72B1-44B2-AB60-E4277EC80EF4}" = Microsoft XML Parser
"{3CF8BDBC-DA0F-45FA-A4B9-3A31CCE774E9}" = Zálohování serveru Windows Small Business Server
"{53BE2241-531B-49FB-B03D-06C377179548}" = Klientská aplikace IE serveru Windows Small Business Server
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5546F70C-0437-44EE-A923-7C23E6EFF689}" = Windows Small Business Server Monitoring
"{65657C59-23A8-4974-B8E0-BA04EBD04E4F}" = Microsoft SQL Server Desktop Engine (SHAREPOINT)
"{671E4E4D-4798-4F66-9C9E-C5762E73179E}" = Microsoft XML Parser
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7FB55E52-C72D-4165-85D0-383ED3D7253F}" = Windows Small Business Server Client Setup
"{8952E993-139E-4E71-881F-DD40E4DB8F81}" = Windows Small Business Server Admin
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{91710409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
"{9189BADC-23A7-487D-B206-AD3A89A4F45D}" = Fax serveru Windows Small Business Server
"{91B90409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
"{A2B40ABC-025A-4389-8148-86CED357B259}" = Služba Microsoft Connector for POP3 Mailboxes
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A34AC564-B4A3-4D45-B969-403BC39F0E6A}" = Microsoft .NET Framework 1.1 -- Device Update 4.0
"{A5E98C65-585A-45AB-BFC3-8555305B9929}" = Dokumenty serveru Windows Small Business Server
"{B58E39B9-12E2-4E9B-A01B-9B896C6A52A8}" = Připojení serveru Windows Small Business Server
"{B7300824-E68F-45F1-BAC1-5F15636C346F}" = Microsoft SQL Server Desktop Engine (SBSMonitoring)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C293E1D0-8085-4830-B806-1BA0FEF9C4A4}" = Výkon klienta serveru Windows Small Business Server
"{C73E81BF-432C-44E2-831D-F46081CA6E28}" = Vzdálený portál serveru Windows Small Business Server
"{CA3553E0-191B-4E2F-AD3C-82E33CB9D4E4}" = Microsoft Group Policy Management Console with SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB}" = Windows Internal Database (MICROSOFT##SSEE)
"{D846DDEE-EDF2-445F-96A4-175544202D32}" = Konfigurace faxu Windows Small Business Server
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E0AF53C1-C734-4D68-898E-B506CA921141}" = Windows Small Business Server Update Services
"{E721BEC1-887A-4D26-BE10-7E0336B7CAC7}" = Windows Small Business Server Common
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{F07F0BCD-5C6D-4499-9F05-6ED747078A72}" = Windows Support Tools
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5717D53E-DD6D-4d1e-8A1F-C7BE620F65AA" = Windows Small Business Server 2003
"BlackBerry_{37A59E85-010A-49D3-BA1C-A9CDCF065033}" = BlackBerry Desktop Software 4.7
"ie8" = Windows Internet Explorer 8
"Lexmark Printer Software Uninstall" = Lexmark Printer Software Uninstall
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Health Monitor 2.1" = Microsoft Health Monitor 2.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Windows Server Update Services 3.0 SP1" = Microsoft Windows Server Update Services 3.0 SP1
"MMC30Core" = Konzola Microsoft Management Console 3.0
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"RealVNC_is1" = VNC Free Edition 4.1.2
"Small Business Server 2003 R2" = Windows Small Business Server 2003 R2
"Totalcmd" = Total Commander (Remove or Repair)
"Video Viewer" = Video Viewer
"WIC" = Windows Imaging Component
"Windows Internal Database" = Windows Internal Database
"Windows Server 2003 Service Pack" = Windows Server 2003 Service Pack 2
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR
"Wireshark" = Wireshark 1.4.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-238689707-2352026256-1297099887-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

[JaRon]

Drive C: | 11,72 Gb Total Space | 0,27 Gb Free Space
na toto bacha - inac akoby som tu ani nebol

[dopa]

vím, to ze zadělalo přes noc. Večer budu přerozdělovat oddíly... díky

[dopa]

resp. to jsem zadělal přes noc ne samo

[motji]

Já se omlouvám,, přišla mi tchýně

aronkovi děkuju za připomínku, já Vám to zapoměla napsat

Budu se chvilku ptát, ty Vaše servery mi dávají zabrat
Tohle znáte?
C:\WINDOWS\system32\-1
C:\WINDOWS\System32\mapisvc.inf

Jste si jistý, že spamuje tento počítač?

[dopa]

já vím, se omlouvám, ale bohužel nejsem schopen to nějak sám vyřešit. Víc hlav, víc ví
ani jeden neznám..

přiznám se, že jistý si nejsem, ale měl jsem puštěný sniffer a na lokální sítovce žádná komunikace přes port 25.. jenže ono ani na netové sítovce. Skenoval jsem pouze 25, pak jsem jí směrem ven zakázal. jistý si teda nejsem. Nicméně v tu dobu, co to zřejmě SPAMovalo, byly všechny PC vypnuty.

[dopa]

kecám
mapisvc.inf znám.. Mapisvc.inf uchovává položky dostupných služeb MAPI v určitém počítači... souvisí s Exchange

[motji]

A můžete se prosím do té složky kouknout?
C:\WINDOWS\system32\-1

[dopa]

tak složka tam není už...
tak to je divný tohleto. byla tam složka s názvem -1.. prázdná..
ale souboru -1 jsem si nevšiml... má nulovou velikost