Prosím o kontrolu
Napsal: 19 bře 2011 00:00
Zdravím, dnes jsem spustil pc a už nenaběhlo, vyskočila tato hláška že chybí soubor <windows root>\system32\hal.dll, po vypátrání a zkopírování správného souboru do systému system naběhl, ale požadoval heslo k účtu, které jsem neměl navoleno. Po změně hesla přes HirensBoot a zrušení system naběhl.
Tak jsem pro jistotu v nouzáku (protože v normálním režimu nechtěl běhat), spustil combofix, prosím tímto o kontrolu logu, zdali není v pc nějaký virus.
ComboFix 11-03-17.02 - Administrator 18.03.2011 17:16:34.2.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1622 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\super.exe
AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
ADS - WINDOWS: deleted 128 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Data aplikací\Mikrotik
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\advtool.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\advtool.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\dhcp.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\dhcp.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\hotspot.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\hotspot.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\ntp.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\ntp.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\pim.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\pim.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\ppp.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\ppp.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\radlan.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\radlan.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\roteros.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\roteros.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\roting2.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\roting2.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\secure.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\secure.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\stp.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\stp.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\sync.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\sync.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\system.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\system.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\wlan4.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\wlan4.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\xen.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\xen.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\winbox.cfg
c:\documents and settings\All Users\Data aplikací\mazuki.dll
c:\documents and settings\All Users\ntuser.pol
c:\knihajizd4_0\KnihaJizd4_0.exe
c:\zivnostnik\zivnostnik.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-18 do 2011-03-18 )))))))))))))))))))))))))))))))
.
.
2011-03-18 16:42 . 2011-03-18 16:42 95744 ----a-w- c:\windows\system32\rnpasswd.exe
2011-03-18 15:53 . 2011-03-18 15:53 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-18 15:50 . 2008-04-13 22:01 105344 ----a-w- c:\windows\system32\OLD10.tmp
2011-03-18 15:50 . 2010-12-09 15:14 2071552 ----a-w- c:\windows\system32\OLDC.tmp
2011-03-18 15:50 . 2010-12-09 15:14 2194944 ----a-w- c:\windows\system32\OLD9.tmp
2011-03-18 12:12 . 2008-04-13 22:01 105344 ----a-w- c:\windows\system32\hal(2).dll
2011-03-12 12:13 . 2011-03-12 12:13 -------- d-----w- c:\program files\SEOSurf
2011-03-11 23:34 . 2011-03-12 00:21 -------- d-----w- c:\documents and settings\Administrator\PsiData
2011-03-11 23:34 . 2011-03-11 23:34 -------- d-----w- c:\program files\Psi
2011-03-11 23:07 . 2011-03-11 23:07 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\AKVIS LLC
2011-03-11 19:04 . 2011-03-11 19:04 -------- d-----w- c:\program files\AdultPDF
2011-03-11 18:53 . 2011-03-11 19:00 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\SolidDocuments
2011-03-11 18:37 . 2010-12-21 21:17 18752 ----a-w- c:\windows\system32\solidlocalui.dll
2011-03-11 18:37 . 2010-12-21 21:17 27456 ----a-w- c:\windows\system32\solidlocalmon.dll
2011-03-11 18:36 . 2011-03-11 18:55 -------- d-----w- c:\program files\SolidDocuments
2011-03-11 18:36 . 2011-03-11 18:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SolidDocuments
2011-03-06 22:13 . 2011-03-06 22:13 -------- d-----w- c:\program files\Aplikace MB
2011-03-06 14:16 . 2011-03-06 14:16 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\mojosoft
2011-03-06 14:16 . 2011-03-06 14:16 -------- d-----w- c:\program files\mojosoft
2011-03-06 10:44 . 2011-03-06 10:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Protexis
2011-03-06 10:43 . 2011-03-06 10:44 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Corel
2011-03-06 10:36 . 2011-03-06 10:36 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2011-03-06 10:34 . 2011-03-06 10:34 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2011-03-06 10:31 . 2011-03-06 10:31 416 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-03-06 10:25 . 2011-03-06 10:25 -------- d-----w- c:\program files\Microsoft SDKs
2011-03-06 10:25 . 2011-03-06 10:28 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2011-03-06 10:21 . 2011-03-06 10:21 -------- d-----w- c:\program files\Common Files\Corel
2011-03-06 10:16 . 2011-03-06 10:16 -------- d-----w- c:\program files\Common Files\Protexis
2011-03-06 10:16 . 2011-03-06 10:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Corel
2011-03-06 10:02 . 2011-03-06 10:02 -------- d-----w- c:\program files\Corel
2011-02-28 23:18 . 2011-02-28 23:18 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Anvsoft
2011-02-28 23:16 . 2011-02-28 23:16 -------- d-----w- c:\program files\AnvSoft
2011-02-28 22:50 . 2011-01-24 12:00 72220672 ----a-w- c:\program files\PFMPtU.exe
2011-02-28 20:33 . 2005-05-24 14:37 454656 ----a-w- c:\program files\Barvy.exe
2011-02-21 16:23 . 2011-02-21 16:45 -------- d-----w- c:\documents and settings\Administrator\.gimp-2.6
2011-02-19 15:31 . 2011-02-19 15:31 -------- d-----w- c:\windows\Downloaded Installations
2011-02-17 16:59 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-17 16:57 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 10:24 . 2011-02-12 13:23 81920 ---ha-w- c:\windows\system32\v3shrtkgn.dll
2011-02-09 13:53 . 2008-04-14 05:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 05:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-03-20 21:48 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-02-01 20:12 . 2010-12-21 19:20 431672 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-01-27 11:57 . 2010-03-20 21:48 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-22 12:04 . 2011-01-22 12:04 80896 ----a-w- c:\windows\cadkasdeinst01.exe
2011-01-21 14:44 . 2008-04-14 05:51 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-12 11:05 . 2011-01-12 11:05 275784 ----a-w- c:\windows\system32\oodbs.exe
2011-01-12 11:04 . 2011-01-12 11:04 9544 ----a-w- c:\windows\system32\oodbsrs.dll
2011-01-07 14:09 . 2008-04-14 05:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 18:04 . 2010-03-24 00:11 87608 ----a-w- c:\documents and settings\Administrator\Data aplikací\inst.exe
2010-12-31 18:04 . 2010-03-24 00:11 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-12-31 18:04 . 2010-03-24 00:11 47360 ----a-w- c:\documents and settings\Administrator\Data aplikací\pcouffin.sys
2010-12-31 14:04 . 2008-04-14 04:45 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:32 . 2008-04-14 05:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-21 22:41 . 2010-12-21 22:39 2097152 ----a-w- c:\documents and settings\Administrator\Data aplikací\AUTORUN.BIN
2010-12-21 22:39 . 2010-12-21 22:37 1531392 ----a-w- c:\documents and settings\Administrator\Data aplikací\tsdnwin.dll
2010-12-20 23:52 . 2008-04-23 03:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2009-11-21 14:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2008-04-23 03:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 20:26 . 2010-05-02 22:02 720896 ----a-w- c:\windows\iun6002.exe
2010-12-20 17:24 . 2009-11-21 14:10 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2009-11-21 14:06 385024 ----a-w- c:\windows\system32\html.iec
2010-05-27 08:39 . 2010-04-14 21:01 220672 ----a-w- c:\program files\ID3renamer.exe
2009-09-10 15:48 . 2010-06-30 15:00 822784 ----a-w- c:\program files\FORMAT v3110.EXE
.
.
------- Sigcheck -------
.
[-] 2009-11-21 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2010-12-14 26624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-08 188416]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-08-26 75048]
"RTHDCPL"="RTHDCPL.EXE" [2009-06-12 17887232]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-10 278528]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-10 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-01-12 2781000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"_nltide_2"="shell32" [X]
.
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^MagicDisc.lnk]
path=c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Action Manager 32.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Action Manager 32.lnk
backup=c:\windows\pss\Action Manager 32.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^forteManager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\forteManager.lnk
backup=c:\windows\pss\forteManager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^PHOTOfunSTUDIO.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\PHOTOfunSTUDIO.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-01-15 17:01 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 10:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2009-03-25 12:30 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
2010-08-04 13:55 692317 ----a-w- c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2009-04-08 13:18 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\NCH Swift Sound\\Uplink\\uplink.exe"=
"c:\\Moje firma\\Program Files\\Nevrona\\Rave7\\Rave.exe"=
"c:\\Program Files\\WebSite X5 v8 - Evolution\\WebSite.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Administrator\\Plocha\\My Mobile\\MyMobiler\\MyMobiler.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\My Mobile\\MyMobiler\\MExplorer.exe"=
"c:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Mobil\\Firmware\\M10_615_czonee.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Download Express\\dep.exe"=
"c:\\Program Files\\FlashFXP 4\\FlashFXP.exe"=
"c:\\Program Files\\Psi\\Psi.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"81:TCP"= 81:TCP:Axon Virtual PBX Web Server
"4100:UDP"= 4100:UDP:uPNP Router Control Port
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [24.9.2009 4:40 20744]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14.10.2009 20:18 36880]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [22.3.2010 22:50 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [22.3.2010 22:50 52736]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [7.1.2009 18:52 143467]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [30.10.2010 13:09 20328]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17.2.2011 17:59 363344]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [11.6.2010 10:16 65856]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [12.1.2011 12:06 2398536]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI2BD.tmp [11.3.2011 19:37 177784]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [24.9.2009 12:38 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17.6.2009 13:01 26248]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.9.2009 13:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.10.2009 18:39 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17.2.2011 17:57 20952]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [8.9.2010 12:19 31848]
R3 Uplink;Uplink;c:\windows\system32\drivers\Uplink.sys [2.5.2010 14:03 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.3.2010 14:19 1684736]
S3 AxonService;Axon Virtual PBX;c:\program files\NCH Swift Sound\Axon\axon.exe [2.5.2010 14:31 1388548]
S3 esihdrv;esihdrv;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys [?]
S3 FLASHSYS;FLASHSYS;\??\c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys --> c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [?]
S3 IVMService;IVM Answering Attendant;c:\program files\NCH Swift Sound\IVM\ivm.exe [2.5.2010 14:31 1355780]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [21.3.2010 14:23 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [21.3.2010 14:23 18432]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25.3.2010 10:25 30969208]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14.4.2008 6:52 14336]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [24.8.2010 22:53 32377]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [8.9.2010 12:19 31848]
S3 UplinkService;Uplink Skype2Sip Service;c:\program files\NCH Swift Sound\Uplink\uplink.exe [2.5.2010 14:30 339972]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-09-16 13:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2010-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2010-05-05 c:\windows\Tasks\axonShakeIcon.job
- c:\program files\NCH Swift Sound\Axon\axon.exe [2010-05-02 13:31]
.
2011-03-18 c:\windows\Tasks\User_Feed_Synchronization-{D2F0BA62-75B6-437A-895A-A3381CB525C7}.job
- c:\windows\system32\msfeedssync.exe [2009-11-21 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: Stáhnout pomocí Download &Express - c:\program files\Download Express\Add_Url.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: sws.cz
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\0czgrqf9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.rockzone.cz/listen?bitrate=128
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - prefs.js: network.proxy.http - 194.149.64.5
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: nzbdStatus: sabnzbdstatus@dq5studios.com - %profile%\extensions\sabnzbdstatus@dq5studios.com
FF - Ext: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - %profile%\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XML Digital Signature Procesing Tool: {bcb4f322-a177-4ecd-9c80-835d96e1e595} - %profile%\extensions\{bcb4f322-a177-4ecd-9c80-835d96e1e595}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
FF - Ext: Page Speed: {e3f6c2cc-d8db-498c-af6c-499fb211db97} - %profile%\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: mediaplayerconnectivity: {84b24861-62f6-364b-eba5-2e5e2061d7e6} - %profile%\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
MSConfigStartUp-SwitchBoard - c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 17:24
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI2BD.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1606980848-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,e6,fc,f9,23,3a,42,47,bc,29,af,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,e6,fc,f9,23,3a,42,47,bc,29,af,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,9f,f0,e3,e1,68,15,41,b4,f3,30,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="441EF731F99FDC65683035D73E3B9CEA7D935AC406588DD06B8DAD5E694B53CCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CBA7FD869164D67949DB7CE019D40AA5C6801BDF05E88E73A0B4B146BAADC7CB34F5DD8D44601ACBC16F0D8E5AFFBE885BB17E1A01B821E9B9CAF6D57DCB508726EE8964229EDCD095CD3E6A41D13768F040169061C8726ABB5BB97F7FE25304808C590EA0D4478EE3EAFA0164B5823397C32996E969B924FCC2BFEAB91453EF7719A765EDFD8C9328C339B1C35FC01E891030EAB31E70DAD0B9FDF5507D90E0AB16E4CB481A674DC4BF0C09CCA52B748642E33960837D130511D4EDE4B46924B84AF6903C9CB3F3C3460CA02ECCE04464BD24A882CF93187B00CB133B913D04AD93178670309046033594C39740F3394CEF36ADFA0430FA66FB8C3C1256DE1DC54A5FA03E845319F681C2B332BD0A829AEFA7C80DDCCE244085313FCD0A67399CBA944F8AF8A481229CB9D66D1775DBDD9B13F4F50713BDA2AEF84DEF534465ECC37FB747C06DF957D6D314D1A89DA52F6C8C2B8D6AF36AAB708CB61C1AD2FCA95B29E1F6A0923CAA1EAC7E2AA324226DFD16E2A46AD0937C777F50456D01842995FF9AB060BCF17871415AC1FBF45C221457B17E5327C46237E61CC47FEFD6C81E7334E52A538A4D19A222D07272B70FDFDF6F573A9EA64C9413FBF1FBBF23828D9423F4595425FD914CB6EE4FB4F3CE9BCC4C09D234760EEC919EB58301B529CA5F23C47BDE877ABFC437F307B227A90231877095393CCF78247DDE6AA3132A2A1E4053924B96589320DF1D284A5C04DB97C1B4D13E8007F3DF9ACAE9A808DB2068ADD6AF2575EE5F601D9AC98F168B2EB4FB376DB741753AC336D8795EBE07771AE8F237677E26B70CD5291E0B1908709424A04CE7470F66BCABB40D368EC5164E9E81CA1E532F42B72F74625251A4243D9EF6BAFBF2F21F469B899B37EB6D2C4ADB6038BFED1921344EC08579DAC133472B493673C3A3D28100847B3CC8443DBBC51FA6B360B0AFB6BD6840885315AD538325800E7BCE6CB90CF737B03E39ED7B08E99A1916BD39BE6DFDFEFD456AE87AC000BAB52A6F207913DBAD2E7249548F34DE82E2CC21C8D05B530699C0FD88CA63EEEBB9EA967660F7E2F26D3D90AA447ECE6B8332843CEEB8880F20010550D4E103B2A083E7F5A56C85486B4DC93C4BCD1068968F25EC2148F51AFB5D4D614A31B9D92589F28B78A5224298AC9FEE6BCE52B10A3C1B5AE4A8313660A1AC392F60B35B370CB0536A2D78B666C014BAB0415B05D4E74453FAEA2AF025B63B3D8ED0E957145076B726919E93C82A52B1AA1CFE5A7E631BE80B72E7F111DF5F520835647555E57E7ECFDD8174A0A20"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1380)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(244)
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2011-03-18 17:29:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-18 16:29
ComboFix2.txt 2011-01-12 18:31
.
Před spuštěním: Volných bajtů: 37 728 022 528
Po spuštění: Volných bajtů: 37 748 047 872
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 9C082C7DFAA085C3317CEBD2D6E23386
Předem děkuji všem za rady
Tak jsem pro jistotu v nouzáku (protože v normálním režimu nechtěl běhat), spustil combofix, prosím tímto o kontrolu logu, zdali není v pc nějaký virus.
ComboFix 11-03-17.02 - Administrator 18.03.2011 17:16:34.2.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1622 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\super.exe
AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
ADS - WINDOWS: deleted 128 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Data aplikací\Mikrotik
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\advtool.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\advtool.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\dhcp.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\dhcp.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\hotspot.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\hotspot.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\ntp.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\ntp.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\pim.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\pim.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\ppp.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\ppp.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\radlan.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\radlan.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\roteros.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\roteros.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\roting2.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\roting2.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\secure.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\secure.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\stp.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\stp.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\sync.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\sync.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\system.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\system.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\wlan4.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\wlan4.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\xen.crc
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\3.20-1109091551\xen.dll
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\winbox.cfg
c:\documents and settings\All Users\Data aplikací\mazuki.dll
c:\documents and settings\All Users\ntuser.pol
c:\knihajizd4_0\KnihaJizd4_0.exe
c:\zivnostnik\zivnostnik.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-18 do 2011-03-18 )))))))))))))))))))))))))))))))
.
.
2011-03-18 16:42 . 2011-03-18 16:42 95744 ----a-w- c:\windows\system32\rnpasswd.exe
2011-03-18 15:53 . 2011-03-18 15:53 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-18 15:50 . 2008-04-13 22:01 105344 ----a-w- c:\windows\system32\OLD10.tmp
2011-03-18 15:50 . 2010-12-09 15:14 2071552 ----a-w- c:\windows\system32\OLDC.tmp
2011-03-18 15:50 . 2010-12-09 15:14 2194944 ----a-w- c:\windows\system32\OLD9.tmp
2011-03-18 12:12 . 2008-04-13 22:01 105344 ----a-w- c:\windows\system32\hal(2).dll
2011-03-12 12:13 . 2011-03-12 12:13 -------- d-----w- c:\program files\SEOSurf
2011-03-11 23:34 . 2011-03-12 00:21 -------- d-----w- c:\documents and settings\Administrator\PsiData
2011-03-11 23:34 . 2011-03-11 23:34 -------- d-----w- c:\program files\Psi
2011-03-11 23:07 . 2011-03-11 23:07 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\AKVIS LLC
2011-03-11 19:04 . 2011-03-11 19:04 -------- d-----w- c:\program files\AdultPDF
2011-03-11 18:53 . 2011-03-11 19:00 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\SolidDocuments
2011-03-11 18:37 . 2010-12-21 21:17 18752 ----a-w- c:\windows\system32\solidlocalui.dll
2011-03-11 18:37 . 2010-12-21 21:17 27456 ----a-w- c:\windows\system32\solidlocalmon.dll
2011-03-11 18:36 . 2011-03-11 18:55 -------- d-----w- c:\program files\SolidDocuments
2011-03-11 18:36 . 2011-03-11 18:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SolidDocuments
2011-03-06 22:13 . 2011-03-06 22:13 -------- d-----w- c:\program files\Aplikace MB
2011-03-06 14:16 . 2011-03-06 14:16 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\mojosoft
2011-03-06 14:16 . 2011-03-06 14:16 -------- d-----w- c:\program files\mojosoft
2011-03-06 10:44 . 2011-03-06 10:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Protexis
2011-03-06 10:43 . 2011-03-06 10:44 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Corel
2011-03-06 10:36 . 2011-03-06 10:36 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2011-03-06 10:34 . 2011-03-06 10:34 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2011-03-06 10:31 . 2011-03-06 10:31 416 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-03-06 10:25 . 2011-03-06 10:25 -------- d-----w- c:\program files\Microsoft SDKs
2011-03-06 10:25 . 2011-03-06 10:28 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2011-03-06 10:21 . 2011-03-06 10:21 -------- d-----w- c:\program files\Common Files\Corel
2011-03-06 10:16 . 2011-03-06 10:16 -------- d-----w- c:\program files\Common Files\Protexis
2011-03-06 10:16 . 2011-03-06 10:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Corel
2011-03-06 10:02 . 2011-03-06 10:02 -------- d-----w- c:\program files\Corel
2011-02-28 23:18 . 2011-02-28 23:18 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Anvsoft
2011-02-28 23:16 . 2011-02-28 23:16 -------- d-----w- c:\program files\AnvSoft
2011-02-28 22:50 . 2011-01-24 12:00 72220672 ----a-w- c:\program files\PFMPtU.exe
2011-02-28 20:33 . 2005-05-24 14:37 454656 ----a-w- c:\program files\Barvy.exe
2011-02-21 16:23 . 2011-02-21 16:45 -------- d-----w- c:\documents and settings\Administrator\.gimp-2.6
2011-02-19 15:31 . 2011-02-19 15:31 -------- d-----w- c:\windows\Downloaded Installations
2011-02-17 16:59 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-17 16:57 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 10:24 . 2011-02-12 13:23 81920 ---ha-w- c:\windows\system32\v3shrtkgn.dll
2011-02-09 13:53 . 2008-04-14 05:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 05:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-03-20 21:48 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-02-01 20:12 . 2010-12-21 19:20 431672 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-01-27 11:57 . 2010-03-20 21:48 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-22 12:04 . 2011-01-22 12:04 80896 ----a-w- c:\windows\cadkasdeinst01.exe
2011-01-21 14:44 . 2008-04-14 05:51 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-12 11:05 . 2011-01-12 11:05 275784 ----a-w- c:\windows\system32\oodbs.exe
2011-01-12 11:04 . 2011-01-12 11:04 9544 ----a-w- c:\windows\system32\oodbsrs.dll
2011-01-07 14:09 . 2008-04-14 05:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 18:04 . 2010-03-24 00:11 87608 ----a-w- c:\documents and settings\Administrator\Data aplikací\inst.exe
2010-12-31 18:04 . 2010-03-24 00:11 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-12-31 18:04 . 2010-03-24 00:11 47360 ----a-w- c:\documents and settings\Administrator\Data aplikací\pcouffin.sys
2010-12-31 14:04 . 2008-04-14 04:45 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:32 . 2008-04-14 05:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-21 22:41 . 2010-12-21 22:39 2097152 ----a-w- c:\documents and settings\Administrator\Data aplikací\AUTORUN.BIN
2010-12-21 22:39 . 2010-12-21 22:37 1531392 ----a-w- c:\documents and settings\Administrator\Data aplikací\tsdnwin.dll
2010-12-20 23:52 . 2008-04-23 03:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2009-11-21 14:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2008-04-23 03:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 20:26 . 2010-05-02 22:02 720896 ----a-w- c:\windows\iun6002.exe
2010-12-20 17:24 . 2009-11-21 14:10 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2009-11-21 14:06 385024 ----a-w- c:\windows\system32\html.iec
2010-05-27 08:39 . 2010-04-14 21:01 220672 ----a-w- c:\program files\ID3renamer.exe
2009-09-10 15:48 . 2010-06-30 15:00 822784 ----a-w- c:\program files\FORMAT v3110.EXE
.
.
------- Sigcheck -------
.
[-] 2009-11-21 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2010-12-14 26624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-08 188416]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-08-26 75048]
"RTHDCPL"="RTHDCPL.EXE" [2009-06-12 17887232]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-10 278528]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-10 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-01-12 2781000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"_nltide_2"="shell32" [X]
.
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^MagicDisc.lnk]
path=c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Action Manager 32.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Action Manager 32.lnk
backup=c:\windows\pss\Action Manager 32.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^forteManager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\forteManager.lnk
backup=c:\windows\pss\forteManager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^PHOTOfunSTUDIO.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\PHOTOfunSTUDIO.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-01-15 17:01 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 10:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2009-03-25 12:30 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
2010-08-04 13:55 692317 ----a-w- c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2009-04-08 13:18 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\NCH Swift Sound\\Uplink\\uplink.exe"=
"c:\\Moje firma\\Program Files\\Nevrona\\Rave7\\Rave.exe"=
"c:\\Program Files\\WebSite X5 v8 - Evolution\\WebSite.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Administrator\\Plocha\\My Mobile\\MyMobiler\\MyMobiler.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\My Mobile\\MyMobiler\\MExplorer.exe"=
"c:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Mobil\\Firmware\\M10_615_czonee.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Download Express\\dep.exe"=
"c:\\Program Files\\FlashFXP 4\\FlashFXP.exe"=
"c:\\Program Files\\Psi\\Psi.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"81:TCP"= 81:TCP:Axon Virtual PBX Web Server
"4100:UDP"= 4100:UDP:uPNP Router Control Port
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [24.9.2009 4:40 20744]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14.10.2009 20:18 36880]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [22.3.2010 22:50 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [22.3.2010 22:50 52736]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [7.1.2009 18:52 143467]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [30.10.2010 13:09 20328]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17.2.2011 17:59 363344]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [11.6.2010 10:16 65856]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [12.1.2011 12:06 2398536]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI2BD.tmp [11.3.2011 19:37 177784]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [24.9.2009 12:38 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17.6.2009 13:01 26248]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.9.2009 13:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.10.2009 18:39 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17.2.2011 17:57 20952]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [8.9.2010 12:19 31848]
R3 Uplink;Uplink;c:\windows\system32\drivers\Uplink.sys [2.5.2010 14:03 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.3.2010 14:19 1684736]
S3 AxonService;Axon Virtual PBX;c:\program files\NCH Swift Sound\Axon\axon.exe [2.5.2010 14:31 1388548]
S3 esihdrv;esihdrv;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys [?]
S3 FLASHSYS;FLASHSYS;\??\c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys --> c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [?]
S3 IVMService;IVM Answering Attendant;c:\program files\NCH Swift Sound\IVM\ivm.exe [2.5.2010 14:31 1355780]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [21.3.2010 14:23 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [21.3.2010 14:23 18432]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25.3.2010 10:25 30969208]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14.4.2008 6:52 14336]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [24.8.2010 22:53 32377]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [8.9.2010 12:19 31848]
S3 UplinkService;Uplink Skype2Sip Service;c:\program files\NCH Swift Sound\Uplink\uplink.exe [2.5.2010 14:30 339972]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-09-16 13:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2010-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2010-05-05 c:\windows\Tasks\axonShakeIcon.job
- c:\program files\NCH Swift Sound\Axon\axon.exe [2010-05-02 13:31]
.
2011-03-18 c:\windows\Tasks\User_Feed_Synchronization-{D2F0BA62-75B6-437A-895A-A3381CB525C7}.job
- c:\windows\system32\msfeedssync.exe [2009-11-21 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: Stáhnout pomocí Download &Express - c:\program files\Download Express\Add_Url.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: sws.cz
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\0czgrqf9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.rockzone.cz/listen?bitrate=128
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - prefs.js: network.proxy.http - 194.149.64.5
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: nzbdStatus: sabnzbdstatus@dq5studios.com - %profile%\extensions\sabnzbdstatus@dq5studios.com
FF - Ext: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - %profile%\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XML Digital Signature Procesing Tool: {bcb4f322-a177-4ecd-9c80-835d96e1e595} - %profile%\extensions\{bcb4f322-a177-4ecd-9c80-835d96e1e595}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
FF - Ext: Page Speed: {e3f6c2cc-d8db-498c-af6c-499fb211db97} - %profile%\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: mediaplayerconnectivity: {84b24861-62f6-364b-eba5-2e5e2061d7e6} - %profile%\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
MSConfigStartUp-SwitchBoard - c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 17:24
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI2BD.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1606980848-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,e6,fc,f9,23,3a,42,47,bc,29,af,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,e6,fc,f9,23,3a,42,47,bc,29,af,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,9f,f0,e3,e1,68,15,41,b4,f3,30,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="441EF731F99FDC65683035D73E3B9CEA7D935AC406588DD06B8DAD5E694B53CCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CBA7FD869164D67949DB7CE019D40AA5C6801BDF05E88E73A0B4B146BAADC7CB34F5DD8D44601ACBC16F0D8E5AFFBE885BB17E1A01B821E9B9CAF6D57DCB508726EE8964229EDCD095CD3E6A41D13768F040169061C8726ABB5BB97F7FE25304808C590EA0D4478EE3EAFA0164B5823397C32996E969B924FCC2BFEAB91453EF7719A765EDFD8C9328C339B1C35FC01E891030EAB31E70DAD0B9FDF5507D90E0AB16E4CB481A674DC4BF0C09CCA52B748642E33960837D130511D4EDE4B46924B84AF6903C9CB3F3C3460CA02ECCE04464BD24A882CF93187B00CB133B913D04AD93178670309046033594C39740F3394CEF36ADFA0430FA66FB8C3C1256DE1DC54A5FA03E845319F681C2B332BD0A829AEFA7C80DDCCE244085313FCD0A67399CBA944F8AF8A481229CB9D66D1775DBDD9B13F4F50713BDA2AEF84DEF534465ECC37FB747C06DF957D6D314D1A89DA52F6C8C2B8D6AF36AAB708CB61C1AD2FCA95B29E1F6A0923CAA1EAC7E2AA324226DFD16E2A46AD0937C777F50456D01842995FF9AB060BCF17871415AC1FBF45C221457B17E5327C46237E61CC47FEFD6C81E7334E52A538A4D19A222D07272B70FDFDF6F573A9EA64C9413FBF1FBBF23828D9423F4595425FD914CB6EE4FB4F3CE9BCC4C09D234760EEC919EB58301B529CA5F23C47BDE877ABFC437F307B227A90231877095393CCF78247DDE6AA3132A2A1E4053924B96589320DF1D284A5C04DB97C1B4D13E8007F3DF9ACAE9A808DB2068ADD6AF2575EE5F601D9AC98F168B2EB4FB376DB741753AC336D8795EBE07771AE8F237677E26B70CD5291E0B1908709424A04CE7470F66BCABB40D368EC5164E9E81CA1E532F42B72F74625251A4243D9EF6BAFBF2F21F469B899B37EB6D2C4ADB6038BFED1921344EC08579DAC133472B493673C3A3D28100847B3CC8443DBBC51FA6B360B0AFB6BD6840885315AD538325800E7BCE6CB90CF737B03E39ED7B08E99A1916BD39BE6DFDFEFD456AE87AC000BAB52A6F207913DBAD2E7249548F34DE82E2CC21C8D05B530699C0FD88CA63EEEBB9EA967660F7E2F26D3D90AA447ECE6B8332843CEEB8880F20010550D4E103B2A083E7F5A56C85486B4DC93C4BCD1068968F25EC2148F51AFB5D4D614A31B9D92589F28B78A5224298AC9FEE6BCE52B10A3C1B5AE4A8313660A1AC392F60B35B370CB0536A2D78B666C014BAB0415B05D4E74453FAEA2AF025B63B3D8ED0E957145076B726919E93C82A52B1AA1CFE5A7E631BE80B72E7F111DF5F520835647555E57E7ECFDD8174A0A20"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1380)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(244)
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2011-03-18 17:29:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-18 16:29
ComboFix2.txt 2011-01-12 18:31
.
Před spuštěním: Volných bajtů: 37 728 022 528
Po spuštění: Volných bajtů: 37 748 047 872
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 9C082C7DFAA085C3317CEBD2D6E23386
Předem děkuji všem za rady
.
