Problem, pomalý pc a problem v Combofixu
Napsal: 23 kvě 2011 15:37
RSIT :
Logfile of random's system information tool 1.08 (written by random/random)
Run by Marek at 2011-05-23 16:35:56
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (37%) free of 30 GB
Total RAM: 511 MB (18% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:36:18, on 23.5.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21256)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Marek\Plocha\RSIT.exe
C:\Program Files\trend micro\Marek.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /O6 "USB001" /M "Stylus C48"
O4 - HKLM\..\Run: [Speedfan] C:\Program Files\SpeedFan/speedfan.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Reloader] C:\WINDOWS\NiwradSoft Shell Pack\Tools\Reloader.exe /S
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\WORD\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra button: Unibet - {BC3F8E6D-44CF-4B7D-BB80-84CBEA6B350C} - C:\Microgaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (Q) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5311 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-11-09 180224]
"EPSON Stylus C48 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE [2005-05-17 99840]
"Speedfan"=C:\Program Files\SpeedFan/speedfan.exe [2011-03-17 4523928]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-10-29 4620288]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-10-29 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"Reloader"=C:\WINDOWS\NiwradSoft Shell Pack\Tools\Reloader.exe [2010-07-04 325046]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 2200 Series]
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe [2004-02-13 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NiwradSoft Welcome]
C:\WINDOWS\NiwradSoft Shell Pack\Tools\NS Welcome.exe [2010-07-04 243442]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 265728]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe"="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"D:\FM2011\fm.exe"="D:\FM2011\fm.exe:*:Enabled:Football Manager 2011"
"D:\skype\Phone\Skype.exe"="D:\skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Casino\ParadiseCasino\casino.exe"="D:\Casino\ParadiseCasino\casino.exe:*:Enabled:casino"
"D:\ICQ7.5\ICQ.exe"="D:\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\ICQ7.5\ICQ.exe"="D:\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
======List of files/folders created in the last 1 months======
2011-05-23 16:36:01 ----D---- C:\Program Files\trend micro
2011-05-23 16:35:56 ----D---- C:\rsit
2011-05-23 15:40:09 ----SHD---- C:\RECYCLER
2011-05-23 15:40:04 ----D---- C:\WINDOWS\temp
2011-05-23 15:40:01 ----A---- C:\ComboFix.txt
2011-05-16 22:14:15 ----D---- C:\WINDOWS\Prefetch
2011-05-16 21:55:29 ----A---- C:\WINDOWS\zip.exe
2011-05-16 21:55:29 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-05-16 21:55:29 ----A---- C:\WINDOWS\SWSC.exe
2011-05-16 21:55:29 ----A---- C:\WINDOWS\SWREG.exe
2011-05-16 21:55:29 ----A---- C:\WINDOWS\sed.exe
2011-05-16 21:55:29 ----A---- C:\WINDOWS\PEV.exe
2011-05-16 21:55:29 ----A---- C:\WINDOWS\NIRCMD.exe
2011-05-16 21:55:29 ----A---- C:\WINDOWS\MBR.exe
2011-05-16 21:55:29 ----A---- C:\WINDOWS\grep.exe
2011-05-16 21:55:08 ----D---- C:\Qoobox
2011-05-07 21:08:28 ----D---- C:\Program Files\ICQ6Toolbar
2011-04-28 23:08:28 ----D---- C:\Program Files\Defraggler
2011-04-27 09:56:29 ----D---- C:\Documents and Settings\Marek\Data aplikací\Uniblue
2011-04-27 00:27:13 ----ASH---- C:\hiberfil.sys
2011-04-27 00:25:29 ----A---- C:\WINDOWS\system32\nvwrszht.dll
2011-04-27 00:25:29 ----A---- C:\WINDOWS\system32\nvwrszhc.dll
2011-04-27 00:25:29 ----A---- C:\WINDOWS\system32\nvrszht.dll
2011-04-27 00:25:29 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2011-04-27 00:25:28 ----A---- C:\WINDOWS\system32\nvwrstr.dll
2011-04-27 00:25:28 ----A---- C:\WINDOWS\system32\nvwrssv.dll
2011-04-27 00:25:28 ----A---- C:\WINDOWS\system32\nvwrssl.dll
2011-04-27 00:25:28 ----A---- C:\WINDOWS\system32\nvrstr.dll
2011-04-27 00:25:28 ----A---- C:\WINDOWS\system32\nvrssv.dll
2011-04-27 00:25:27 ----A---- C:\WINDOWS\system32\nvwrssk.dll
2011-04-27 00:25:27 ----A---- C:\WINDOWS\system32\nvwrsru.dll
2011-04-27 00:25:27 ----A---- C:\WINDOWS\system32\nvwrsptb.dll
2011-04-27 00:25:27 ----A---- C:\WINDOWS\system32\nvrssl.dll
2011-04-27 00:25:27 ----A---- C:\WINDOWS\system32\nvrssk.dll
2011-04-27 00:25:27 ----A---- C:\WINDOWS\system32\nvrsru.dll
2011-04-27 00:25:27 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2011-04-27 00:25:26 ----A---- C:\WINDOWS\system32\nvwrspt.dll
2011-04-27 00:25:26 ----A---- C:\WINDOWS\system32\nvwrspl.dll
2011-04-27 00:25:26 ----A---- C:\WINDOWS\system32\nvwrsno.dll
2011-04-27 00:25:26 ----A---- C:\WINDOWS\system32\nvrspt.dll
2011-04-27 00:25:26 ----A---- C:\WINDOWS\system32\nvrspl.dll
2011-04-27 00:25:26 ----A---- C:\WINDOWS\system32\nvrsno.dll
2011-04-27 00:25:25 ----A---- C:\WINDOWS\system32\nvwrsnl.dll
2011-04-27 00:25:25 ----A---- C:\WINDOWS\system32\nvwrsko.dll
2011-04-27 00:25:25 ----A---- C:\WINDOWS\system32\nvwrsja.dll
2011-04-27 00:25:25 ----A---- C:\WINDOWS\system32\nvwrsit.dll
2011-04-27 00:25:25 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2011-04-27 00:25:25 ----A---- C:\WINDOWS\system32\nvrsko.dll
2011-04-27 00:25:25 ----A---- C:\WINDOWS\system32\nvrsja.dll
2011-04-27 00:25:24 ----A---- C:\WINDOWS\system32\nvwrshu.dll
2011-04-27 00:25:24 ----A---- C:\WINDOWS\system32\nvwrshe.dll
2011-04-27 00:25:24 ----A---- C:\WINDOWS\system32\nvwrsfr.dll
2011-04-27 00:25:24 ----A---- C:\WINDOWS\system32\nvrsit.dll
2011-04-27 00:25:24 ----A---- C:\WINDOWS\system32\nvrshu.dll
2011-04-27 00:25:24 ----A---- C:\WINDOWS\system32\nvrshe.dll
2011-04-27 00:25:24 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2011-04-27 00:25:23 ----A---- C:\WINDOWS\system32\nvwrsfi.dll
2011-04-27 00:25:23 ----A---- C:\WINDOWS\system32\nvwrsesm.dll
2011-04-27 00:25:23 ----A---- C:\WINDOWS\system32\nvwrses.dll
2011-04-27 00:25:23 ----A---- C:\WINDOWS\system32\nvwrseng.dll
2011-04-27 00:25:23 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2011-04-27 00:25:23 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2011-04-27 00:25:23 ----A---- C:\WINDOWS\system32\nvrses.dll
2011-04-27 00:25:22 ----A---- C:\WINDOWS\system32\nvwrsel.dll
2011-04-27 00:25:22 ----A---- C:\WINDOWS\system32\nvwrsde.dll
2011-04-27 00:25:22 ----A---- C:\WINDOWS\system32\nvwrsda.dll
2011-04-27 00:25:22 ----A---- C:\WINDOWS\system32\nvrseng.dll
2011-04-27 00:25:22 ----A---- C:\WINDOWS\system32\nvrsel.dll
2011-04-27 00:25:22 ----A---- C:\WINDOWS\system32\nvrsde.dll
2011-04-27 00:25:22 ----A---- C:\WINDOWS\system32\nvrsda.dll
2011-04-27 00:25:21 ----A---- C:\WINDOWS\system32\nwiz.exe
2011-04-27 00:25:21 ----A---- C:\WINDOWS\system32\nvwrscs.dll
2011-04-27 00:25:21 ----A---- C:\WINDOWS\system32\nvwrsar.dll
2011-04-27 00:25:21 ----A---- C:\WINDOWS\system32\nvrscs.dll
2011-04-27 00:25:21 ----A---- C:\WINDOWS\system32\nvrsar.dll
2011-04-27 00:25:20 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2011-04-27 00:25:20 ----A---- C:\WINDOWS\system32\nvshell.dll
2011-04-27 00:25:20 ----A---- C:\WINDOWS\system32\nview.dll
2011-04-27 00:25:19 ----A---- C:\WINDOWS\system32\nvudisp.exe
2011-04-27 00:25:19 ----A---- C:\WINDOWS\system32\nvappbar.exe
2011-04-27 00:25:19 ----A---- C:\WINDOWS\system32\keystone.exe
2011-04-27 00:15:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2011-04-27 00:09:41 ----A---- C:\WINDOWS\system32\nvwimg.dll
2011-04-27 00:09:41 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2011-04-27 00:09:04 ----A---- C:\WINDOWS\iun6002.exe
2011-04-27 00:08:41 ----D---- C:\Program Files\Nvidia Omega Drivers
2011-04-26 14:08:28 ----A---- C:\WINDOWS\system32\midimap.dll.niwrad
2011-04-26 14:07:25 ----A---- C:\WINDOWS\system32\uxtheme.dll.backup
2011-04-26 14:07:03 ----HD---- C:\WINDOWS\NiwradSoft Shell Pack
2011-04-26 14:01:13 ----A---- C:\WINDOWS\esellerateEngine.dll
======List of files/folders modified in the last 1 months======
2011-05-23 16:36:01 ----RD---- C:\Program Files
2011-05-23 15:40:05 ----D---- C:\WINDOWS\system32\drivers
2011-05-23 15:40:04 ----D---- C:\WINDOWS
2011-05-23 15:39:04 ----SD---- C:\WINDOWS\Tasks
2011-05-23 15:36:39 ----D---- C:\WINDOWS\system32\CatRoot2
2011-05-23 15:33:35 ----D---- C:\WINDOWS\system32
2011-05-23 15:33:35 ----A---- C:\WINDOWS\system.ini
2011-05-23 15:33:23 ----D---- C:\Program Files\SpeedFan
2011-05-23 15:33:20 ----D---- C:\WINDOWS\ERDNT
2011-05-23 15:33:14 ----D---- C:\WINDOWS\system32\drivers\etc
2011-05-23 15:28:03 ----D---- C:\WINDOWS\AppPatch
2011-05-23 15:28:00 ----D---- C:\Program Files\Common Files
2011-05-23 15:18:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-05-23 15:09:23 ----D---- C:\Documents and Settings\Marek\Data aplikací\ICQ
2011-05-16 22:50:25 ----D---- C:\Program Files\CCleaner
2011-05-16 22:11:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-05-16 21:44:33 ----D---- C:\Program Files\Mozilla Firefox
2011-05-15 21:33:49 ----RD---- C:\WINDOWS\Web
2011-05-15 21:31:03 ----A---- C:\WINDOWS\ODBCINST.INI
2011-05-15 21:28:45 ----D---- C:\WINDOWS\system32\CatRoot
2011-05-15 21:26:38 ----D---- C:\WINDOWS\system32\ias
2011-05-15 21:24:12 ----SHD---- C:\WINDOWS\Installer
2011-05-15 21:22:27 ----SD---- C:\Documents and Settings\Marek\Data aplikací\Microsoft
2011-05-14 12:57:28 ----A---- C:\WINDOWS\NeroDigital.ini
2011-05-10 12:02:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-05-08 00:12:41 ----D---- C:\Documents and Settings\Marek\Data aplikací\Skype
2011-05-08 00:10:22 ----D---- C:\Documents and Settings\Marek\Data aplikací\skypePM
2011-05-07 21:08:20 ----HD---- C:\Program Files\InstallShield Installation Information
2011-05-07 21:08:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2011-04-27 10:16:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2011-04-27 10:06:51 ----D---- C:\WINDOWS\system32\config
2011-04-27 00:27:08 ----D---- C:\WINDOWS\Help
2011-04-27 00:27:07 ----D---- C:\WINDOWS\nview
2011-04-27 00:25:04 ----HD---- C:\WINDOWS\inf
2011-04-27 00:18:44 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-04-26 23:46:20 ----SHD---- C:\System Volume Information
2011-04-26 23:46:20 ----D---- C:\WINDOWS\system32\Restore
2011-04-26 14:12:28 ----D---- C:\Program Files\Windows Media Player
2011-04-26 14:12:28 ----D---- C:\Program Files\Outlook Express
2011-04-26 14:12:28 ----D---- C:\Program Files\Common Files\System
2011-04-26 14:12:27 ----D---- C:\WINDOWS\system32\usmt
2011-04-26 14:12:27 ----D---- C:\WINDOWS\srchasst
2011-04-26 14:12:27 ----D---- C:\Program Files\Windows NT
2011-04-26 14:12:27 ----D---- C:\Program Files\Internet Explorer
2011-04-26 14:10:40 ----RSD---- C:\WINDOWS\Fonts
2011-04-26 14:07:25 ----A---- C:\WINDOWS\system32\uxtheme.dll
2011-04-26 13:57:18 ----D---- C:\WINDOWS\system32\DirectX
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-11-14 43528]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2010-12-18 21696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-07-25 691696]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R0 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2004-03-29 73600]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-11-09 59388]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-03-29 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-10-29 2826944]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 CrystalSysInfo;CrystalSysInfo; C:\WINDOWS\system32\drivers\CrystalSysInfo.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\Marek\LOCALS~1\Temp\mbr.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-05-23 29696]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-01-14 311296]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NVSvc;NVIDIA Display Driver Service (Omega 1.6693) (Q); C:\WINDOWS\system32\nvsvc32.exe [2004-10-29 127043]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2011-03-01 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-10-20 630272]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-11 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
COMBOFIX:
ComboFix 11-05-22.01 - Marek 23.05.2011 15:20:30.15.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.317 [GMT 2:00]
Spuštěný z: c:\documents and settings\Marek\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Marek\LOCALS~1\Temp\sfamcc00001.dll
c:\docume~1\Marek\LOCALS~1\Temp\sfareca00001.dll
c:\documents and settings\Marek\Local Settings\temp\sfamcc00001.dll
c:\documents and settings\Marek\Local Settings\temp\sfareca00001.dll
.
Nakažená kopie c:\windows\system32\midimap.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\midimap.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-23 do 2011-05-23 )))))))))))))))))))))))))))))))
.
.
2011-05-16 21:11 . 2011-05-16 21:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-07 19:08 . 2011-05-07 19:08 -------- d-----w- c:\program files\ICQ6Toolbar
2011-04-28 21:08 . 2011-04-28 21:08 -------- d-----w- c:\program files\Defraggler
2011-04-27 07:56 . 2011-04-27 07:56 -------- d-----w- c:\documents and settings\Marek\Data aplikací\Uniblue
2011-04-27 07:55 . 2011-04-27 07:55 -------- d-----w- c:\documents and settings\Marek\Local Settings\Data aplikací\PackageAware
2011-04-26 22:15 . 2011-04-26 22:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\nView_Profiles
2011-04-26 22:09 . 2004-10-29 20:50 1339392 ----a-w- c:\windows\system32\nvdspsch.exe
2011-04-26 22:09 . 2004-10-29 20:50 1019904 ----a-w- c:\windows\system32\nvwimg.dll
2011-04-26 22:09 . 2011-04-26 22:08 737280 ----a-w- c:\windows\iun6002.exe
2011-04-26 22:08 . 2011-04-26 22:08 -------- d-----w- c:\program files\Nvidia Omega Drivers
2011-04-26 12:08 . 2008-04-14 07:51 42496 ----a-w- c:\windows\system32\midimap.dll.niwrad
2011-04-26 12:07 . 2008-04-14 07:52 219648 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-04-26 12:07 . 2011-05-23 13:33 -------- d--h--w- c:\windows\NiwradSoft Shell Pack
2011-04-26 12:01 . 2002-12-21 17:04 327680 ----a-w- c:\windows\esellerateEngine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-26 12:07 . 2004-08-17 13:49 219648 ----a-w- c:\windows\system32\uxtheme.dll
2011-04-30 19:23 . 2011-04-03 08:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-08-31 13:25 . 2005-08-09 00:18 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.
.
------- Sigcheck -------
.
[7] 2008-04-14 07:51 . E7B375DFFB68A16659CA66474A280C47 . 806912 . . [2001.12.4414.700] . . c:\windows\ERDNT\cache\comres.dll
[7] 2008-04-14 07:51 . E7B375DFFB68A16659CA66474A280C47 . 806912 . . [2001.12.4414.700] . . c:\windows\NiwradSoft Shell Pack\Backup\comres.dll
[-] 2008-04-14 07:51 . 9BBABCB691B887769048255FA7047C05 . 1508864 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 07:51 . 9BBABCB691B887769048255FA7047C05 . 1508864 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-04-14 07:51 . 9BBABCB691B887769048255FA7047C05 . 1508864 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
[7] 2004-08-17 13:49 . B44F68274AB7B8A54E9AD74AFF0EFAAC . 806912 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
[7] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[7] 2008-04-14 . 4F993463DC5F3F80D77A3D34D7BFBFED . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[7] 2008-04-14 . 4F993463DC5F3F80D77A3D34D7BFBFED . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2008-04-14 . D7B7AE36A2EBA312AC4B53862019B3F5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-03-29 . E26B26189B786E6B092F002041D5A1E2 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . 6CB1BAC5FA7E692B63C3D5AAA348E76A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[7] 2010-05-04 . A85A3A10CA88BD7861D1859183559ED5 . 3603456 . . [7.00.6000.21264] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtml.dll
[7] 2010-05-04 . A85A3A10CA88BD7861D1859183559ED5 . 3603456 . . [7.00.6000.21264] . . c:\windows\ERDNT\cache\mshtml.dll
[7] 2010-05-04 . A85A3A10CA88BD7861D1859183559ED5 . 3603456 . . [7.00.6000.21264] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2010-05-04 . 9CE04362C2CAC43BD00423381DCCD0AB . 3763712 . . [7.00.6000.21264] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2010-05-04 . 9CE04362C2CAC43BD00423381DCCD0AB . 3763712 . . [7.00.6000.21264] . . c:\windows\system32\mshtml.dll
[-] 2010-05-04 . 9CE04362C2CAC43BD00423381DCCD0AB . 3763712 . . [7.00.6000.21264] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-10-29 . EC37726162FF477D0E38111CD11C3000 . 3598336 . . [7.00.6000.16945] . . c:\windows\SoftwareDistribution\Download\2d21da1b434f63ab8c96a1d526689a8b\sp3gdr\mshtml.dll
[-] 2009-10-29 . C4C38495BA7AFC2C1752501A6875B323 . 3602432 . . [7.00.6000.21148] . . c:\windows\SoftwareDistribution\Download\2d21da1b434f63ab8c96a1d526689a8b\sp3qfe\mshtml.dll
[-] 2008-03-29 . DBDDA1D78F879B4562DF99805490FC97 . 3593216 . . [7.00.6000.20733] . . c:\windows\ie7updates\KB982381-IE7\mshtml.dll
.
[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
[-] 2008-03-29 . 5393076FDCD6DAEB82814688DDE3E9A2 . 578048 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
[7] 2010-05-04 . 3D4713D326A245AAE068E7148C08AA77 . 841216 . . [7.00.6000.21256] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\wininet.dll
[7] 2010-05-04 . 3D4713D326A245AAE068E7148C08AA77 . 841216 . . [7.00.6000.21256] . . c:\windows\ERDNT\cache\wininet.dll
[7] 2010-05-04 . 3D4713D326A245AAE068E7148C08AA77 . 841216 . . [7.00.6000.21256] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2010-05-04 . E1F28C81C1C554E48768B5C5808CD625 . 907776 . . [7.00.6000.21256] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2010-05-04 . E1F28C81C1C554E48768B5C5808CD625 . 907776 . . [7.00.6000.21256] . . c:\windows\system32\wininet.dll
[-] 2010-05-04 . E1F28C81C1C554E48768B5C5808CD625 . 907776 . . [7.00.6000.21256] . . c:\windows\system32\dllcache\wininet.dll
[-] 2009-10-29 . 33D6B94981C3FB88F27CFBBE72B59122 . 832512 . . [7.00.6000.16945] . . c:\windows\SoftwareDistribution\Download\2d21da1b434f63ab8c96a1d526689a8b\sp3gdr\wininet.dll
[-] 2009-10-29 . 7CD98B487F578D12281B163E2FEF7487 . 841216 . . [7.00.6000.21148] . . c:\windows\SoftwareDistribution\Download\2d21da1b434f63ab8c96a1d526689a8b\sp3qfe\wininet.dll
[-] 2008-03-29 . 32CC73F851F377B035A5B8216CAC63CE . 825344 . . [7.00.6000.20733] . . c:\windows\ie7updates\KB982381-IE7\wininet.dll
.
[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
[7] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 6915639F41228891A883B2DA59AA7429 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . FDEB1D02CAE38665CBF114F44E6B997E . 147968 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\regedit.exe
[-] 2008-04-14 . 6915639F41228891A883B2DA59AA7429 . 277504 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2008-04-14 . 6915639F41228891A883B2DA59AA7429 . 277504 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
[7] 2004-08-17 . CB5A91928D94224E7E30EE277B45E8A3 . 147968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[7] 2008-04-14 . 21F836AAB269FF644E0E708B794B0DF7 . 1287168 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ole32.dll
[7] 2008-04-14 . 21F836AAB269FF644E0E708B794B0DF7 . 1287168 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ole32.dll
[-] 2008-04-14 . 79E4E0BCF353CA222DCCA7DD396F15A9 . 1312256 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 . 79E4E0BCF353CA222DCCA7DD396F15A9 . 1312256 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[-] 2008-04-14 . 79E4E0BCF353CA222DCCA7DD396F15A9 . 1312256 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ole32.dll
[-] 2008-03-29 . 93AC0C1189CB7C34910CD00748A23E3A . 1285632 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
.
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
[7] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[7] 2008-04-14 . ED18ADEE4AA21EB26977260152D7241A . 345088 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\hnetcfg.dll
[7] 2008-04-14 . ED18ADEE4AA21EB26977260152D7241A . 345088 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\hnetcfg.dll
[-] 2008-04-14 . FDE84E2C6D0E1F75D61D7CC111A1DA5A . 369152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . FDE84E2C6D0E1F75D61D7CC111A1DA5A . 369152 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2008-04-14 . FDE84E2C6D0E1F75D61D7CC111A1DA5A . 369152 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
[7] 2004-08-17 . FAABA83BE47C5B15F620FAA53267A9B8 . 345088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[7] 2010-02-16 . 6C31566C176BC28C7D73BC6332642A58 . 2068992 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2010-02-16 . 6C31566C176BC28C7D73BC6332642A58 . 2068992 . . [5.1.2600.5938] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[7] 2010-02-16 . 6C31566C176BC28C7D73BC6332642A58 . 2068992 . . [5.1.2600.5938] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2010-02-16 . B48BBDD536DC063C06981048C9157674 . 2230144 . . [5.1.2600.5938] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2010-02-16 . B48BBDD536DC063C06981048C9157674 . 2230144 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . B48BBDD536DC063C06981048C9157674 . 2230144 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2010-02-16 . DCC3D91A3DEDBBA9ECFFA6028D872CF5 . 2069120 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 97815C93200676C727CE951AE5C78137 . 2068352 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 182A95C233C9C254FEE7F047E6CA73D1 . 2068224 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . 90E58FFA70A7951899BBF5551A9D246A . 2065152 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 809D2CA366FBA705B143D1EA84A3BC1A . 2059904 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP2GDR\ntkrnlpa.exe
[7] 2009-02-09 . FF8A3F180A224AA27EBAB937CA027F4D . 2068352 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-03-29 . A873FF1754E2A81CB1A34588CAB363D6 . 2061568 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
[7] 2010-04-16 . B24A4E23A2FEDB6976EB04D334AD82B2 . 634648 . . [7.00.6000.21256] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe
[7] 2010-04-16 . B24A4E23A2FEDB6976EB04D334AD82B2 . 634648 . . [7.00.6000.21256] . . c:\windows\ERDNT\cache\iexplore.exe
[7] 2010-04-16 . B24A4E23A2FEDB6976EB04D334AD82B2 . 634648 . . [7.00.6000.21256] . . c:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
[-] 2010-04-16 . D12CF430E3F01EE1E873AE1E7702C9D3 . 507160 . . [7.00.6000.21256] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2010-04-16 . D12CF430E3F01EE1E873AE1E7702C9D3 . 507160 . . [7.00.6000.21256] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2009-10-28 . 80675329E0FD54F016C4F8A83C616349 . 634632 . . [7.00.6000.21148] . . c:\windows\SoftwareDistribution\Download\2d21da1b434f63ab8c96a1d526689a8b\sp3qfe\iexplore.exe
[7] 2009-10-28 . 4F9B04D546C23A295F3F0AE015BE51DB . 634632 . . [7.00.6000.16945] . . c:\windows\SoftwareDistribution\Download\2d21da1b434f63ab8c96a1d526689a8b\sp3gdr\iexplore.exe
[-] 2008-03-29 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\ie7updates\KB982381-IE7\iexplore.exe
.
[7] 2010-02-17 . 4E8268B816B2D27E711A688D6FD0E319 . 2192128 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2010-02-17 . 4E8268B816B2D27E711A688D6FD0E319 . 2192128 . . [5.1.2600.5938] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[7] 2010-02-17 . 4E8268B816B2D27E711A688D6FD0E319 . 2192128 . . [5.1.2600.5938] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2010-02-17 . 0E24CEAE7F1E5E354A037987ED5AF01F . 2353280 . . [5.1.2600.5938] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2010-02-17 . 0E24CEAE7F1E5E354A037987ED5AF01F . 2353280 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-17 . 0E24CEAE7F1E5E354A037987ED5AF01F . 2353280 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-02-16 . 6B2312D847BA95F4E858CB4C3B5F51E1 . 2192256 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . F61EB18DA0AA630E2F8A944ED6BD3BF9 . 2191360 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP3GDR\ntoskrnl.exe
[-] 2009-08-04 . 3502DBBC657001D7A2A2768BD7DE1483 . 2191488 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . 90DFE2B714EDEF95891C979720E23B4F . 2188160 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP2QFE\ntoskrnl.exe
[-] 2009-08-04 . F46E90D50BA9D114D606C19D81ADB761 . 2182528 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP2GDR\ntoskrnl.exe
[7] 2009-02-10 . 97480EBFE1D4B547657BAD75AAAB1325 . 2191360 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-03-29 . D40B4F66D877802EC5E655B91B5490FA . 2184320 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speedfan"="c:\program files\SpeedFan" [X]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"EPSON Stylus C48 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE" [2005-05-17 99840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Reloader"="c:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe" [2010-07-04 325046]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2010-05-04 124928]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 2200 Series]
2004-02-13 13:05 57344 ----a-w- c:\program files\Lexmark 2200 Series\lxbvbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NiwradSoft Welcome]
2010-07-04 04:14 243442 ----a-w- c:\windows\NiwradSoft Shell Pack\Tools\NS Welcome.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"d:\\FM2011\\fm.exe"=
"d:\\skype\\Phone\\Skype.exe"=
"d:\\Casino\\ParadiseCasino\\casino.exe"=
"d:\\ICQ7.5\\ICQ.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.7.2010 17:11 691696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [19.7.2010 11:01 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [19.7.2010 11:01 8320]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel
IE: E&xportovat do aplikace Microsoft Office Excel
IE: WikiKomentáře Google...
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - d:\icq7.5\ICQ.exe
FF - ProfilePath - c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\spoohsnp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-23 15:33
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="4C622626F1F2B19B72D1D5488CE922D303E86B6F02DF722D8AD93F425278CD545E8F5472AFD144E6D405C87A3B4A73DA877648B2551153B62BDC1CABFB127E1DFAB545E338A11C2127A8A4481E064EF062EA36FD594F36CEF101DD0DCF728757DB4ABEC748C5299C955C2910B242680E50B00EE8EE983A30CB2195512E969223BE322CFAE259BE7F4E34B8C7BCD25F7D11AA4D1AB821E66A278AF8F5BD2F2DF4E4CA9DF1CDA8934303385DF6444433DCE62C14501FD02462FA01E18DE6A0CB969460C3B314B6C3B56A65C13992D34920997F28DB50C2BF4FBD384EBFD782C32497B8F6DA83384FF7C02AB6BF39F3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA6A0AC4980AC79338EDD5E5BE2F6E6677F61ADB35D744F15E5615D3931FAC8C0367E368DC37E2E62966E263EE53DB2008CCEABC07855BE8B26C605CFD405332F2367FB1C4D37AFD83FE438C5326776257FA4AA296E515B0E9813FC7B34F0BB77DE47A136B35297FA4A046258E736A512857788E9EE7B0809175D17E3F7E50B430CDE0B513AAC6D4FC14DB8558359474C32302EF1CC79721EDB1529246A218A72AEBF1F56C4B67E12131BD4152118A98C7C8B04A27E8806A3867B8ECD7C72EA962E50C9A15C76D9B31097D3E1844DDC3E3C1976D49DF675219AA6A5E341BD1E7657CBF905AD8454566CC3547711E5B582B23E7952EBA8B7D6FE0050DEF1FC5C0C5AC1A445898E05D1C3F1FB0A53E550AE0035815BCA1487347FC4F7AA69BA21874C14C01BE4D6C9B291C9743E786286C92C090822C0C5E05F4B078427A718A9C9A479C9B3D8B041B7B8C869AF5185FA11A09A8B4D795B0832F5AD6528D0497BEAC07D3FB0220751D3FDBC0B6BD38E92F52CA08C78C48982B9F6718D752C965B33607E2526A1D69FAF894C8FF21BCEF59B02A19133131719B8A9E0F34CA6DC56A3292F839E5C319A26EAEB2E3DE4AD145A37FAA47F7C5FDB234E5C92DB4F8A3AEDA1956594FA3B71C6926924B213249BBF465ED154BBD01CA3869B6749DB259BF6B60EDA7BCBAD1855D563B2B3AA41838C8ECEAC1E316F70165BA6772BA1C4D05B3A46F638BDD647496ECE1D91D5278434D1A7C8BADDD3320EB65CC68D9D96F4695EC152A16797FB4EF8722C91620C1C603693C07DE927004F69ECE1F0EFD966223ED688077F65F3C3F7EAADEDC23A09ECC693B3AD9EA8BB55A5E0D6C9DC62CA3DD3AFB7296549B4BDCFA7F1D48D9054E9717DC106ECAD0C4C048F377FCA9906A600CC853B19DF8782CB6C4D68FA00C41C88F91035E69B5A16FEA71BEDC67BC67908FE97E7BDDCF58D965098BE6A10E77D440449DEC16ED548F62B9D668118F88A146E9BCB1F82D290C24130615CDA8EB8BBEE"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\SETUPAPI.dll
.
- - - - - - - > 'explorer.exe'(3696)
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\MSVCP71.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\SpeedFan\speedfan.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-05-23 15:40:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-23 13:39
ComboFix2.txt 2011-05-16 20:19
.
Před spuštěním: Volných bajtů: 11 572 006 912
Po spuštění: Volných bajtů: 11 551 969 280
.
- - End Of File - - E54BD7ADFA94CF37114BB509517D16B5
Diky za odpoved
Logfile of random's system information tool 1.08 (written by random/random)
Run by Marek at 2011-05-23 16:35:56
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (37%) free of 30 GB
Total RAM: 511 MB (18% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:36:18, on 23.5.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21256)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Marek\Plocha\RSIT.exe
C:\Program Files\trend micro\Marek.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /O6 "USB001" /M "Stylus C48"
O4 - HKLM\..\Run: [Speedfan] C:\Program Files\SpeedFan/speedfan.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Reloader] C:\WINDOWS\NiwradSoft Shell Pack\Tools\Reloader.exe /S
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\WORD\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra button: Unibet - {BC3F8E6D-44CF-4B7D-BB80-84CBEA6B350C} - C:\Microgaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (Q) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5311 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-11-09 180224]
"EPSON Stylus C48 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE [2005-05-17 99840]
"Speedfan"=C:\Program Files\SpeedFan/speedfan.exe [2011-03-17 4523928]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-10-29 4620288]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-10-29 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"Reloader"=C:\WINDOWS\NiwradSoft Shell Pack\Tools\Reloader.exe [2010-07-04 325046]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 2200 Series]
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe [2004-02-13 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NiwradSoft Welcome]
C:\WINDOWS\NiwradSoft Shell Pack\Tools\NS Welcome.exe [2010-07-04 243442]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 265728]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe"="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"D:\FM2011\fm.exe"="D:\FM2011\fm.exe:*:Enabled:Football Manager 2011"
"D:\skype\Phone\Skype.exe"="D:\skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Casino\ParadiseCasino\casino.exe"="D:\Casino\ParadiseCasino\casino.exe:*:Enabled:casino"
"D:\ICQ7.5\ICQ.exe"="D:\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\ICQ7.5\ICQ.exe"="D:\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
======List of files/folders created in the last 1 months======
2011-05-23 16:36:01 ----D---- C:\Program Files\trend micro
2011-05-23 16:35:56 ----D---- C:\rsit
2011-05-23 15:40:09 ----SHD---- C:\RECYCLER
2011-05-23 15:40:04 ----D---- C:\WINDOWS\temp
2011-05-23 15:40:01 ----A---- C:\ComboFix.txt
2011-05-16 22:14:15 ----D---- C:\WINDOWS\Prefetch
2011-05-16 21:55:29 ----A---- C:\WINDOWS\zip.exe
2011-05-16 21:55:29 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-05-16 21:55:29 ----A---- C:\WINDOWS\SWSC.exe
2011-05-16 21:55:29 ----A---- C:\WINDOWS\SWREG.exe
2011-05-16 21:55:29 ----A---- C:\WINDOWS\sed.exe
2011-05-16 21:55:29 ----A---- C:\WINDOWS\PEV.exe
2011-05-16 21:55:29 ----A---- C:\WINDOWS\NIRCMD.exe
2011-05-16 21:55:29 ----A---- C:\WINDOWS\MBR.exe
2011-05-16 21:55:29 ----A---- C:\WINDOWS\grep.exe
2011-05-16 21:55:08 ----D---- C:\Qoobox
2011-05-07 21:08:28 ----D---- C:\Program Files\ICQ6Toolbar
2011-04-28 23:08:28 ----D---- C:\Program Files\Defraggler
2011-04-27 09:56:29 ----D---- C:\Documents and Settings\Marek\Data aplikací\Uniblue
2011-04-27 00:27:13 ----ASH---- C:\hiberfil.sys
2011-04-27 00:25:29 ----A---- C:\WINDOWS\system32\nvwrszht.dll
2011-04-27 00:25:29 ----A---- C:\WINDOWS\system32\nvwrszhc.dll
2011-04-27 00:25:29 ----A---- C:\WINDOWS\system32\nvrszht.dll
2011-04-27 00:25:29 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2011-04-27 00:25:28 ----A---- C:\WINDOWS\system32\nvwrstr.dll
2011-04-27 00:25:28 ----A---- C:\WINDOWS\system32\nvwrssv.dll
2011-04-27 00:25:28 ----A---- C:\WINDOWS\system32\nvwrssl.dll
2011-04-27 00:25:28 ----A---- C:\WINDOWS\system32\nvrstr.dll
2011-04-27 00:25:28 ----A---- C:\WINDOWS\system32\nvrssv.dll
2011-04-27 00:25:27 ----A---- C:\WINDOWS\system32\nvwrssk.dll
2011-04-27 00:25:27 ----A---- C:\WINDOWS\system32\nvwrsru.dll
2011-04-27 00:25:27 ----A---- C:\WINDOWS\system32\nvwrsptb.dll
2011-04-27 00:25:27 ----A---- C:\WINDOWS\system32\nvrssl.dll
2011-04-27 00:25:27 ----A---- C:\WINDOWS\system32\nvrssk.dll
2011-04-27 00:25:27 ----A---- C:\WINDOWS\system32\nvrsru.dll
2011-04-27 00:25:27 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2011-04-27 00:25:26 ----A---- C:\WINDOWS\system32\nvwrspt.dll
2011-04-27 00:25:26 ----A---- C:\WINDOWS\system32\nvwrspl.dll
2011-04-27 00:25:26 ----A---- C:\WINDOWS\system32\nvwrsno.dll
2011-04-27 00:25:26 ----A---- C:\WINDOWS\system32\nvrspt.dll
2011-04-27 00:25:26 ----A---- C:\WINDOWS\system32\nvrspl.dll
2011-04-27 00:25:26 ----A---- C:\WINDOWS\system32\nvrsno.dll
2011-04-27 00:25:25 ----A---- C:\WINDOWS\system32\nvwrsnl.dll
2011-04-27 00:25:25 ----A---- C:\WINDOWS\system32\nvwrsko.dll
2011-04-27 00:25:25 ----A---- C:\WINDOWS\system32\nvwrsja.dll
2011-04-27 00:25:25 ----A---- C:\WINDOWS\system32\nvwrsit.dll
2011-04-27 00:25:25 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2011-04-27 00:25:25 ----A---- C:\WINDOWS\system32\nvrsko.dll
2011-04-27 00:25:25 ----A---- C:\WINDOWS\system32\nvrsja.dll
2011-04-27 00:25:24 ----A---- C:\WINDOWS\system32\nvwrshu.dll
2011-04-27 00:25:24 ----A---- C:\WINDOWS\system32\nvwrshe.dll
2011-04-27 00:25:24 ----A---- C:\WINDOWS\system32\nvwrsfr.dll
2011-04-27 00:25:24 ----A---- C:\WINDOWS\system32\nvrsit.dll
2011-04-27 00:25:24 ----A---- C:\WINDOWS\system32\nvrshu.dll
2011-04-27 00:25:24 ----A---- C:\WINDOWS\system32\nvrshe.dll
2011-04-27 00:25:24 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2011-04-27 00:25:23 ----A---- C:\WINDOWS\system32\nvwrsfi.dll
2011-04-27 00:25:23 ----A---- C:\WINDOWS\system32\nvwrsesm.dll
2011-04-27 00:25:23 ----A---- C:\WINDOWS\system32\nvwrses.dll
2011-04-27 00:25:23 ----A---- C:\WINDOWS\system32\nvwrseng.dll
2011-04-27 00:25:23 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2011-04-27 00:25:23 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2011-04-27 00:25:23 ----A---- C:\WINDOWS\system32\nvrses.dll
2011-04-27 00:25:22 ----A---- C:\WINDOWS\system32\nvwrsel.dll
2011-04-27 00:25:22 ----A---- C:\WINDOWS\system32\nvwrsde.dll
2011-04-27 00:25:22 ----A---- C:\WINDOWS\system32\nvwrsda.dll
2011-04-27 00:25:22 ----A---- C:\WINDOWS\system32\nvrseng.dll
2011-04-27 00:25:22 ----A---- C:\WINDOWS\system32\nvrsel.dll
2011-04-27 00:25:22 ----A---- C:\WINDOWS\system32\nvrsde.dll
2011-04-27 00:25:22 ----A---- C:\WINDOWS\system32\nvrsda.dll
2011-04-27 00:25:21 ----A---- C:\WINDOWS\system32\nwiz.exe
2011-04-27 00:25:21 ----A---- C:\WINDOWS\system32\nvwrscs.dll
2011-04-27 00:25:21 ----A---- C:\WINDOWS\system32\nvwrsar.dll
2011-04-27 00:25:21 ----A---- C:\WINDOWS\system32\nvrscs.dll
2011-04-27 00:25:21 ----A---- C:\WINDOWS\system32\nvrsar.dll
2011-04-27 00:25:20 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2011-04-27 00:25:20 ----A---- C:\WINDOWS\system32\nvshell.dll
2011-04-27 00:25:20 ----A---- C:\WINDOWS\system32\nview.dll
2011-04-27 00:25:19 ----A---- C:\WINDOWS\system32\nvudisp.exe
2011-04-27 00:25:19 ----A---- C:\WINDOWS\system32\nvappbar.exe
2011-04-27 00:25:19 ----A---- C:\WINDOWS\system32\keystone.exe
2011-04-27 00:15:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2011-04-27 00:09:41 ----A---- C:\WINDOWS\system32\nvwimg.dll
2011-04-27 00:09:41 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2011-04-27 00:09:04 ----A---- C:\WINDOWS\iun6002.exe
2011-04-27 00:08:41 ----D---- C:\Program Files\Nvidia Omega Drivers
2011-04-26 14:08:28 ----A---- C:\WINDOWS\system32\midimap.dll.niwrad
2011-04-26 14:07:25 ----A---- C:\WINDOWS\system32\uxtheme.dll.backup
2011-04-26 14:07:03 ----HD---- C:\WINDOWS\NiwradSoft Shell Pack
2011-04-26 14:01:13 ----A---- C:\WINDOWS\esellerateEngine.dll
======List of files/folders modified in the last 1 months======
2011-05-23 16:36:01 ----RD---- C:\Program Files
2011-05-23 15:40:05 ----D---- C:\WINDOWS\system32\drivers
2011-05-23 15:40:04 ----D---- C:\WINDOWS
2011-05-23 15:39:04 ----SD---- C:\WINDOWS\Tasks
2011-05-23 15:36:39 ----D---- C:\WINDOWS\system32\CatRoot2
2011-05-23 15:33:35 ----D---- C:\WINDOWS\system32
2011-05-23 15:33:35 ----A---- C:\WINDOWS\system.ini
2011-05-23 15:33:23 ----D---- C:\Program Files\SpeedFan
2011-05-23 15:33:20 ----D---- C:\WINDOWS\ERDNT
2011-05-23 15:33:14 ----D---- C:\WINDOWS\system32\drivers\etc
2011-05-23 15:28:03 ----D---- C:\WINDOWS\AppPatch
2011-05-23 15:28:00 ----D---- C:\Program Files\Common Files
2011-05-23 15:18:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-05-23 15:09:23 ----D---- C:\Documents and Settings\Marek\Data aplikací\ICQ
2011-05-16 22:50:25 ----D---- C:\Program Files\CCleaner
2011-05-16 22:11:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-05-16 21:44:33 ----D---- C:\Program Files\Mozilla Firefox
2011-05-15 21:33:49 ----RD---- C:\WINDOWS\Web
2011-05-15 21:31:03 ----A---- C:\WINDOWS\ODBCINST.INI
2011-05-15 21:28:45 ----D---- C:\WINDOWS\system32\CatRoot
2011-05-15 21:26:38 ----D---- C:\WINDOWS\system32\ias
2011-05-15 21:24:12 ----SHD---- C:\WINDOWS\Installer
2011-05-15 21:22:27 ----SD---- C:\Documents and Settings\Marek\Data aplikací\Microsoft
2011-05-14 12:57:28 ----A---- C:\WINDOWS\NeroDigital.ini
2011-05-10 12:02:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-05-08 00:12:41 ----D---- C:\Documents and Settings\Marek\Data aplikací\Skype
2011-05-08 00:10:22 ----D---- C:\Documents and Settings\Marek\Data aplikací\skypePM
2011-05-07 21:08:20 ----HD---- C:\Program Files\InstallShield Installation Information
2011-05-07 21:08:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2011-04-27 10:16:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2011-04-27 10:06:51 ----D---- C:\WINDOWS\system32\config
2011-04-27 00:27:08 ----D---- C:\WINDOWS\Help
2011-04-27 00:27:07 ----D---- C:\WINDOWS\nview
2011-04-27 00:25:04 ----HD---- C:\WINDOWS\inf
2011-04-27 00:18:44 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-04-26 23:46:20 ----SHD---- C:\System Volume Information
2011-04-26 23:46:20 ----D---- C:\WINDOWS\system32\Restore
2011-04-26 14:12:28 ----D---- C:\Program Files\Windows Media Player
2011-04-26 14:12:28 ----D---- C:\Program Files\Outlook Express
2011-04-26 14:12:28 ----D---- C:\Program Files\Common Files\System
2011-04-26 14:12:27 ----D---- C:\WINDOWS\system32\usmt
2011-04-26 14:12:27 ----D---- C:\WINDOWS\srchasst
2011-04-26 14:12:27 ----D---- C:\Program Files\Windows NT
2011-04-26 14:12:27 ----D---- C:\Program Files\Internet Explorer
2011-04-26 14:10:40 ----RSD---- C:\WINDOWS\Fonts
2011-04-26 14:07:25 ----A---- C:\WINDOWS\system32\uxtheme.dll
2011-04-26 13:57:18 ----D---- C:\WINDOWS\system32\DirectX
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-11-14 43528]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2010-12-18 21696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-07-25 691696]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R0 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2004-03-29 73600]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-11-09 59388]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-03-29 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-10-29 2826944]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 CrystalSysInfo;CrystalSysInfo; C:\WINDOWS\system32\drivers\CrystalSysInfo.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\Marek\LOCALS~1\Temp\mbr.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-05-23 29696]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-01-14 311296]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NVSvc;NVIDIA Display Driver Service (Omega 1.6693) (Q); C:\WINDOWS\system32\nvsvc32.exe [2004-10-29 127043]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2011-03-01 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-10-20 630272]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-11 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
COMBOFIX:
ComboFix 11-05-22.01 - Marek 23.05.2011 15:20:30.15.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.317 [GMT 2:00]
Spuštěný z: c:\documents and settings\Marek\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Marek\LOCALS~1\Temp\sfamcc00001.dll
c:\docume~1\Marek\LOCALS~1\Temp\sfareca00001.dll
c:\documents and settings\Marek\Local Settings\temp\sfamcc00001.dll
c:\documents and settings\Marek\Local Settings\temp\sfareca00001.dll
.
Nakažená kopie c:\windows\system32\midimap.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\midimap.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-23 do 2011-05-23 )))))))))))))))))))))))))))))))
.
.
2011-05-16 21:11 . 2011-05-16 21:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-07 19:08 . 2011-05-07 19:08 -------- d-----w- c:\program files\ICQ6Toolbar
2011-04-28 21:08 . 2011-04-28 21:08 -------- d-----w- c:\program files\Defraggler
2011-04-27 07:56 . 2011-04-27 07:56 -------- d-----w- c:\documents and settings\Marek\Data aplikací\Uniblue
2011-04-27 07:55 . 2011-04-27 07:55 -------- d-----w- c:\documents and settings\Marek\Local Settings\Data aplikací\PackageAware
2011-04-26 22:15 . 2011-04-26 22:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\nView_Profiles
2011-04-26 22:09 . 2004-10-29 20:50 1339392 ----a-w- c:\windows\system32\nvdspsch.exe
2011-04-26 22:09 . 2004-10-29 20:50 1019904 ----a-w- c:\windows\system32\nvwimg.dll
2011-04-26 22:09 . 2011-04-26 22:08 737280 ----a-w- c:\windows\iun6002.exe
2011-04-26 22:08 . 2011-04-26 22:08 -------- d-----w- c:\program files\Nvidia Omega Drivers
2011-04-26 12:08 . 2008-04-14 07:51 42496 ----a-w- c:\windows\system32\midimap.dll.niwrad
2011-04-26 12:07 . 2008-04-14 07:52 219648 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-04-26 12:07 . 2011-05-23 13:33 -------- d--h--w- c:\windows\NiwradSoft Shell Pack
2011-04-26 12:01 . 2002-12-21 17:04 327680 ----a-w- c:\windows\esellerateEngine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-26 12:07 . 2004-08-17 13:49 219648 ----a-w- c:\windows\system32\uxtheme.dll
2011-04-30 19:23 . 2011-04-03 08:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-08-31 13:25 . 2005-08-09 00:18 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.
.
------- Sigcheck -------
.
[7] 2008-04-14 07:51 . E7B375DFFB68A16659CA66474A280C47 . 806912 . . [2001.12.4414.700] . . c:\windows\ERDNT\cache\comres.dll
[7] 2008-04-14 07:51 . E7B375DFFB68A16659CA66474A280C47 . 806912 . . [2001.12.4414.700] . . c:\windows\NiwradSoft Shell Pack\Backup\comres.dll
[-] 2008-04-14 07:51 . 9BBABCB691B887769048255FA7047C05 . 1508864 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 07:51 . 9BBABCB691B887769048255FA7047C05 . 1508864 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-04-14 07:51 . 9BBABCB691B887769048255FA7047C05 . 1508864 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
[7] 2004-08-17 13:49 . B44F68274AB7B8A54E9AD74AFF0EFAAC . 806912 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
[7] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[7] 2008-04-14 . 4F993463DC5F3F80D77A3D34D7BFBFED . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[7] 2008-04-14 . 4F993463DC5F3F80D77A3D34D7BFBFED . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2008-04-14 . D7B7AE36A2EBA312AC4B53862019B3F5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-03-29 . E26B26189B786E6B092F002041D5A1E2 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . 6CB1BAC5FA7E692B63C3D5AAA348E76A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[7] 2010-05-04 . A85A3A10CA88BD7861D1859183559ED5 . 3603456 . . [7.00.6000.21264] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtml.dll
[7] 2010-05-04 . A85A3A10CA88BD7861D1859183559ED5 . 3603456 . . [7.00.6000.21264] . . c:\windows\ERDNT\cache\mshtml.dll
[7] 2010-05-04 . A85A3A10CA88BD7861D1859183559ED5 . 3603456 . . [7.00.6000.21264] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2010-05-04 . 9CE04362C2CAC43BD00423381DCCD0AB . 3763712 . . [7.00.6000.21264] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2010-05-04 . 9CE04362C2CAC43BD00423381DCCD0AB . 3763712 . . [7.00.6000.21264] . . c:\windows\system32\mshtml.dll
[-] 2010-05-04 . 9CE04362C2CAC43BD00423381DCCD0AB . 3763712 . . [7.00.6000.21264] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-10-29 . EC37726162FF477D0E38111CD11C3000 . 3598336 . . [7.00.6000.16945] . . c:\windows\SoftwareDistribution\Download\2d21da1b434f63ab8c96a1d526689a8b\sp3gdr\mshtml.dll
[-] 2009-10-29 . C4C38495BA7AFC2C1752501A6875B323 . 3602432 . . [7.00.6000.21148] . . c:\windows\SoftwareDistribution\Download\2d21da1b434f63ab8c96a1d526689a8b\sp3qfe\mshtml.dll
[-] 2008-03-29 . DBDDA1D78F879B4562DF99805490FC97 . 3593216 . . [7.00.6000.20733] . . c:\windows\ie7updates\KB982381-IE7\mshtml.dll
.
[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
[-] 2008-03-29 . 5393076FDCD6DAEB82814688DDE3E9A2 . 578048 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
[7] 2010-05-04 . 3D4713D326A245AAE068E7148C08AA77 . 841216 . . [7.00.6000.21256] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\wininet.dll
[7] 2010-05-04 . 3D4713D326A245AAE068E7148C08AA77 . 841216 . . [7.00.6000.21256] . . c:\windows\ERDNT\cache\wininet.dll
[7] 2010-05-04 . 3D4713D326A245AAE068E7148C08AA77 . 841216 . . [7.00.6000.21256] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2010-05-04 . E1F28C81C1C554E48768B5C5808CD625 . 907776 . . [7.00.6000.21256] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2010-05-04 . E1F28C81C1C554E48768B5C5808CD625 . 907776 . . [7.00.6000.21256] . . c:\windows\system32\wininet.dll
[-] 2010-05-04 . E1F28C81C1C554E48768B5C5808CD625 . 907776 . . [7.00.6000.21256] . . c:\windows\system32\dllcache\wininet.dll
[-] 2009-10-29 . 33D6B94981C3FB88F27CFBBE72B59122 . 832512 . . [7.00.6000.16945] . . c:\windows\SoftwareDistribution\Download\2d21da1b434f63ab8c96a1d526689a8b\sp3gdr\wininet.dll
[-] 2009-10-29 . 7CD98B487F578D12281B163E2FEF7487 . 841216 . . [7.00.6000.21148] . . c:\windows\SoftwareDistribution\Download\2d21da1b434f63ab8c96a1d526689a8b\sp3qfe\wininet.dll
[-] 2008-03-29 . 32CC73F851F377B035A5B8216CAC63CE . 825344 . . [7.00.6000.20733] . . c:\windows\ie7updates\KB982381-IE7\wininet.dll
.
[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
[7] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 6915639F41228891A883B2DA59AA7429 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . FDEB1D02CAE38665CBF114F44E6B997E . 147968 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\regedit.exe
[-] 2008-04-14 . 6915639F41228891A883B2DA59AA7429 . 277504 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2008-04-14 . 6915639F41228891A883B2DA59AA7429 . 277504 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
[7] 2004-08-17 . CB5A91928D94224E7E30EE277B45E8A3 . 147968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[7] 2008-04-14 . 21F836AAB269FF644E0E708B794B0DF7 . 1287168 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ole32.dll
[7] 2008-04-14 . 21F836AAB269FF644E0E708B794B0DF7 . 1287168 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ole32.dll
[-] 2008-04-14 . 79E4E0BCF353CA222DCCA7DD396F15A9 . 1312256 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 . 79E4E0BCF353CA222DCCA7DD396F15A9 . 1312256 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[-] 2008-04-14 . 79E4E0BCF353CA222DCCA7DD396F15A9 . 1312256 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ole32.dll
[-] 2008-03-29 . 93AC0C1189CB7C34910CD00748A23E3A . 1285632 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
.
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
[7] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[7] 2008-04-14 . ED18ADEE4AA21EB26977260152D7241A . 345088 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\hnetcfg.dll
[7] 2008-04-14 . ED18ADEE4AA21EB26977260152D7241A . 345088 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\hnetcfg.dll
[-] 2008-04-14 . FDE84E2C6D0E1F75D61D7CC111A1DA5A . 369152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . FDE84E2C6D0E1F75D61D7CC111A1DA5A . 369152 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2008-04-14 . FDE84E2C6D0E1F75D61D7CC111A1DA5A . 369152 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
[7] 2004-08-17 . FAABA83BE47C5B15F620FAA53267A9B8 . 345088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[7] 2010-02-16 . 6C31566C176BC28C7D73BC6332642A58 . 2068992 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2010-02-16 . 6C31566C176BC28C7D73BC6332642A58 . 2068992 . . [5.1.2600.5938] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[7] 2010-02-16 . 6C31566C176BC28C7D73BC6332642A58 . 2068992 . . [5.1.2600.5938] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2010-02-16 . B48BBDD536DC063C06981048C9157674 . 2230144 . . [5.1.2600.5938] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2010-02-16 . B48BBDD536DC063C06981048C9157674 . 2230144 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . B48BBDD536DC063C06981048C9157674 . 2230144 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2010-02-16 . DCC3D91A3DEDBBA9ECFFA6028D872CF5 . 2069120 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 97815C93200676C727CE951AE5C78137 . 2068352 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 182A95C233C9C254FEE7F047E6CA73D1 . 2068224 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . 90E58FFA70A7951899BBF5551A9D246A . 2065152 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 809D2CA366FBA705B143D1EA84A3BC1A . 2059904 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP2GDR\ntkrnlpa.exe
[7] 2009-02-09 . FF8A3F180A224AA27EBAB937CA027F4D . 2068352 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-03-29 . A873FF1754E2A81CB1A34588CAB363D6 . 2061568 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
[7] 2010-04-16 . B24A4E23A2FEDB6976EB04D334AD82B2 . 634648 . . [7.00.6000.21256] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe
[7] 2010-04-16 . B24A4E23A2FEDB6976EB04D334AD82B2 . 634648 . . [7.00.6000.21256] . . c:\windows\ERDNT\cache\iexplore.exe
[7] 2010-04-16 . B24A4E23A2FEDB6976EB04D334AD82B2 . 634648 . . [7.00.6000.21256] . . c:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
[-] 2010-04-16 . D12CF430E3F01EE1E873AE1E7702C9D3 . 507160 . . [7.00.6000.21256] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2010-04-16 . D12CF430E3F01EE1E873AE1E7702C9D3 . 507160 . . [7.00.6000.21256] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2009-10-28 . 80675329E0FD54F016C4F8A83C616349 . 634632 . . [7.00.6000.21148] . . c:\windows\SoftwareDistribution\Download\2d21da1b434f63ab8c96a1d526689a8b\sp3qfe\iexplore.exe
[7] 2009-10-28 . 4F9B04D546C23A295F3F0AE015BE51DB . 634632 . . [7.00.6000.16945] . . c:\windows\SoftwareDistribution\Download\2d21da1b434f63ab8c96a1d526689a8b\sp3gdr\iexplore.exe
[-] 2008-03-29 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\ie7updates\KB982381-IE7\iexplore.exe
.
[7] 2010-02-17 . 4E8268B816B2D27E711A688D6FD0E319 . 2192128 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2010-02-17 . 4E8268B816B2D27E711A688D6FD0E319 . 2192128 . . [5.1.2600.5938] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[7] 2010-02-17 . 4E8268B816B2D27E711A688D6FD0E319 . 2192128 . . [5.1.2600.5938] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2010-02-17 . 0E24CEAE7F1E5E354A037987ED5AF01F . 2353280 . . [5.1.2600.5938] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2010-02-17 . 0E24CEAE7F1E5E354A037987ED5AF01F . 2353280 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-17 . 0E24CEAE7F1E5E354A037987ED5AF01F . 2353280 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-02-16 . 6B2312D847BA95F4E858CB4C3B5F51E1 . 2192256 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . F61EB18DA0AA630E2F8A944ED6BD3BF9 . 2191360 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP3GDR\ntoskrnl.exe
[-] 2009-08-04 . 3502DBBC657001D7A2A2768BD7DE1483 . 2191488 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . 90DFE2B714EDEF95891C979720E23B4F . 2188160 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP2QFE\ntoskrnl.exe
[-] 2009-08-04 . F46E90D50BA9D114D606C19D81ADB761 . 2182528 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\fd1bc4b90d8186dfe936ba7e1aed3d74\SP2GDR\ntoskrnl.exe
[7] 2009-02-10 . 97480EBFE1D4B547657BAD75AAAB1325 . 2191360 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-03-29 . D40B4F66D877802EC5E655B91B5490FA . 2184320 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speedfan"="c:\program files\SpeedFan" [X]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"EPSON Stylus C48 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE" [2005-05-17 99840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Reloader"="c:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe" [2010-07-04 325046]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2010-05-04 124928]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 2200 Series]
2004-02-13 13:05 57344 ----a-w- c:\program files\Lexmark 2200 Series\lxbvbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NiwradSoft Welcome]
2010-07-04 04:14 243442 ----a-w- c:\windows\NiwradSoft Shell Pack\Tools\NS Welcome.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"d:\\FM2011\\fm.exe"=
"d:\\skype\\Phone\\Skype.exe"=
"d:\\Casino\\ParadiseCasino\\casino.exe"=
"d:\\ICQ7.5\\ICQ.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.7.2010 17:11 691696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [19.7.2010 11:01 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [19.7.2010 11:01 8320]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel
IE: E&xportovat do aplikace Microsoft Office Excel
IE: WikiKomentáře Google...
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - d:\icq7.5\ICQ.exe
FF - ProfilePath - c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\spoohsnp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-23 15:33
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="4C622626F1F2B19B72D1D5488CE922D303E86B6F02DF722D8AD93F425278CD545E8F5472AFD144E6D405C87A3B4A73DA877648B2551153B62BDC1CABFB127E1DFAB545E338A11C2127A8A4481E064EF062EA36FD594F36CEF101DD0DCF728757DB4ABEC748C5299C955C2910B242680E50B00EE8EE983A30CB2195512E969223BE322CFAE259BE7F4E34B8C7BCD25F7D11AA4D1AB821E66A278AF8F5BD2F2DF4E4CA9DF1CDA8934303385DF6444433DCE62C14501FD02462FA01E18DE6A0CB969460C3B314B6C3B56A65C13992D34920997F28DB50C2BF4FBD384EBFD782C32497B8F6DA83384FF7C02AB6BF39F3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA6A0AC4980AC79338EDD5E5BE2F6E6677F61ADB35D744F15E5615D3931FAC8C0367E368DC37E2E62966E263EE53DB2008CCEABC07855BE8B26C605CFD405332F2367FB1C4D37AFD83FE438C5326776257FA4AA296E515B0E9813FC7B34F0BB77DE47A136B35297FA4A046258E736A512857788E9EE7B0809175D17E3F7E50B430CDE0B513AAC6D4FC14DB8558359474C32302EF1CC79721EDB1529246A218A72AEBF1F56C4B67E12131BD4152118A98C7C8B04A27E8806A3867B8ECD7C72EA962E50C9A15C76D9B31097D3E1844DDC3E3C1976D49DF675219AA6A5E341BD1E7657CBF905AD8454566CC3547711E5B582B23E7952EBA8B7D6FE0050DEF1FC5C0C5AC1A445898E05D1C3F1FB0A53E550AE0035815BCA1487347FC4F7AA69BA21874C14C01BE4D6C9B291C9743E786286C92C090822C0C5E05F4B078427A718A9C9A479C9B3D8B041B7B8C869AF5185FA11A09A8B4D795B0832F5AD6528D0497BEAC07D3FB0220751D3FDBC0B6BD38E92F52CA08C78C48982B9F6718D752C965B33607E2526A1D69FAF894C8FF21BCEF59B02A19133131719B8A9E0F34CA6DC56A3292F839E5C319A26EAEB2E3DE4AD145A37FAA47F7C5FDB234E5C92DB4F8A3AEDA1956594FA3B71C6926924B213249BBF465ED154BBD01CA3869B6749DB259BF6B60EDA7BCBAD1855D563B2B3AA41838C8ECEAC1E316F70165BA6772BA1C4D05B3A46F638BDD647496ECE1D91D5278434D1A7C8BADDD3320EB65CC68D9D96F4695EC152A16797FB4EF8722C91620C1C603693C07DE927004F69ECE1F0EFD966223ED688077F65F3C3F7EAADEDC23A09ECC693B3AD9EA8BB55A5E0D6C9DC62CA3DD3AFB7296549B4BDCFA7F1D48D9054E9717DC106ECAD0C4C048F377FCA9906A600CC853B19DF8782CB6C4D68FA00C41C88F91035E69B5A16FEA71BEDC67BC67908FE97E7BDDCF58D965098BE6A10E77D440449DEC16ED548F62B9D668118F88A146E9BCB1F82D290C24130615CDA8EB8BBEE"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\SETUPAPI.dll
.
- - - - - - - > 'explorer.exe'(3696)
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\MSVCP71.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\SpeedFan\speedfan.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-05-23 15:40:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-23 13:39
ComboFix2.txt 2011-05-16 20:19
.
Před spuštěním: Volných bajtů: 11 572 006 912
Po spuštění: Volných bajtů: 11 551 969 280
.
- - End Of File - - E54BD7ADFA94CF37114BB509517D16B5
Diky za odpoved