VIRY.CZ

Zdravim, pri spusteni ComboFix mi vypisuje, ze se na MBR nachazi vir, diky.

Prikladam LOG:

ComboFix 12-08-28.01 - Radim 28.08.2012 15:42:59.3.1 - x86
Spuštěný z: c:\documents and settings\Radim\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive5 - Bootkit Sinowal was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive5 - Bootkit Sinowal was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-28 do 2012-08-28 )))))))))))))))))))))))))))))))
.
.
2012-08-27 16:22 . 2012-08-27 16:22 -------- d-----w- c:\program files\CCleaner
2012-08-27 16:07 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EB3E555F-F58A-4A58-A4BB-14E72E0FE932}\mpengine.dll
2012-08-27 16:03 . 2012-08-27 17:33 -------- d-----w- c:\windows\SxsCaPendDel
2012-08-27 16:01 . 2012-08-27 16:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-27 16:01 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-25 12:53 . 2012-08-25 12:52 31232 ----a-w- c:\documents and settings\Radim\Data aplikací\dllexp.dll
2012-08-25 11:39 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-21 06:22 . 2012-08-21 06:22 -------- d-----w- c:\documents and settings\Radim\Local Settings\Data aplikací\Unity
2012-08-10 12:52 . 2012-08-10 12:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 14:08 . 2012-04-17 05:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 14:08 . 2011-05-17 04:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2004-08-18 04:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2004-08-18 04:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2004-08-18 04:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2004-08-18 04:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2004-08-18 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2004-08-18 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-18 04:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:49 . 2009-02-11 09:55 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2004-08-18 04:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-18 04:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-10-16 13:08 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2004-08-18 04:00 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2004-08-18 04:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2004-08-18 04:00 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-10-16 13:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-10-16 13:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2004-08-18 04:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2004-08-18 04:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2004-08-18 04:00 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-08-18 04:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2004-08-18 04:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2010-03-21 18:04 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-03-21 18:04 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2009-08-06 18:23 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-18 04:00 602112 ----a-w- c:\windows\system32\crypt32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Chyba šifrovací služby !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files\Seznam.cz\toolbar\toolbar.dll" [2010-10-07 187672]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34AB3C4C-DA1A-4067-96F4-31452C7CFE65}"= "c:\program files\Seznam.cz\listicka.dll" [2010-10-07 1961240]
.
[HKEY_CLASSES_ROOT\clsid\{34ab3c4c-da1a-4067-96f4-31452c7cfe65}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-03-02 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-03-29 61440]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2004-01-28 184320]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2004-10-11 245760]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-03-03 77824]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4StoryPrePatch]
2011-11-28 15:43 327680 -c--a-w- d:\hry\4Story\PrePatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dllexp]
2012-08-25 12:52 31232 ----a-w- c:\documents and settings\Radim\Data aplikací\dllexp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\preload]
2004-04-20 15:49 40960 ----a-w- c:\windows\RUNXMLPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"d:\\Hry\\Metin2\\metin2client.bin"=
"d:\\Hry\\Metin2\\metin2.bin"=
"d:\\Hry\\Counter-Strike 1.8\\cstrike.exe"=
"d:\\Hry\\Valve\\hl.exe"=
"d:\\Hry\\Age of Empires II\\empires2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Hry\\Metin2\\metin2.exe"=
"d:\\Games\\Heroes of Might and Magic V\\bin\\H5_Game.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 m0ygu0ay.sys;m0ygu0ay.sys;c:\windows\system32\drivers\m0ygu0ay.sys [x]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 14:08]
.
2012-08-28 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-28 15:53
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3372)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLTRAY.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\acer\eManager\anbmServ.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Celkový čas: 2012-08-28 15:54:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-28 13:53
ComboFix2.txt 2012-08-28 13:36
ComboFix3.txt 2012-08-27 15:46
.
Před spuštěním: Volných bajtů: 24 854 790 144
Po spuštění: Volných bajtů: 24 862 040 064
.
- - End Of File - - 394FBE1FA791B760E8B002DE9401BF93

Diky za vysvetleni CF, omlouvam se...

Log ComboFix2:

ComboFix 12-08-28.01 - Radim 28.08.2012 15:24:50.2.1 - x86
Spuštěný z: c:\documents and settings\Radim\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-28 do 2012-08-28 )))))))))))))))))))))))))))))))
.
.
2012-08-27 16:22 . 2012-08-27 16:22 -------- d-----w- c:\program files\CCleaner
2012-08-27 16:07 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EB3E555F-F58A-4A58-A4BB-14E72E0FE932}\mpengine.dll
2012-08-27 16:03 . 2012-08-27 17:33 -------- d-----w- c:\windows\SxsCaPendDel
2012-08-27 16:01 . 2012-08-27 16:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-27 16:01 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-25 12:53 . 2012-08-25 12:52 31232 ----a-w- c:\documents and settings\Radim\Data aplikací\dllexp.dll
2012-08-25 11:39 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-21 06:22 . 2012-08-21 06:22 -------- d-----w- c:\documents and settings\Radim\Local Settings\Data aplikací\Unity
2012-08-10 12:52 . 2012-08-10 12:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 14:08 . 2012-04-17 05:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 14:08 . 2011-05-17 04:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2004-08-18 04:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2004-08-18 04:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2004-08-18 04:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2004-08-18 04:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2004-08-18 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2004-08-18 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-18 04:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:49 . 2009-02-11 09:55 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2004-08-18 04:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-18 04:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-10-16 13:08 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2004-08-18 04:00 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2004-08-18 04:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2004-08-18 04:00 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-10-16 13:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-10-16 13:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2004-08-18 04:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2004-08-18 04:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2004-08-18 04:00 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-08-18 04:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2004-08-18 04:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2010-03-21 18:04 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-03-21 18:04 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2009-08-06 18:23 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-18 04:00 602112 ----a-w- c:\windows\system32\crypt32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Chyba šifrovací služby !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files\Seznam.cz\toolbar\toolbar.dll" [2010-10-07 187672]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34AB3C4C-DA1A-4067-96F4-31452C7CFE65}"= "c:\program files\Seznam.cz\listicka.dll" [2010-10-07 1961240]
.
[HKEY_CLASSES_ROOT\clsid\{34ab3c4c-da1a-4067-96f4-31452c7cfe65}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-03-02 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-03-29 61440]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2004-01-28 184320]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2004-10-11 245760]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-03-03 77824]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4StoryPrePatch]
2011-11-28 15:43 327680 -c--a-w- d:\hry\4Story\PrePatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dllexp]
2012-08-25 12:52 31232 ----a-w- c:\documents and settings\Radim\Data aplikací\dllexp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\preload]
2004-04-20 15:49 40960 ----a-w- c:\windows\RUNXMLPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"d:\\Hry\\Metin2\\metin2client.bin"=
"d:\\Hry\\Metin2\\metin2.bin"=
"d:\\Hry\\Counter-Strike 1.8\\cstrike.exe"=
"d:\\Hry\\Valve\\hl.exe"=
"d:\\Hry\\Age of Empires II\\empires2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Hry\\Metin2\\metin2.exe"=
"d:\\Games\\Heroes of Might and Magic V\\bin\\H5_Game.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 m0ygu0ay.sys;m0ygu0ay.sys;c:\windows\system32\drivers\m0ygu0ay.sys [x]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 14:08]
.
2012-08-28 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-28 15:35
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2992)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLTRAY.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\acer\eManager\anbmServ.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Celkový čas: 2012-08-28 15:36:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-28 13:36
ComboFix2.txt 2012-08-27 15:46
.
Před spuštěním: Volných bajtů: 24 864 956 416
Po spuštění: Volných bajtů: 24 872 030 208
.
- - End Of File - - D281FF364D5453A24AD461567C6413AF

Log Combofix3:

ComboFix 12-08-25.04 - Radim 27.08.2012 17:20:22.1.1 - x86
Spuštěný z: c:\documents and settings\Radim\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Radim\WINDOWS
c:\program files\adobereader
c:\program files\adobereader\Esl\AiodLite.dll
c:\program files\adobereader\Reader\ACE.dll
c:\program files\adobereader\Reader\Acrofx32.dll
c:\program files\adobereader\Reader\AcroRd32.dll
c:\program files\adobereader\Reader\AcroRd32.exe
c:\program files\adobereader\Reader\AcroRd32Info.exe
c:\program files\adobereader\Reader\AcroRdIF.dll
c:\program files\adobereader\Reader\adobe_epic.dll
c:\program files\adobereader\Reader\adobe_epic\eula\background.png
c:\program files\adobereader\Reader\adobe_epic\eula\cs_CZ\install.html
c:\program files\adobereader\Reader\adobe_epic\eula\cs_CZ\install2.html
c:\program files\adobereader\Reader\adobe_epic\eula\default.css
c:\program files\adobereader\Reader\adobe_epic\eula\domutils.js
c:\program files\adobereader\Reader\adobe_epic\eula\en_US\install.html
c:\program files\adobereader\Reader\adobe_epic\eula\en_US\install2.html
c:\program files\adobereader\Reader\adobe_epic\eula\onframeload.js
c:\program files\adobereader\Reader\adobe_epic\eula\wizardcore.js
c:\program files\adobereader\Reader\adobe_eula.dll
c:\program files\adobereader\Reader\AdobeCollabSync.CZE
c:\program files\adobereader\Reader\AdobeCollabSync.exe
c:\program files\adobereader\Reader\AdobeLinguistic.dll
c:\program files\adobereader\Reader\AdobeUpdateCheck.exe
c:\program files\adobereader\Reader\AdobeUpdater.dll
c:\program files\adobereader\Reader\AdobeXMP.dll
c:\program files\adobereader\Reader\AGM.dll
c:\program files\adobereader\Reader\AGMGPUOptIn.ini
c:\program files\adobereader\Reader\ahclient.dll
c:\program files\adobereader\Reader\AIR\nppdf32.CZE
c:\program files\adobereader\Reader\AIR\nppdf32.dll
c:\program files\adobereader\Reader\AMT\AUMProduct.aup
c:\program files\adobereader\Reader\AMT\AUMProduct.cer
c:\program files\adobereader\Reader\atl.dll
c:\program files\adobereader\Reader\AXE8SharedExpat.dll
c:\program files\adobereader\Reader\AXSLE.dll
c:\program files\adobereader\Reader\BeyondReader\CZE\Onramp\acrobat.gif
c:\program files\adobereader\Reader\BeyondReader\CZE\Onramp\b-onramp.gif
c:\program files\adobereader\Reader\BeyondReader\CZE\Onramp\bg.jpg
c:\program files\adobereader\Reader\BeyondReader\CZE\Onramp\bl-onramp.gif
c:\program files\adobereader\Reader\BeyondReader\CZE\Onramp\br-onramp.gif
c:\program files\adobereader\Reader\BeyondReader\CZE\Onramp\Connecting.gif
c:\program files\adobereader\Reader\BeyondReader\CZE\Onramp\Connecting2.gif
c:\program files\adobereader\Reader\BeyondReader\CZE\Onramp\DownloadBeyondReaderIcon.gif
c:\program files\adobereader\Reader\BeyondReader\CZE\Onramp\index.html
c:\program files\adobereader\Reader\BeyondReader\CZE\Onramp\l-onramp.gif
c:\program files\adobereader\Reader\BeyondReader\CZE\Onramp\m-onramp.gif
c:\program files\adobereader\Reader\BeyondReader\CZE\Onramp\onramp.css
c:\program files\adobereader\Reader\BeyondReader\CZE\Onramp\onramp.js
c:\program files\adobereader\Reader\BeyondReader\CZE\Onramp\r-onramp.gif
c:\program files\adobereader\Reader\BeyondReader\CZE\Onramp\t-onramp.gif
c:\program files\adobereader\Reader\BeyondReader\CZE\Onramp\tl-onramp.gif
c:\program files\adobereader\Reader\BeyondReader\CZE\Onramp\tr-onramp.gif
c:\program files\adobereader\Reader\BeyondReader\ENU\Onramp\acrobat.gif
c:\program files\adobereader\Reader\BeyondReader\ENU\Onramp\b-onramp.gif
c:\program files\adobereader\Reader\BeyondReader\ENU\Onramp\bg.jpg
c:\program files\adobereader\Reader\BeyondReader\ENU\Onramp\bl-onramp.gif
c:\program files\adobereader\Reader\BeyondReader\ENU\Onramp\br-onramp.gif
c:\program files\adobereader\Reader\BeyondReader\ENU\Onramp\Connecting.gif
c:\program files\adobereader\Reader\BeyondReader\ENU\Onramp\Connecting2.gif
c:\program files\adobereader\Reader\BeyondReader\ENU\Onramp\DownloadBeyondReaderIcon.gif
c:\program files\adobereader\Reader\BeyondReader\ENU\Onramp\index.html
c:\program files\adobereader\Reader\BeyondReader\ENU\Onramp\l-onramp.gif
c:\program files\adobereader\Reader\BeyondReader\ENU\Onramp\m-onramp.gif
c:\program files\adobereader\Reader\BeyondReader\ENU\Onramp\onramp.css
c:\program files\adobereader\Reader\BeyondReader\ENU\Onramp\onramp.js
c:\program files\adobereader\Reader\BeyondReader\ENU\Onramp\r-onramp.gif
c:\program files\adobereader\Reader\BeyondReader\ENU\Onramp\t-onramp.gif
c:\program files\adobereader\Reader\BeyondReader\ENU\Onramp\tl-onramp.gif
c:\program files\adobereader\Reader\BeyondReader\ENU\Onramp\tr-onramp.gif
c:\program files\adobereader\Reader\BIB.dll
c:\program files\adobereader\Reader\BIBUtils.dll
c:\program files\adobereader\Reader\Browser\nppdf32.CZE
c:\program files\adobereader\Reader\Browser\nppdf32.dll
c:\program files\adobereader\Reader\ccme_base.dll
c:\program files\adobereader\Reader\CoolType.dll
c:\program files\adobereader\Reader\cryptocme2.dll
c:\program files\adobereader\Reader\cryptocme2.sig
c:\program files\adobereader\Reader\HowTo\CZE\content-locale.css
c:\program files\adobereader\Reader\HowTo\CZE\content.css
c:\program files\adobereader\Reader\HowTo\CZE\Engineering.html
c:\program files\adobereader\Reader\HowTo\CZE\Forms.html
c:\program files\adobereader\Reader\HowTo\CZE\Forms1.html
c:\program files\adobereader\Reader\HowTo\CZE\Hanko05.html
c:\program files\adobereader\Reader\HowTo\CZE\HowTo.html
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_CollapseAll_Md_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_Delete_Md_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_DistanceTool_Lg_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_Down_Md_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_ExpandAll_Md_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_ExportCertificate_Lg_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_ExportSelect_L_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_CheckboxOn_Sm_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_NavBarLayers_Sm_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_NavBarModelTree_Sm_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_NavBarShowComments_Sm_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_NavBarSign_Lg_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_NextView_Sm_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_PreviousView_Sm_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_ReplyComments_Md_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_ReviewAndComment_Sm_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_Secure_Sm_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_ShowComments_Md_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_Sign_Sm_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_Sort_Md_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_Status_Md_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_Typerwriter_Sm_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\A_Up_Md_N.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\dingbat.png
c:\program files\adobereader\Reader\HowTo\CZE\Images\layerisvisible.png
c:\program files\adobereader\Reader\HowTo\CZE\meta.xml
c:\program files\adobereader\Reader\HowTo\CZE\Review.html
c:\program files\adobereader\Reader\HowTo\CZE\Review01.html
c:\program files\adobereader\Reader\HowTo\CZE\Review02.html
c:\program files\adobereader\Reader\HowTo\CZE\Review05.html
c:\program files\adobereader\Reader\HowTo\CZE\search.html
c:\program files\adobereader\Reader\HowTo\CZE\Sign.html
c:\program files\adobereader\Reader\HowTo\CZE\srch_db.html
c:\program files\adobereader\Reader\HowTo\CZE\terms.js
c:\program files\adobereader\Reader\HowTo\CZE\version.html
c:\program files\adobereader\Reader\HowTo\CZE\WS0152AC38-6989-4789-A91A-DE804B4EE217.html
c:\program files\adobereader\Reader\HowTo\CZE\WS01D0DD7E-72C5-4bd7-98A5-61B6703E2874.html
c:\program files\adobereader\Reader\HowTo\CZE\WS0DB156A0-D8E0-40d1-A8FE-155D401E100A.html
c:\program files\adobereader\Reader\HowTo\CZE\WS116358B6-C899-4ef8-8718-5E8FEED1E80B.html
c:\program files\adobereader\Reader\HowTo\CZE\WS15C7F996-1DF1-4af3-8BB4-7AA64669E5A2.html
c:\program files\adobereader\Reader\HowTo\CZE\WS16696D10-CF60-4979-BC54-0F60285159A9.html
c:\program files\adobereader\Reader\HowTo\CZE\WS175FFA03-6BF0-4fa7-8D66-C91A809536CE.html
c:\program files\adobereader\Reader\HowTo\CZE\WS1ABEB45F-BA46-4913-A7E1-ACA6A974FE76.html
c:\program files\adobereader\Reader\HowTo\CZE\WS1D6D5242-53DD-40e0-B58E-95E027DCD94D.html
c:\program files\adobereader\Reader\HowTo\CZE\WS1E82B083-927E-47b3-AAD6-88CB47B5E992.html
c:\program files\adobereader\Reader\HowTo\CZE\WS21180009-84AE-4b72-9610-C38FE8B6C423.html
c:\program files\adobereader\Reader\HowTo\CZE\WS23BCDC6F-BC2E-489b-8D36-D875B917293B.html
c:\program files\adobereader\Reader\HowTo\CZE\WS23E49454-94C8-45b7-9F79-BC8CBC1621E1.html
c:\program files\adobereader\Reader\HowTo\CZE\WS25BA4195-6D5F-4aca-A8DF-EF72AAAAB5B1.html
c:\program files\adobereader\Reader\HowTo\CZE\WS26240DA8-2896-4976-8BBD-5A5CDF2DBB65.html
c:\program files\adobereader\Reader\HowTo\CZE\WS28F751CE-AA39-440f-8615-58F751037765.html
c:\program files\adobereader\Reader\HowTo\CZE\WS2AE3999E-C712-4e15-BC7C-1615EE1B5B56.html
c:\program files\adobereader\Reader\HowTo\CZE\WS3153B307-CB17-4269-9B46-DF43E8AC4582.html
c:\program files\adobereader\Reader\HowTo\CZE\WS32EEDD33-2F54-4848-9BBE-3E01F5BB2375.html
c:\program files\adobereader\Reader\HowTo\CZE\WS40A2300E-1DBC-4e12-9837-AD8454775679.html
c:\program files\adobereader\Reader\HowTo\CZE\WS4B49EA85-530D-4820-8F46-FE0120FC591A.html
c:\program files\adobereader\Reader\HowTo\CZE\WS4C63D590-2C39-4ad9-9B3B-87558B53E8AD.html
c:\program files\adobereader\Reader\HowTo\CZE\WS4CE8758A-E53C-438a-A3EC-247A2076C1C3.html
c:\program files\adobereader\Reader\HowTo\CZE\WS4D7B71F8-4459-493e-A2BF-0CE66B055B46.html
c:\program files\adobereader\Reader\HowTo\CZE\WS4FDA872B-2373-47cc-9FC4-71EC25DFE3A8.html
c:\program files\adobereader\Reader\HowTo\CZE\WS569061E4-7434-4bb8-92A9-840CF861F474.html
c:\program files\adobereader\Reader\HowTo\CZE\WS57FC3C30-C0F1-41fb-B998-7CB8D9C9E488.html
c:\program files\adobereader\Reader\HowTo\CZE\WS5B5C7EE5-16D9-470a-AAC6-6F569C78D6AB.html
c:\program files\adobereader\Reader\HowTo\CZE\WS5DC362ED-F30C-4303-983D-9426DA6CA939.html
c:\program files\adobereader\Reader\HowTo\CZE\WS675A7196-68DC-405f-AA3B-1FE9D2F2E288.html
c:\program files\adobereader\Reader\HowTo\CZE\WS677DDFC2-618B-4128-A6A7-7BBF8B4B5FA8.html
c:\program files\adobereader\Reader\HowTo\CZE\WS68FC469B-1113-4ab1-BACF-C7ED43B09AC8.html
c:\program files\adobereader\Reader\HowTo\CZE\WS6BDF3AF5-5E90-4423-88C8-16675AF0C595.html
c:\program files\adobereader\Reader\HowTo\CZE\WS6F1D9AEB-BE3B-4b60-8D3F-1BB419EF1C1B.html
c:\program files\adobereader\Reader\HowTo\CZE\WS7098BCBC-0FA6-4a18-AFAB-6C59366399D0.html
c:\program files\adobereader\Reader\HowTo\CZE\WS70F00F0C-C476-46c6-BDC9-4775B21A895A.html
c:\program files\adobereader\Reader\HowTo\CZE\WS7101B368-E344-4a9a-9917-ACB09777A127.html
c:\program files\adobereader\Reader\HowTo\CZE\WS71AAA620-5DAD-4f24-A093-D184201A2CA7.html
c:\program files\adobereader\Reader\HowTo\CZE\WS728F554C-96AE-467c-94C3-61592E343AEC.html
c:\program files\adobereader\Reader\HowTo\CZE\WS7705371C-01C6-41df-8F29-EC17BE90A303.html
c:\program files\adobereader\Reader\HowTo\CZE\WS77BB9683-9BDA-4c93-8C4D-C10BEFD22D34.html
c:\program files\adobereader\Reader\HowTo\CZE\WS7804F58D-9B6D-4f83-8783-707173F19A57.html
c:\program files\adobereader\Reader\HowTo\CZE\WS7CF25848-721F-48e3-BF3F-7F6135505706.html
c:\program files\adobereader\Reader\HowTo\CZE\WS82B540C2-7F9D-4d87-9071-DA13712079F7.html
c:\program files\adobereader\Reader\HowTo\CZE\WS860530CA-10EF-4fcb-8517-B47769F67A93.html
c:\program files\adobereader\Reader\HowTo\CZE\WS86957517-D231-4f67-AA63-BB7113BA6B4C.html
c:\program files\adobereader\Reader\HowTo\CZE\WS913EF9D4-6D87-4858-AB2E-9AB7CD3B33AB.html
c:\program files\adobereader\Reader\HowTo\CZE\WS91C8140A-B901-4d25-B8EB-969199C241DE.html
c:\program files\adobereader\Reader\HowTo\CZE\WS953DEDAB-D5AC-491a-AC5A-9EA68DE93712.html
c:\program files\adobereader\Reader\HowTo\CZE\WS974BA363-E830-43a0-8A0D-54C90F13FE43.html
c:\program files\adobereader\Reader\HowTo\CZE\WS97FC333F-2B50-4664-A4C7-418BBD7EA061.html
c:\program files\adobereader\Reader\HowTo\CZE\WS98108EA9-0350-47c4-8666-C077928F7CDC.html
c:\program files\adobereader\Reader\HowTo\CZE\WS9A8AD2CD-C75D-4a96-A8C8-64125FC6B103.html
c:\program files\adobereader\Reader\HowTo\CZE\WS9CA99867-575D-4438-A010-FEC8F2CEBEE7.html
c:\program files\adobereader\Reader\HowTo\CZE\WSA02AF508-E105-4e80-8928-11BCA70D3402.html
c:\program files\adobereader\Reader\HowTo\CZE\WSA4AFE6C3-84A0-495d-A24C-2273B637C29C.html
c:\program files\adobereader\Reader\HowTo\CZE\WSA64A1338-B969-4dba-80E8-BD37DFDE9180.html
c:\program files\adobereader\Reader\HowTo\CZE\WSA839D6AB-2E30-4c71-A779-CE4F8D964115.html
c:\program files\adobereader\Reader\HowTo\CZE\WSAF65B6C7-D000-4606-ACA4-7F32C9860E91.html
c:\program files\adobereader\Reader\HowTo\CZE\WSB11FAB59-A592-47a8-AD73-B38909D6E12F.html
c:\program files\adobereader\Reader\HowTo\CZE\WSB7B5F563-E2FA-4c9f-A9FD-590A22F508E7.html
c:\program files\adobereader\Reader\HowTo\CZE\WSB9422892-F790-4cb8-B4CD-8E4AD220A696.html
c:\program files\adobereader\Reader\HowTo\CZE\WSB95C4980-9B72-4e66-9ADA-CEC44E977786.html
c:\program files\adobereader\Reader\HowTo\CZE\WSC887FFE1-8857-4be1-BB81-BC32DE2AD7FC.html
c:\program files\adobereader\Reader\HowTo\CZE\WSCB6E92A7-E5C4-4285-853D-477A070EED2D.html
c:\program files\adobereader\Reader\HowTo\CZE\WSCCDA0B9F-2F54-4810-BAAF-04A59E60998B.html
c:\program files\adobereader\Reader\HowTo\CZE\WSCDCB0C74-267A-4db2-856D-EDD048947C59.html
c:\program files\adobereader\Reader\HowTo\CZE\WSD1D23E0E-281D-4aa8-8B10-64DB1EE65C71.html
c:\program files\adobereader\Reader\HowTo\CZE\WSD2ACE85B-5959-4f89-9D2B-218F9376E9D5.html
c:\program files\adobereader\Reader\HowTo\CZE\WSD5671438-ADC2-4616-BA90-0FF6FD03CED8.html
c:\program files\adobereader\Reader\HowTo\CZE\WSD5BEB284-9F6D-4635-881A-31A092178E63.html
c:\program files\adobereader\Reader\HowTo\CZE\WSD73A2CCE-18C6-4885-A567-3FF67DB23AF8.html
c:\program files\adobereader\Reader\HowTo\CZE\WSD8B6C446-DD94-4ade-928D-5A585D90870A.html
c:\program files\adobereader\Reader\HowTo\CZE\WSD8F4B47F-18D4-4fdf-AE0E-3C7B16CAB344.html
c:\program files\adobereader\Reader\HowTo\CZE\WSD96469EA-5613-41d4-A7CB-D05418271C69.html
c:\program files\adobereader\Reader\HowTo\CZE\WSDBCA1B83-917F-4800-BA1E-AE4D73C7436E.html
c:\program files\adobereader\Reader\HowTo\CZE\WSDE9DD7BF-83AA-40c7-ABDC-FFBDC84550C9.html
c:\program files\adobereader\Reader\HowTo\CZE\WSE2D6BFF2-376A-45ac-BB53-056DA78E65B0.html
c:\program files\adobereader\Reader\HowTo\CZE\WSE632035A-F854-473d-8AE0-9BD326226862.html
c:\program files\adobereader\Reader\HowTo\CZE\WSE9BBFA12-14C6-439d-B9E8-48630AB72870.html
c:\program files\adobereader\Reader\HowTo\CZE\WSEAA79063-1DAD-4317-AB33-5A68D623207D.html
c:\program files\adobereader\Reader\HowTo\CZE\WSEC4F451C-E254-43f9-ACFE-F242A591D0D7.html
c:\program files\adobereader\Reader\HowTo\CZE\WSEDA6E022-E71D-4185-8BE4-437766DA1F87.html
c:\program files\adobereader\Reader\HowTo\CZE\WSEE1DFE49-1C7E-4648-AFD8-7A5CFA20391D.html
c:\program files\adobereader\Reader\HowTo\CZE\WSF19D4446-A439-4adc-B9ED-E11325487E28.html
c:\program files\adobereader\Reader\HowTo\CZE\WSF30BC11C-BCEF-4e2b-8934-059526ED0229.html
c:\program files\adobereader\Reader\HowTo\CZE\WSF3FF17C0-8293-4cf7-B1B6-C362AC31072E.html
c:\program files\adobereader\Reader\HowTo\ENU\content-locale.css
c:\program files\adobereader\Reader\HowTo\ENU\content.css
c:\program files\adobereader\Reader\HowTo\ENU\Engineering.html
c:\program files\adobereader\Reader\HowTo\ENU\Export.html
c:\program files\adobereader\Reader\HowTo\ENU\Forms.html
c:\program files\adobereader\Reader\HowTo\ENU\Forms1.html
c:\program files\adobereader\Reader\HowTo\ENU\Hanko05.html
c:\program files\adobereader\Reader\HowTo\ENU\HowTo.html
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_CollapseAll_Md_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_Delete_Md_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_DistanceTool_Lg_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_Down_Md_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_ExpandAll_Md_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_ExportCertificate_Lg_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_ExportSelect_L_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_CheckboxOn_Sm_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_NavBarLayers_Sm_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_NavBarModelTree_Sm_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_NavBarShowComments_Sm_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_NavBarSign_Lg_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_NextView_Sm_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_PreviousView_Sm_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_ReplyComments_Md_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_ReviewAndComment_Sm_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_Secure_Sm_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_ShowComments_Md_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_Sign_Sm_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_Sort_Md_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_StartBreezeMeeting_Sm_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_Status_Md_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_Typerwriter_Sm_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\A_Up_Md_N.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\dingbat.png
c:\program files\adobereader\Reader\HowTo\ENU\Images\layerisvisible.png
c:\program files\adobereader\Reader\HowTo\ENU\LRHelpContentReleaseNotes.txt
c:\program files\adobereader\Reader\HowTo\ENU\meta.xml
c:\program files\adobereader\Reader\HowTo\ENU\Reader_en-us_report-conref.html
c:\program files\adobereader\Reader\HowTo\ENU\Reader_en-us_report-content.html
c:\program files\adobereader\Reader\HowTo\ENU\Reader_en-us_report-duplicate.html
c:\program files\adobereader\Reader\HowTo\ENU\Reader_en-us_report-image.html
c:\program files\adobereader\Reader\HowTo\ENU\Reader_en-us_report-indexes.html
c:\program files\adobereader\Reader\HowTo\ENU\Reader_en-us_report-summary.html
c:\program files\adobereader\Reader\HowTo\ENU\Reader_en-us_report-xref.html
c:\program files\adobereader\Reader\HowTo\ENU\Review.html
c:\program files\adobereader\Reader\HowTo\ENU\Review01.html
c:\program files\adobereader\Reader\HowTo\ENU\Review02.html
c:\program files\adobereader\Reader\HowTo\ENU\Review05.html
c:\program files\adobereader\Reader\HowTo\ENU\search.html
c:\program files\adobereader\Reader\HowTo\ENU\Sign.html
c:\program files\adobereader\Reader\HowTo\ENU\srch_db.html
c:\program files\adobereader\Reader\HowTo\ENU\terms.js
c:\program files\adobereader\Reader\HowTo\ENU\version.html
c:\program files\adobereader\Reader\HowTo\ENU\WS0152AC38-6989-4789-A91A-DE804B4EE217.html
c:\program files\adobereader\Reader\HowTo\ENU\WS01D0DD7E-72C5-4bd7-98A5-61B6703E2874.html
c:\program files\adobereader\Reader\HowTo\ENU\WS0DB156A0-D8E0-40d1-A8FE-155D401E100A.html
c:\program files\adobereader\Reader\HowTo\ENU\WS116358B6-C899-4ef8-8718-5E8FEED1E80B.html
c:\program files\adobereader\Reader\HowTo\ENU\WS15C7F996-1DF1-4af3-8BB4-7AA64669E5A2.html
c:\program files\adobereader\Reader\HowTo\ENU\WS16696D10-CF60-4979-BC54-0F60285159A9.html
c:\program files\adobereader\Reader\HowTo\ENU\WS175FFA03-6BF0-4fa7-8D66-C91A809536CE.html
c:\program files\adobereader\Reader\HowTo\ENU\WS1ABEB45F-BA46-4913-A7E1-ACA6A974FE76.html
c:\program files\adobereader\Reader\HowTo\ENU\WS1D6D5242-53DD-40e0-B58E-95E027DCD94D.html
c:\program files\adobereader\Reader\HowTo\ENU\WS1E82B083-927E-47b3-AAD6-88CB47B5E992.html
c:\program files\adobereader\Reader\HowTo\ENU\WS21180009-84AE-4b72-9610-C38FE8B6C423.html
c:\program files\adobereader\Reader\HowTo\ENU\WS23BCDC6F-BC2E-489b-8D36-D875B917293B.html
c:\program files\adobereader\Reader\HowTo\ENU\WS23E49454-94C8-45b7-9F79-BC8CBC1621E1.html
c:\program files\adobereader\Reader\HowTo\ENU\WS25BA4195-6D5F-4aca-A8DF-EF72AAAAB5B1.html
c:\program files\adobereader\Reader\HowTo\ENU\WS26240DA8-2896-4976-8BBD-5A5CDF2DBB65.html
c:\program files\adobereader\Reader\HowTo\ENU\WS28F751CE-AA39-440f-8615-58F751037765.html
c:\program files\adobereader\Reader\HowTo\ENU\WS2AE3999E-C712-4e15-BC7C-1615EE1B5B56.html
c:\program files\adobereader\Reader\HowTo\ENU\WS3153B307-CB17-4269-9B46-DF43E8AC4582.html
c:\program files\adobereader\Reader\HowTo\ENU\WS32EEDD33-2F54-4848-9BBE-3E01F5BB2375.html
c:\program files\adobereader\Reader\HowTo\ENU\WS40A2300E-1DBC-4e12-9837-AD8454775679.html
c:\program files\adobereader\Reader\HowTo\ENU\WS4A6B605A-8F5B-4bfb-BD8E-90611BC05E4E.html
c:\program files\adobereader\Reader\HowTo\ENU\WS4B49EA85-530D-4820-8F46-FE0120FC591A.html
c:\program files\adobereader\Reader\HowTo\ENU\WS4C63D590-2C39-4ad9-9B3B-87558B53E8AD.html
c:\program files\adobereader\Reader\HowTo\ENU\WS4CE8758A-E53C-438a-A3EC-247A2076C1C3.html
c:\program files\adobereader\Reader\HowTo\ENU\WS4D7B71F8-4459-493e-A2BF-0CE66B055B46.html
c:\program files\adobereader\Reader\HowTo\ENU\WS4FDA872B-2373-47cc-9FC4-71EC25DFE3A8.html
c:\program files\adobereader\Reader\HowTo\ENU\WS500B1437-8713-43ea-87D2-C029BC4D95DB.html
c:\program files\adobereader\Reader\HowTo\ENU\WS569061E4-7434-4bb8-92A9-840CF861F474.html
c:\program files\adobereader\Reader\HowTo\ENU\WS57FC3C30-C0F1-41fb-B998-7CB8D9C9E488.html
c:\program files\adobereader\Reader\HowTo\ENU\WS5B5C7EE5-16D9-470a-AAC6-6F569C78D6AB.html
c:\program files\adobereader\Reader\HowTo\ENU\WS5DC362ED-F30C-4303-983D-9426DA6CA939.html
c:\program files\adobereader\Reader\HowTo\ENU\WS675A7196-68DC-405f-AA3B-1FE9D2F2E288.html
c:\program files\adobereader\Reader\HowTo\ENU\WS677DDFC2-618B-4128-A6A7-7BBF8B4B5FA8.html
c:\program files\adobereader\Reader\HowTo\ENU\WS68FC469B-1113-4ab1-BACF-C7ED43B09AC8.html
c:\program files\adobereader\Reader\HowTo\ENU\WS6BDF3AF5-5E90-4423-88C8-16675AF0C595.html
c:\program files\adobereader\Reader\HowTo\ENU\WS6F1D9AEB-BE3B-4b60-8D3F-1BB419EF1C1B.html
c:\program files\adobereader\Reader\HowTo\ENU\WS7098BCBC-0FA6-4a18-AFAB-6C59366399D0.html
c:\program files\adobereader\Reader\HowTo\ENU\WS70F00F0C-C476-46c6-BDC9-4775B21A895A.html
c:\program files\adobereader\Reader\HowTo\ENU\WS7101B368-E344-4a9a-9917-ACB09777A127.html
c:\program files\adobereader\Reader\HowTo\ENU\WS71AAA620-5DAD-4f24-A093-D184201A2CA7.html
c:\program files\adobereader\Reader\HowTo\ENU\WS728F554C-96AE-467c-94C3-61592E343AEC.html
c:\program files\adobereader\Reader\HowTo\ENU\WS7705371C-01C6-41df-8F29-EC17BE90A303.html
c:\program files\adobereader\Reader\HowTo\ENU\WS77BB9683-9BDA-4c93-8C4D-C10BEFD22D34.html
c:\program files\adobereader\Reader\HowTo\ENU\WS7804F58D-9B6D-4f83-8783-707173F19A57.html
c:\program files\adobereader\Reader\HowTo\ENU\WS7CF25848-721F-48e3-BF3F-7F6135505706.html
c:\program files\adobereader\Reader\HowTo\ENU\WS82B540C2-7F9D-4d87-9071-DA13712079F7.html
c:\program files\adobereader\Reader\HowTo\ENU\WS860530CA-10EF-4fcb-8517-B47769F67A93.html
c:\program files\adobereader\Reader\HowTo\ENU\WS86957517-D231-4f67-AA63-BB7113BA6B4C.html
c:\program files\adobereader\Reader\HowTo\ENU\WS913EF9D4-6D87-4858-AB2E-9AB7CD3B33AB.html
c:\program files\adobereader\Reader\HowTo\ENU\WS91C8140A-B901-4d25-B8EB-969199C241DE.html
c:\program files\adobereader\Reader\HowTo\ENU\WS953DEDAB-D5AC-491a-AC5A-9EA68DE93712.html
c:\program files\adobereader\Reader\HowTo\ENU\WS974BA363-E830-43a0-8A0D-54C90F13FE43.html
c:\program files\adobereader\Reader\HowTo\ENU\WS97FC333F-2B50-4664-A4C7-418BBD7EA061.html
c:\program files\adobereader\Reader\HowTo\ENU\WS98108EA9-0350-47c4-8666-C077928F7CDC.html
c:\program files\adobereader\Reader\HowTo\ENU\WS9A8AD2CD-C75D-4a96-A8C8-64125FC6B103.html
c:\program files\adobereader\Reader\HowTo\ENU\WS9CA99867-575D-4438-A010-FEC8F2CEBEE7.html
c:\program files\adobereader\Reader\HowTo\ENU\WSA02AF508-E105-4e80-8928-11BCA70D3402.html
c:\program files\adobereader\Reader\HowTo\ENU\WSA4AFE6C3-84A0-495d-A24C-2273B637C29C.html
c:\program files\adobereader\Reader\HowTo\ENU\WSA64A1338-B969-4dba-80E8-BD37DFDE9180.html
c:\program files\adobereader\Reader\HowTo\ENU\WSA839D6AB-2E30-4c71-A779-CE4F8D964115.html
c:\program files\adobereader\Reader\HowTo\ENU\WSAF65B6C7-D000-4606-ACA4-7F32C9860E91.html
c:\program files\adobereader\Reader\HowTo\ENU\WSB11FAB59-A592-47a8-AD73-B38909D6E12F.html
c:\program files\adobereader\Reader\HowTo\ENU\WSB7B5F563-E2FA-4c9f-A9FD-590A22F508E7.html
c:\program files\adobereader\Reader\HowTo\ENU\WSB9422892-F790-4cb8-B4CD-8E4AD220A696.html
c:\program files\adobereader\Reader\HowTo\ENU\WSB95C4980-9B72-4e66-9ADA-CEC44E977786.html
c:\program files\adobereader\Reader\HowTo\ENU\WSC887FFE1-8857-4be1-BB81-BC32DE2AD7FC.html
c:\program files\adobereader\Reader\HowTo\ENU\WSCB6E92A7-E5C4-4285-853D-477A070EED2D.html
c:\program files\adobereader\Reader\HowTo\ENU\WSCCDA0B9F-2F54-4810-BAAF-04A59E60998B.html
c:\program files\adobereader\Reader\HowTo\ENU\WSCDCB0C74-267A-4db2-856D-EDD048947C59.html
c:\program files\adobereader\Reader\HowTo\ENU\WSD1D23E0E-281D-4aa8-8B10-64DB1EE65C71.html
c:\program files\adobereader\Reader\HowTo\ENU\WSD2ACE85B-5959-4f89-9D2B-218F9376E9D5.html
c:\program files\adobereader\Reader\HowTo\ENU\WSD5671438-ADC2-4616-BA90-0FF6FD03CED8.html
c:\program files\adobereader\Reader\HowTo\ENU\WSD5BEB284-9F6D-4635-881A-31A092178E63.html
c:\program files\adobereader\Reader\HowTo\ENU\WSD73A2CCE-18C6-4885-A567-3FF67DB23AF8.html
c:\program files\adobereader\Reader\HowTo\ENU\WSD8B6C446-DD94-4ade-928D-5A585D90870A.html
c:\program files\adobereader\Reader\HowTo\ENU\WSD8F4B47F-18D4-4fdf-AE0E-3C7B16CAB344.html
c:\program files\adobereader\Reader\HowTo\ENU\WSD96469EA-5613-41d4-A7CB-D05418271C69.html
c:\program files\adobereader\Reader\HowTo\ENU\WSDBCA1B83-917F-4800-BA1E-AE4D73C7436E.html
c:\program files\adobereader\Reader\HowTo\ENU\WSDE9DD7BF-83AA-40c7-ABDC-FFBDC84550C9.html
c:\program files\adobereader\Reader\HowTo\ENU\WSE2D6BFF2-376A-45ac-BB53-056DA78E65B0.html
c:\program files\adobereader\Reader\HowTo\ENU\WSE632035A-F854-473d-8AE0-9BD326226862.html
c:\program files\adobereader\Reader\HowTo\ENU\WSE9BBFA12-14C6-439d-B9E8-48630AB72870.html
c:\program files\adobereader\Reader\HowTo\ENU\WSEAA79063-1DAD-4317-AB33-5A68D623207D.html
c:\program files\adobereader\Reader\HowTo\ENU\WSEC4F451C-E254-43f9-ACFE-F242A591D0D7.html
c:\program files\adobereader\Reader\HowTo\ENU\WSEDA6E022-E71D-4185-8BE4-437766DA1F87.html
c:\program files\adobereader\Reader\HowTo\ENU\WSEE1DFE49-1C7E-4648-AFD8-7A5CFA20391D.html
c:\program files\adobereader\Reader\HowTo\ENU\WSF19D4446-A439-4adc-B9ED-E11325487E28.html
c:\program files\adobereader\Reader\HowTo\ENU\WSF30BC11C-BCEF-4e2b-8934-059526ED0229.html
c:\program files\adobereader\Reader\HowTo\ENU\WSF3FF17C0-8293-4cf7-B1B6-C362AC31072E.html
c:\program files\adobereader\Reader\icucnv34.dll
c:\program files\adobereader\Reader\icudt34.dll
c:\program files\adobereader\Reader\IDTemplates\CZE\AdobeID.pdf
c:\program files\adobereader\Reader\IDTemplates\CZE\DefaultID.pdf
c:\program files\adobereader\Reader\IDTemplates\ENU\AdobeID.pdf
c:\program files\adobereader\Reader\IDTemplates\ENU\DefaultID.pdf
c:\program files\adobereader\Reader\Javascripts\JSByteCodeWin.bin
c:\program files\adobereader\Reader\JP2KLib.dll
c:\program files\adobereader\Reader\Legal\cs_CZ\license.html
c:\program files\adobereader\Reader\Legal\en_US\license.html
c:\program files\adobereader\Reader\Onix32.dll
c:\program files\adobereader\Reader\Optional\README.TXT
c:\program files\adobereader\Reader\PDFPrevHndlr.dll
c:\program files\adobereader\Reader\PDFPrevHndlrShim.exe
c:\program files\adobereader\Reader\PDFSigQFormalRep.pdf
c:\program files\adobereader\Reader\plug_ins\Accessibility.api
c:\program files\adobereader\Reader\plug_ins\accessibility.CZE
c:\program files\adobereader\Reader\plug_ins\AcroForm.api
c:\program files\adobereader\Reader\plug_ins\Acroform.CZE
c:\program files\adobereader\Reader\plug_ins\AcroForm\adobepdf.xdc
c:\program files\adobereader\Reader\plug_ins\AcroForm\PMP\AdobePDF417.pmp
c:\program files\adobereader\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp
c:\program files\adobereader\Reader\plug_ins\AcroForm\PMP\QRCode.pmp
c:\program files\adobereader\Reader\plug_ins\AcroSign.prc
c:\program files\adobereader\Reader\plug_ins\Annotations\Stamps\CZE\Dynamic.pdf
c:\program files\adobereader\Reader\plug_ins\Annotations\Stamps\CZE\SignHere.pdf
c:\program files\adobereader\Reader\plug_ins\Annotations\Stamps\CZE\StandardBusiness.pdf
c:\program files\adobereader\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf
c:\program files\adobereader\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf
c:\program files\adobereader\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf
c:\program files\adobereader\Reader\plug_ins\Annotations\Stamps\Words.pdf
c:\program files\adobereader\Reader\plug_ins\Annots.api
c:\program files\adobereader\Reader\plug_ins\Annots.CZE
c:\program files\adobereader\Reader\plug_ins\DigSig.api
c:\program files\adobereader\Reader\plug_ins\DigSig.CZE
c:\program files\adobereader\Reader\plug_ins\DVA.api
c:\program files\adobereader\Reader\plug_ins\DVA.CZE
c:\program files\adobereader\Reader\plug_ins\eBook.api
c:\program files\adobereader\Reader\plug_ins\eBook.CZE
c:\program files\adobereader\Reader\plug_ins\EScript.api
c:\program files\adobereader\Reader\plug_ins\EScript.CZE
c:\program files\adobereader\Reader\plug_ins\EWH32.api
c:\program files\adobereader\Reader\plug_ins\EWH32.CZE
c:\program files\adobereader\Reader\plug_ins\HLS.api
c:\program files\adobereader\Reader\plug_ins\HLS.CZE
c:\program files\adobereader\Reader\plug_ins\Checkers.api
c:\program files\adobereader\Reader\plug_ins\Checkers.CZE
c:\program files\adobereader\Reader\plug_ins\IA32.api
c:\program files\adobereader\Reader\plug_ins\IA32.CZE
c:\program files\adobereader\Reader\plug_ins\ImageViewer.API
c:\program files\adobereader\Reader\plug_ins\ImageViewer.CZE
c:\program files\adobereader\Reader\plug_ins\ImageViewer\cs_CZ\svgrsrc.dll
c:\program files\adobereader\Reader\plug_ins\ImageViewer\cs_CZ\SVGViewer.dict
c:\program files\adobereader\Reader\plug_ins\ImageViewer\en_US\svgrsrc.dll
c:\program files\adobereader\Reader\plug_ins\ImageViewer\en_US\SVGViewer.dict
c:\program files\adobereader\Reader\plug_ins\ImageViewer\SVGCore.DLL
c:\program files\adobereader\Reader\plug_ins\MakeAccessible.api
c:\program files\adobereader\Reader\plug_ins\makeaccessible.CZE
c:\program files\adobereader\Reader\plug_ins\Multimedia.api
c:\program files\adobereader\Reader\plug_ins\Multimedia.CZE
c:\program files\adobereader\Reader\plug_ins\Multimedia\MPP\Flash.CZE
c:\program files\adobereader\Reader\plug_ins\Multimedia\MPP\Flash.mpp
c:\program files\adobereader\Reader\plug_ins\Multimedia\MPP\Mcimpp.CZE
c:\program files\adobereader\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp
c:\program files\adobereader\Reader\plug_ins\Multimedia\MPP\QuickTime.CZE
c:\program files\adobereader\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp
c:\program files\adobereader\Reader\plug_ins\Multimedia\MPP\Real.CZE
c:\program files\adobereader\Reader\plug_ins\Multimedia\MPP\Real.mpp
c:\program files\adobereader\Reader\plug_ins\Multimedia\MPP\WindowsMedia.CZE
c:\program files\adobereader\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp
c:\program files\adobereader\Reader\plug_ins\PDDom.api
c:\program files\adobereader\Reader\plug_ins\pddom.CZE
c:\program files\adobereader\Reader\plug_ins\PPKLite.api
c:\program files\adobereader\Reader\plug_ins\PPKLite.CZE
c:\program files\adobereader\Reader\plug_ins\ReadOutLoud.api
c:\program files\adobereader\Reader\plug_ins\ReadOutLoud.CZE
c:\program files\adobereader\Reader\plug_ins\reflow.api
c:\program files\adobereader\Reader\plug_ins\reflow.CZE
c:\program files\adobereader\Reader\plug_ins\SaveAsRTF.api
c:\program files\adobereader\Reader\plug_ins\SaveAsRTF.CZE
c:\program files\adobereader\Reader\plug_ins\Search.api
c:\program files\adobereader\Reader\plug_ins\Search.CZE
c:\program files\adobereader\Reader\plug_ins\Search5.api
c:\program files\adobereader\Reader\plug_ins\Search5.CZE
c:\program files\adobereader\Reader\plug_ins\SendMail.api
c:\program files\adobereader\Reader\plug_ins\SendMail.CZE
c:\program files\adobereader\Reader\plug_ins\Spelling.api
c:\program files\adobereader\Reader\plug_ins\Spelling.CZE
c:\program files\adobereader\Reader\plug_ins\Updater.api
c:\program files\adobereader\Reader\plug_ins\updater.CZE
c:\program files\adobereader\Reader\plug_ins\VDKHome\CZE\Vdk10.lng
c:\program files\adobereader\Reader\plug_ins\VDKHome\CZE\VDK10.RSD
c:\program files\adobereader\Reader\plug_ins\VDKHome\CZE\Vdk10.rst
c:\program files\adobereader\Reader\plug_ins\VDKHome\CZE\VDK10.STC
c:\program files\adobereader\Reader\plug_ins\VDKHome\CZE\VDK10.STP
c:\program files\adobereader\Reader\plug_ins\VDKHome\CZE\VDK10.SYD
c:\program files\adobereader\Reader\plug_ins\VDKHome\ENU\acro20.lng
c:\program files\adobereader\Reader\plug_ins\VDKHome\ENU\Vdk10.lng
c:\program files\adobereader\Reader\plug_ins\VDKHome\ENU\VDK10.RSD
c:\program files\adobereader\Reader\plug_ins\VDKHome\ENU\Vdk10.rst
c:\program files\adobereader\Reader\plug_ins\VDKHome\ENU\VDK10.STC
c:\program files\adobereader\Reader\plug_ins\VDKHome\ENU\VDK10.STP
c:\program files\adobereader\Reader\plug_ins\VDKHome\ENU\VDK10.SYD
c:\program files\adobereader\Reader\plug_ins\VDKHome\VDK10.CMP
c:\program files\adobereader\Reader\plug_ins\VDKHome\VDK10.LIC
c:\program files\adobereader\Reader\plug_ins\VDKHome\VDK10.STD
c:\program files\adobereader\Reader\plug_ins\VDKHome\VDK10.SYX
c:\program files\adobereader\Reader\plug_ins\VDKHome\VDK10.THD
c:\program files\adobereader\Reader\plug_ins\weblink.api
c:\program files\adobereader\Reader\plug_ins\WebLink.CZE
c:\program files\adobereader\Reader\plug_ins3d\2d.x3d
c:\program files\adobereader\Reader\plug_ins3d\3difr.x3d
c:\program files\adobereader\Reader\plug_ins3d\drvDX8.x3d
c:\program files\adobereader\Reader\plug_ins3d\drvDX9.x3d
c:\program files\adobereader\Reader\plug_ins3d\drvSOFT.x3d
c:\program files\adobereader\Reader\plug_ins3d\prc\MyriadCAD.otf
c:\program files\adobereader\Reader\plug_ins3d\prcr.x3d
c:\program files\adobereader\Reader\plug_ins3d\tesselate.x3d
c:\program files\adobereader\Reader\pmd.cer
c:\program files\adobereader\Reader\RdLang32.CZE
c:\program files\adobereader\Reader\reader_sl.exe
c:\program files\adobereader\Reader\ReadMe.htm
c:\program files\adobereader\Reader\rt3d.dll
c:\program files\adobereader\Reader\SPPlugins\ADMPlugin.apl
c:\program files\adobereader\Reader\Tracker\add_reviewer.gif
c:\program files\adobereader\Reader\Tracker\email_all.gif
c:\program files\adobereader\Reader\Tracker\email_initiator.gif
c:\program files\adobereader\Reader\Tracker\info.gif
c:\program files\adobereader\Reader\Tracker\joined_lg.gif
c:\program files\adobereader\Reader\Tracker\main.css
c:\program files\adobereader\Reader\Tracker\review_browser.gif
c:\program files\adobereader\Reader\Tracker\review_email.gif
c:\program files\adobereader\Reader\Tracker\review_shared.gif
c:\program files\adobereader\Reader\Tracker\reviewers.gif
c:\program files\adobereader\Reader\Tracker\sent_lg.gif
c:\program files\adobereader\Reader\Tracker\server_issue.gif
c:\program files\adobereader\Reader\Tracker\server_lg.gif
c:\program files\adobereader\Reader\Tracker\server_ok.gif
c:\program files\adobereader\Reader\Tracker\trash.gif
c:\program files\adobereader\Reader\vdk150.dll
c:\program files\adobereader\Reader\ViewerPS.dll
c:\program files\adobereader\Resource\CMap\Identity-H
c:\program files\adobereader\Resource\CMap\Identity-V
c:\program files\adobereader\Resource\ENUtxt.pdf
c:\program files\adobereader\Resource\Font\AdobePiStd.otf
c:\program files\adobereader\Resource\Font\CourierStd-Bold.otf
c:\program files\adobereader\Resource\Font\CourierStd-BoldOblique.otf
c:\program files\adobereader\Resource\Font\CourierStd-Oblique.otf
c:\program files\adobereader\Resource\Font\CourierStd.otf
c:\program files\adobereader\Resource\Font\MinionPro-Bold.otf
c:\program files\adobereader\Resource\Font\MinionPro-BoldIt.otf
c:\program files\adobereader\Resource\Font\MinionPro-It.otf
c:\program files\adobereader\Resource\Font\MinionPro-Regular.otf
c:\program files\adobereader\Resource\Font\MyriadPro-Bold.otf
c:\program files\adobereader\Resource\Font\MyriadPro-BoldIt.otf
c:\program files\adobereader\Resource\Font\MyriadPro-It.otf
c:\program files\adobereader\Resource\Font\MyriadPro-Regular.otf
c:\program files\adobereader\Resource\Font\PFM\SY______.PFM
c:\program files\adobereader\Resource\Font\PFM\zx______.pfm
c:\program files\adobereader\Resource\Font\PFM\zy______.pfm
c:\program files\adobereader\Resource\Font\SY______.PFB
c:\program files\adobereader\Resource\Font\ZX______.PFB
c:\program files\adobereader\Resource\Font\ZY______.PFB
c:\program files\adobereader\Resource\Linguistics\LanguageNames\DisplayLanguageNames.cs_CZ.txt
c:\program files\adobereader\Resource\Linguistics\LanguageNames\DisplayLanguageNames.en_US.txt
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\brt04.lex
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\brt0401.lex
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\brt0402.lex
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\brt32.clx
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\brtphon.env
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\can129.lex
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\can32.clx
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\canphon.env
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\cze108.lex
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\cze32.clx
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\czephon.env
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\eng32.clx
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\engphon.env
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\usa03.lex
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\usa86.lex
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\usa8601.lex
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\usa8602.lex
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\usa8603.lex
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\usa8604.lex
c:\program files\adobereader\Setup Files\{AC76BA86-7AD7-1029-7B44-A81200000003}\abcpy.ini
c:\program files\adobereader\Setup Files\{AC76BA86-7AD7-1029-7B44-A81200000003}\AcroRead.msi
c:\program files\adobereader\Setup Files\{AC76BA86-7AD7-1029-7B44-A81200000003}\Data1.cab
c:\program files\adobereader\Setup Files\{AC76BA86-7AD7-1029-7B44-A81200000003}\RunTimeProp
c:\program files\adobereader\Setup Files\{AC76BA86-7AD7-1029-7B44-A81200000003}\Setup.exe
c:\program files\adobereader\Setup Files\{AC76BA86-7AD7-1029-7B44-A81200000003}\setup.ini
c:\windows\EventSystem.log
c:\windows\msmqinst.log
c:\windows\system32\277786181.dat
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET88.tmp
c:\windows\system32\SET8A.tmp
c:\windows\system32\SET8D.tmp
.
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive6 - Bootkit Sinowal was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive6 - Bootkit Sinowal was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-27 do 2012-08-27 )))))))))))))))))))))))))))))))
.
.
2012-08-26 15:44 . 2012-08-26 15:44 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4983A63D-B4FC-41BB-B69E-E105D800674B}\MpKslebf7dd75.sys
2012-08-25 18:18 . 2012-08-25 18:18 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4983A63D-B4FC-41BB-B69E-E105D800674B}\MpKsl4816f554.sys
2012-08-25 14:27 . 2012-08-25 14:27 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4983A63D-B4FC-41BB-B69E-E105D800674B}\MpKslc58642e9.sys
2012-08-25 13:09 . 2012-08-25 13:09 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4983A63D-B4FC-41BB-B69E-E105D800674B}\MpKsl1d0fc02a.sys
2012-08-25 12:59 . 2012-08-25 12:59 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4983A63D-B4FC-41BB-B69E-E105D800674B}\MpKsl42918dd2.sys
2012-08-25 12:53 . 2012-08-25 12:52 31232 ----a-w- c:\documents and settings\Radim\Data aplikací\dllexp.dll
2012-08-25 12:52 . 2012-08-27 14:51 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4983A63D-B4FC-41BB-B69E-E105D800674B}\offreg.dll
2012-08-25 11:39 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4983A63D-B4FC-41BB-B69E-E105D800674B}\mpengine.dll
2012-08-24 06:06 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-21 06:22 . 2012-08-21 06:22 -------- d-----w- c:\documents and settings\Radim\Local Settings\Data aplikací\Unity
2012-08-10 12:52 . 2012-08-10 12:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 14:08 . 2012-04-17 05:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 14:08 . 2011-05-17 04:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2004-08-18 04:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2004-08-18 04:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2004-08-18 04:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2004-08-18 04:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2004-08-18 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2004-08-18 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-18 04:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:49 . 2009-02-11 09:55 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2004-08-18 04:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-18 04:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-10-16 13:08 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2004-08-18 04:00 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2004-08-18 04:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2004-08-18 04:00 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-10-16 13:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-10-16 13:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2004-08-18 04:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2004-08-18 04:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2004-08-18 04:00 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-08-18 04:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2004-08-18 04:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2010-03-21 18:04 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-03-21 18:04 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2009-08-06 18:23 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-18 04:00 602112 ----a-w- c:\windows\system32\crypt32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files\Seznam.cz\toolbar\toolbar.dll" [2010-10-07 187672]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34AB3C4C-DA1A-4067-96F4-31452C7CFE65}"= "c:\program files\Seznam.cz\listicka.dll" [2010-10-07 1961240]
.
[HKEY_CLASSES_ROOT\clsid\{34ab3c4c-da1a-4067-96f4-31452c7cfe65}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-03-02 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-03-29 61440]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2004-01-28 184320]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2004-10-11 245760]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-03-03 77824]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4StoryPrePatch]
2011-11-28 15:43 327680 -c--a-w- d:\hry\4Story\PrePatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dllexp]
2012-08-25 12:52 31232 ----a-w- c:\documents and settings\Radim\Data aplikací\dllexp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\preload]
2004-04-20 15:49 40960 ----a-w- c:\windows\RUNXMLPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"d:\\Hry\\Metin2\\metin2client.bin"=
"d:\\Hry\\Metin2\\metin2.bin"=
"d:\\Hry\\Counter-Strike 1.8\\cstrike.exe"=
"d:\\Hry\\Valve\\hl.exe"=
"d:\\Hry\\Age of Empires II\\empires2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Hry\\Metin2\\metin2.exe"=
"d:\\Games\\Heroes of Might and Magic V\\bin\\H5_Game.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [24.7.2010 20:24 64288]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.2.2009 20:20 685816]
R1 MpKsld0857f8e;MpKsld0857f8e;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4983A63D-B4FC-41BB-B69E-E105D800674B}\MpKsld0857f8e.sys [27.8.2012 17:39 29904]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1355968]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [11.2.2009 12:29 200192]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [19.12.2000 19:29 2343]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [17.4.2012 7:38 250056]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 m0ygu0ay.sys;m0ygu0ay.sys;\??\c:\windows\system32\drivers\m0ygu0ay.sys --> c:\windows\system32\drivers\m0ygu0ay.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSLD0857F8E
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 18:25]
.
2012-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 14:08]
.
2012-08-27 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\AdobeReader\Reader\Reader_sl.exe
MSConfigStartUp-9U7F2A5A2Z0EYA7JT - c:\flashplayer\FlashPlayer.exe
MSConfigStartUp-Internet Security - c:\documents and settings\All Users\Data aplikací\isecurity.exe
MSConfigStartUp-{05886FB8-96AD-95B5-9ADB-8B426FCFA39B} - c:\documents and settings\Radim\Data aplikací\Suecul\avyqa.exe
AddRemove-Counter-Strike - c:\documents and settings\Radim\Plocha\Hry\Counter-Strike\Uninst.exe
AddRemove-sc09-ORF_MAIN - c:\games\ORF-Ski Challenge 2009\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-27 17:39
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1048)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2872)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLTRAY.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\acer\eManager\anbmServ.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2012-08-27 17:46:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-27 15:46
.
Před spuštěním: 5 011 165 184
Po spuštění: Volných bajtů: 25 074 491 392
.
- - End Of File - - 94CBE9D6A978E1E5FB33EEE70D58E933

Zde je nahrana karantena:
http://uloz.to/xguy77G/quarantine-rar

Predem diky

Vse provedeno, prikladam log z avengeru:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "xpsec" deleted successfully.
Driver "xcpip" deleted successfully.
Driver "m0ygu0ay.sys" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List|65533:TCP" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List|52344:TCP" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List|3389:TCP" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Vse provedeno:

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 15 Model 36 Stepping 2, AuthenticAMD
BOOT           : Normal Boot
DATE           : 2012/08/28 (ISO 8601) at 18:39:11
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST9160821A (3.ALE)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	149.1 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : 9B3E3174019C0044B13447B31F26715C
MBR_SHA1  : EDD543DE698E90B28D725CD4F12B3FB6CA8229F2

Device\Harddisk0\Partition1	39.06 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	110.0 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\WINDOWS\System32\Drivers\a0lgko90.SYS => Invisible on the disk
ADDRESS : 0xB941C000
SIZE    : 412.0 Ko

SystemStartOptions : FASTDETECT

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.Ð¼.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61   2ä.V.Í.ëÖaùÃInva
0x00000130   6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61   lid partition ta
0x00000140   62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E   ble.Error loadin
0x00000150   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x00000160   65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61   em.Missing opera
0x00000170   74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00   ting system.....
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 63 FD 34 FE 34 00 00 80 01   .....,Dcý4þ4....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 EC ED E1 04 00 00   ...þ..?...ìíá...
0x000001D0   C1 FF 07 FE FF FF 2B EE E1 04 96 9C BF 0D 00 00   Á..þ..+îá...¿...
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    33c0            XOR AX, AX   
0x0002    8ed0            MOV SS, AX   
0x0004    bc 007c         MOV SP, 0x7c00   
0x0007    fb              STI   
0x0008    50              PUSH AX   
0x0009    07              POP ES   
0x000A    50              PUSH AX   
0x000B    1f              POP DS   
0x000C    fc              CLD   
0x000D    be 1b7c         MOV SI, 0x7c1b   
0x0010    bf 1b06         MOV DI, 0x61b   
0x0013    50              PUSH AX   
0x0014    57              PUSH DI   
0x0015    b9 e501         MOV CX, 0x1e5   
0x0018    f3 a4           REP MOVSB   
0x001A    cb              RETF   
0x001B    bd be07         MOV BP, 0x7be   
0x001E    b1 04           MOV CL, 0x4   
0x0020    386e 00         CMP [BP+0x0], CH   
0x0023    7c 09           JL 0x2e   
0x0025    75 13           JNZ 0x3a   
0x0027    83c5 10         ADD BP, 0x10   
0x002A    e2 f4           LOOP 0x20   
0x002C    cd 18           INT 0x18   
0x002E    8bf5            MOV SI, BP   
0x0030    83c6 10         ADD SI, 0x10   
0x0033    49              DEC CX   
0x0034    74 19           JZ 0x4f   
0x0036    382c            CMP [SI], CH   
0x0038    74 f6           JZ 0x30   
0x003A    a0 b507         MOV AL, [0x7b5]   
0x003D    b4 07           MOV AH, 0x7   
0x003F    8bf0            MOV SI, AX   
0x0041    ac              LODSB   
0x0042    3c 00           CMP AL, 0x0   
0x0044    74 fc           JZ 0x42   
0x0046    bb 0700         MOV BX, 0x7   
0x0049    b4 0e           MOV AH, 0xe   
0x004B    cd 10           INT 0x10   
0x004D    eb f2           JMP 0x41   
0x004F    884e 10         MOV [BP+0x10], CL   
0x0052    e8 4600         CALL 0x9b   
0x0055    73 2a           JAE 0x81   
0x0057    fe46 10         INC BYTE [BP+0x10]   
0x005A    807e 04 0b      CMP BYTE [BP+0x4], 0xb   
0x005E    74 0b           JZ 0x6b   
0x0060    807e 04 0c      CMP BYTE [BP+0x4], 0xc   
0x0064    74 05           JZ 0x6b   
0x0066    a0 b607         MOV AL, [0x7b6]   
0x0069    75 d2           JNZ 0x3d   
0x006B    8046 02 06      ADD BYTE [BP+0x2], 0x6   
0x006F    8346 08 06      ADD WORD [BP+0x8], 0x6   
0x0073    8356 0a 00      ADC WORD [BP+0xa], 0x0   
0x0077    e8 2100         CALL 0x9b   
0x007A    73 05           JAE 0x81   
0x007C    a0 b607         MOV AL, [0x7b6]   
0x007F    eb bc           JMP 0x3d   
0x0081    813e fe7d 55aa  CMP WORD [0x7dfe], 0xaa55   
0x0087    74 0b           JZ 0x94   
0x0089    807e 10 00      CMP BYTE [BP+0x10], 0x0   
0x008D    74 c8           JZ 0x57   
0x008F    a0 b707         MOV AL, [0x7b7]   
0x0092    eb a9           JMP 0x3d   
0x0094    8bfc            MOV DI, SP   
0x0096    1e              PUSH DS   
0x0097    57              PUSH DI   
0x0098    8bf5            MOV SI, BP   
0x009A    cb              RETF   
0x009B    bf 0500         MOV DI, 0x5   
0x009E    8a56 00         MOV DL, [BP+0x0]   
0x00A1    b4 08           MOV AH, 0x8   
0x00A3    cd 13           INT 0x13   
0x00A5    72 23           JB 0xca   
0x00A7    8ac1            MOV AL, CL   
0x00A9    24 3f           AND AL, 0x3f   
0x00AB    98              CBW   
0x00AC    8ade            MOV BL, DH   
0x00AE    8afc            MOV BH, AH   
0x00B0    43              INC BX   
0x00B1    f7e3            MUL BX   
0x00B3    8bd1            MOV DX, CX   
0x00B5    86d6            XCHG DH, DL   
0x00B7    b1 06           MOV CL, 0x6   
0x00B9    d2ee            SHR DH, CL   
0x00BB    42              INC DX   
0x00BC    f7e2            MUL DX   
0x00BE    3956 0a         CMP [BP+0xa], DX   
0x00C1    77 23           JA 0xe6   
0x00C3    72 05           JB 0xca   
0x00C5    3946 08         CMP [BP+0x8], AX   
0x00C8    73 1c           JAE 0xe6   
0x00CA    b8 0102         MOV AX, 0x201   
0x00CD    bb 007c         MOV BX, 0x7c00   
0x00D0    8b4e 02         MOV CX, [BP+0x2]   
0x00D3    8b56 00         MOV DX, [BP+0x0]   
0x00D6    cd 13           INT 0x13   
0x00D8    73 51           JAE 0x12b   
0x00DA    4f              DEC DI   
0x00DB    74 4e           JZ 0x12b   
0x00DD    32e4            XOR AH, AH   
0x00DF    8a56 00         MOV DL, [BP+0x0]   
0x00E2    cd 13           INT 0x13   
0x00E4    eb e4           JMP 0xca   
0x00E6    8a56 00         MOV DL, [BP+0x0]   
0x00E9    60              PUSHA   
0x00EA    bb aa55         MOV BX, 0x55aa   
0x00ED    b4 41           MOV AH, 0x41   
0x00EF    cd 13           INT 0x13   
0x00F1    72 36           JB 0x129   
0x00F3    81fb 55aa       CMP BX, 0xaa55   
0x00F7    75 30           JNZ 0x129   
0x00F9    f6c1 01         TEST CL, 0x1   
0x00FC    74 2b           JZ 0x129   
0x00FE    61              POPA   
0x00FF    60              PUSHA   
0x0100    6a 00           PUSH 0x0   
0x0102    6a 00           PUSH 0x0   
0x0104    ff76 0a         PUSH WORD [BP+0xa]   
0x0107    ff76 08         PUSH WORD [BP+0x8]   
0x010A    6a 00           PUSH 0x0   
0x010C    68 007c         PUSH 0x7c00   
0x010F    6a 01           PUSH 0x1   
0x0111    6a 10           PUSH 0x10   
0x0113    b4 42           MOV AH, 0x42   
0x0115    8bf4            MOV SI, SP   
0x0117    cd 13           INT 0x13   
0x0119    61              POPA   
0x011A    61              POPA   
0x011B    73 0e           JAE 0x12b   
0x011D    4f              DEC DI   
0x011E    74 0b           JZ 0x12b   
0x0120    32e4            XOR AH, AH   
0x0122    8a56 00         MOV DL, [BP+0x0]   
0x0125    cd 13           INT 0x13   
0x0127    eb d6           JMP 0xff   
0x0129    61              POPA   
0x012A    f9              STC   
0x012B    c3              RET   
0x012C    49              DEC CX   
0x012D    6e              OUTSB   
0x012E    76 61           JBE 0x191   
0x0130    6c              INSB   
0x0131    6964 20 7061    IMUL SP, [SI+0x20], 0x6170   
0x0136    72 74           JB 0x1ac   
0x0138    6974 69 6f6e    IMUL SI, [SI+0x69], 0x6e6f   
0x013D    2074 61         AND [SI+0x61], DH   
0x0140    626c 65         BOUND BP, [SI+0x65]   
0x0143    0045 72         ADD [DI+0x72], AL   
0x0146    72 6f           JB 0x1b7   
0x0148    72 20           JB 0x16a   
0x014A    6c              INSB   
0x014B    6f              OUTSW   
0x014C    61              POPA   
0x014D    64 696e 67 206f IMUL BP, FS:[BP+0x67], 0x6f20   
0x0153    70 65           JO 0x1ba   
0x0155    72 61           JB 0x1b8   
0x0157    74 69           JZ 0x1c2   
0x0159    6e              OUTSB   
0x015A    67 2073 79      AND [EBX+0x79], DH   
0x015E    73 74           JAE 0x1d4   
0x0160    65 6d           INS WORD GS:[DI], DX   
0x0162    004d 69         ADD [DI+0x69], CL   
0x0165    73 73           JAE 0x1da   
0x0167    696e 67 206f    IMUL BP, [BP+0x67], 0x6f20   
0x016C    70 65           JO 0x1d3   
0x016E    72 61           JB 0x1d1   
0x0170    74 69           JZ 0x1db   
0x0172    6e              OUTSB   
0x0173    67 2073 79      AND [EBX+0x79], DH   
0x0177    73 74           JAE 0x1ed   
0x0179    65 6d           INS WORD GS:[DI], DX   
0x017B    0000            ADD [BX+SI], AL   
0x017D    0000            ADD [BX+SI], AL   
0x017F    0000            ADD [BX+SI], AL   
0x0181    0000            ADD [BX+SI], AL   
0x0183    0000            ADD [BX+SI], AL   
0x0185    0000            ADD [BX+SI], AL   
0x0187    0000            ADD [BX+SI], AL   
0x0189    0000            ADD [BX+SI], AL   
0x018B    0000            ADD [BX+SI], AL   
0x018D    0000            ADD [BX+SI], AL   
0x018F    0000            ADD [BX+SI], AL   
0x0191    0000            ADD [BX+SI], AL   
0x0193    0000            ADD [BX+SI], AL   
0x0195    0000            ADD [BX+SI], AL   
0x0197    0000            ADD [BX+SI], AL   
0x0199    0000            ADD [BX+SI], AL   
0x019B    0000            ADD [BX+SI], AL   
0x019D    0000            ADD [BX+SI], AL   
0x019F    0000            ADD [BX+SI], AL   
0x01A1    0000            ADD [BX+SI], AL   
0x01A3    0000            ADD [BX+SI], AL   
0x01A5    0000            ADD [BX+SI], AL   
0x01A7    0000            ADD [BX+SI], AL   
0x01A9    0000            ADD [BX+SI], AL   
0x01AB    0000            ADD [BX+SI], AL   
0x01AD    0000            ADD [BX+SI], AL   
0x01AF    0000            ADD [BX+SI], AL   
0x01B1    0000            ADD [BX+SI], AL   
0x01B3    0000            ADD [BX+SI], AL   
0x01B5    2c 44           SUB AL, 0x44   
0x01B7    63fd            ARPL BP, DI   
0x01B9    34 fe           XOR AL, 0xfe   
0x01BB    34 00           XOR AL, 0x0   
0x01BD    0080 0101       ADD [BX+SI+0x101], AL   
0x01C1    0007            ADD [BX], AL   
0x01C3    fe              DB 0xfe   
0x01C4    ff              DB 0xff   
0x01C5    ff              DB 0xff   
0x01C6    3f              AAS   
0x01C7    0000            ADD [BX+SI], AL   
0x01C9    00ec            ADD AH, CH   
0x01CB    ed              IN AX, DX   
0x01CC    e1 04           LOOPZ 0x1d2   
0x01CE    0000            ADD [BX+SI], AL   
0x01D0    c1ff 07         SAR DI, 0x7   
0x01D3    fe              DB 0xfe   
0x01D4    ff              DB 0xff   
0x01D5    ff2b            JMP FAR WORD [BP+DI]   
0x01D7    ee              OUT DX, AL   
0x01D8    e1 04           LOOPZ 0x1de   
0x01DA    96              XCHG SI, AX   
0x01DB    9c              PUSHF   
0x01DC    bf 0d00         MOV DI, 0xd   
0x01DF    0000            ADD [BX+SI], AL   
0x01E1    0000            ADD [BX+SI], AL   
0x01E3    0000            ADD [BX+SI], AL   
0x01E5    0000            ADD [BX+SI], AL   
0x01E7    0000            ADD [BX+SI], AL   
0x01E9    0000            ADD [BX+SI], AL   
0x01EB    0000            ADD [BX+SI], AL   
0x01ED    0000            ADD [BX+SI], AL   
0x01EF    0000            ADD [BX+SI], AL   
0x01F1    0000            ADD [BX+SI], AL   
0x01F3    0000            ADD [BX+SI], AL   
0x01F5    0000            ADD [BX+SI], AL   
0x01F7    0000            ADD [BX+SI], AL   
0x01F9    0000            ADD [BX+SI], AL   
0x01FB    0000            ADD [BX+SI], AL   
0x01FD    0055 aa         ADD [DI-0x56], DL

cf log:

ComboFix 12-08-28.01 - Radim 28.08.2012 18:08:11.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1544 [GMT 2:00]
Spuštěný z: c:\documents and settings\Radim\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-28 do 2012-08-28 )))))))))))))))))))))))))))))))
.
.
2012-08-28 16:42 . 2012-08-28 16:42 512 ----a-w- C:\PhysicalMBR.bin
2012-08-28 16:35 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D3847F08-3D8F-4700-B169-CD1D112FFD77}\mpengine.dll
2012-08-27 16:22 . 2012-08-27 16:22 -------- d-----w- c:\program files\CCleaner
2012-08-27 16:07 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-27 16:03 . 2012-08-27 17:33 -------- d-----w- c:\windows\SxsCaPendDel
2012-08-27 16:01 . 2012-08-27 16:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-27 16:01 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-25 12:53 . 2012-08-25 12:52 31232 ----a-w- c:\documents and settings\Radim\Data aplikací\dllexp.dll
2012-08-21 06:22 . 2012-08-21 06:22 -------- d-----w- c:\documents and settings\Radim\Local Settings\Data aplikací\Unity
2012-08-10 12:52 . 2012-08-10 12:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 14:08 . 2012-04-17 05:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 14:08 . 2011-05-17 04:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2004-08-18 04:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2004-08-18 04:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2004-08-18 04:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2004-08-18 04:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2004-08-18 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2004-08-18 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-18 04:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:49 . 2009-02-11 09:55 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2004-08-18 04:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-18 04:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-10-16 13:08 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2004-08-18 04:00 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2004-08-18 04:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2004-08-18 04:00 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-10-16 13:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-10-16 13:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2004-08-18 04:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2004-08-18 04:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2004-08-18 04:00 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-08-18 04:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2004-08-18 04:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2010-03-21 18:04 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-03-21 18:04 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2009-08-06 18:23 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-18 04:00 602112 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-27_15.36.53 )))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files\Seznam.cz\toolbar\toolbar.dll" [2010-10-07 187672]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34AB3C4C-DA1A-4067-96F4-31452C7CFE65}"= "c:\program files\Seznam.cz\listicka.dll" [2010-10-07 1961240]
.
[HKEY_CLASSES_ROOT\clsid\{34ab3c4c-da1a-4067-96f4-31452c7cfe65}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-03-02 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-03-29 61440]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2004-01-28 184320]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2004-10-11 245760]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-03-03 77824]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4StoryPrePatch]
2011-11-28 15:43 327680 -c--a-w- d:\hry\4Story\PrePatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dllexp]
2012-08-25 12:52 31232 ----a-w- c:\documents and settings\Radim\Data aplikací\dllexp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\preload]
2004-04-20 15:49 40960 ----a-w- c:\windows\RUNXMLPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"d:\\Hry\\Metin2\\metin2client.bin"=
"d:\\Hry\\Metin2\\metin2.bin"=
"d:\\Hry\\Counter-Strike 1.8\\cstrike.exe"=
"d:\\Hry\\Valve\\hl.exe"=
"d:\\Hry\\Age of Empires II\\empires2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Hry\\Metin2\\metin2.exe"=
"d:\\Games\\Heroes of Might and Magic V\\bin\\H5_Game.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [24.7.2010 20:24 64288]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.2.2009 20:20 685816]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [11.2.2009 12:29 200192]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [19.12.2000 19:29 2343]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [17.4.2012 7:38 250056]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 14:08]
.
2012-08-28 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-28 18:12
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3096)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-08-28 18:13:40
ComboFix-quarantined-files.txt 2012-08-28 16:13
ComboFix2.txt 2012-08-28 13:54
ComboFix3.txt 2012-08-28 13:36
ComboFix4.txt 2012-08-27 15:46
.
Před spuštěním: Volných bajtů: 24 710 545 408
Po spuštění: Volných bajtů: 24 700 416 000
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
.
- - End Of File - - 01C88DCFB54E3D27387D2686E13765C7

ok v pohode

vysledky:
https://www.virustotal.com/file/3b29702 ... 346260402/

https://www.virustotal.com/file/eb60a86 ... 346260512/

Jak to tu vypadá?

Vzhledem k tomu, že toto vlákno je neaktivní, zamykám

VIRY.CZ

Vir v MBR, prosim o kontrolu

Vir v MBR, prosim o kontrolu

Re: Vir v MBR, prosim o kontrolu

Re: Vir v MBR, prosim o kontrolu

Re: Vir v MBR, prosim o kontrolu

Re: Vir v MBR, prosim o kontrolu

Re: Vir v MBR, prosim o kontrolu

Re: Vir v MBR, prosim o kontrolu

Re: Vir v MBR, prosim o kontrolu