Virtumonde.sci

[origosch]

Mám problém s virtumonde.sci. Mohu požádat o kontrolu logu?

Logfile of HijackThis v1.99.1
Scan saved at 11:28:50, on 9.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Altap Salamander 2.5\SALAMAND.exe
C:\Documents and Settings\Administrator\Local Settings\temp\SAL43C.tmp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2515589562
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
Děkuji.

[meteorolog]

Dobrý den

vložte sem log z RSIT podle návodu

[origosch]

Zdravím, tady je log z RSIT, Dík.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-01-09 17:44:24
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (8%) free of 38 GB
Total RAM: 767 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45:00, on 9.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 3\firefox.exe
C:\Program Files\Altap Salamander 2.5\SALAMAND.exe
D:\EMAIL\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2515589562
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 4200 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2010-01-08 949376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-09-02 205256]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-09-02 205256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kerio VPN Client]
C:\Program Files\Kerio\VPN Client\kvpncgui.exe [2009-10-26 4986728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KTSInit]
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Mozilla\Firefox\Mozilla Firefox\updates\0 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
SiSPower.dll,ModeAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Rapidown.lnk]
C:\PROGRA~1\Rapidown\rapidown.exe [2010-01-03 1044992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Reminder-cor40212.lnk]
C:\PROGRA~1\Corel\GRAPHI~1\Register\Remind32.exe [1998-07-23 67584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.exe.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1998-05-06 108544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-18 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Utility Tray.lnk]
C:\WINDOWS\system32\sistray.exe [2007-01-23 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ZDWLan Utility.lnk]
C:\PROGRA~1\ZYDAST~1\ZYDAS_~1.11G\ZDWlan.exe [2006-09-01 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2
"Autodata Limited License Service"=2
"aawservice"=2
"UPS"=3
"TermService"=3
"TapiSrv"=3
"StarWindServiceAE"=2
"KVPNCSvc"=2
"FastUserSwitchingCompatibility"=3
"NMIndexingService"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Administrator\Plocha\winbox.exe"="C:\Documents and Settings\Administrator\Plocha\winbox.exe:*:Enabled:winbox"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2103-01-01 06:09:49 ----A---- C:\WINDOWS\system32\h323log.txt
2103-01-01 05:29:11 ----A---- C:\WINDOWS\system32\usbui.dll
2103-01-01 05:28:00 ----A---- C:\WINDOWS\imsins.BAK
2103-01-01 05:27:56 ----SHD---- C:\WINDOWS\Installer
2103-01-01 05:27:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2103-01-01 05:27:55 ----D---- C:\Program Files\Common Files\ODBC
2103-01-01 05:27:55 ----A---- C:\WINDOWS\ODBCINST.INI
2103-01-01 05:27:51 ----D---- C:\Program Files\Common Files\SpeechEngines
2103-01-01 05:27:50 ----RD---- C:\Program Files
2103-01-01 05:27:50 ----D---- C:\Program Files\Common Files\Microsoft Shared
2103-01-01 05:27:50 ----D---- C:\Program Files\Common Files
2103-01-01 05:27:46 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2103-01-01 05:27:46 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2103-01-01 05:27:46 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2103-01-01 05:27:44 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2103-01-01 05:27:44 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2103-01-01 05:27:43 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2103-01-01 05:27:43 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2103-01-01 05:27:43 ----RA---- C:\WINDOWS\system32\kbdur.dll
2103-01-01 05:27:43 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2103-01-01 05:27:43 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2103-01-01 05:27:43 ----RA---- C:\WINDOWS\system32\kbdru.dll
2103-01-01 05:27:43 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2103-01-01 05:27:43 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2103-01-01 05:27:43 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2103-01-01 05:27:43 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2103-01-01 05:27:40 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2103-01-01 05:27:40 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2103-01-01 05:27:40 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2103-01-01 05:27:40 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2103-01-01 05:27:40 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2103-01-01 05:27:40 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2103-01-01 05:27:40 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2103-01-01 05:27:38 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2103-01-01 05:27:38 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2103-01-01 05:27:38 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2103-01-01 05:27:38 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2103-01-01 05:27:38 ----RA---- C:\WINDOWS\system32\kbdest.dll
2103-01-01 05:27:34 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2103-01-01 05:27:33 ----A---- C:\WINDOWS\system32\kbdycl.dll
2103-01-01 05:27:33 ----A---- C:\WINDOWS\system32\kbdsl.dll
2103-01-01 05:27:33 ----A---- C:\WINDOWS\system32\kbdro.dll
2103-01-01 05:27:33 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2103-01-01 05:27:33 ----A---- C:\WINDOWS\system32\kbdpl.dll
2103-01-01 05:27:33 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2103-01-01 05:27:33 ----A---- C:\WINDOWS\system32\kbdhu.dll
2103-01-01 05:27:33 ----A---- C:\WINDOWS\system32\kbdcr.dll
2103-01-01 05:27:33 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2103-01-01 05:27:31 ----A---- C:\WINDOWS\system32\spxcoins.dll
2103-01-01 05:27:31 ----A---- C:\WINDOWS\system32\irclass.dll
2103-01-01 05:27:31 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2103-01-01 05:27:31 ----A---- C:\WINDOWS\system32\dgsetup.dll
2103-01-01 05:27:31 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2103-01-01 05:27:28 ----A---- C:\WINDOWS\TASKMAN.EXE
2103-01-01 05:27:27 ----A---- C:\WINDOWS\system32\batt.dll
2103-01-01 05:27:26 ----A---- C:\WINDOWS\NOTEPAD.EXE
2103-01-01 05:27:25 ----A---- C:\WINDOWS\system32\storprop.dll
2103-01-01 05:27:16 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2103-01-01 05:27:00 ----D---- C:\WINDOWS\system32\CatRoot2
2103-01-01 05:27:00 ----D---- C:\WINDOWS\system32\CatRoot
2103-01-01 05:26:54 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2103-01-01 05:26:32 ----A---- C:\WINDOWS\setuplog.txt
2103-01-01 05:26:29 ----D---- C:\Documents and Settings
2103-01-01 05:25:46 ----RASH---- C:\boot.ini
2103-01-01 05:24:44 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Identities
2103-01-01 05:24:42 ----HD---- C:\Program Files\Uninstall Information
2103-01-01 05:24:34 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2103-01-01 05:24:33 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2103-01-01 05:24:25 ----D---- C:\WINDOWS\SoftwareDistribution
2103-01-01 05:24:24 ----D---- C:\WINDOWS\Prefetch
2103-01-01 05:24:23 ----SD---- C:\WINDOWS\system32\Microsoft
2103-01-01 05:24:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2103-01-01 05:20:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2103-01-01 05:20:26 ----RSD---- C:\WINDOWS\Fonts
2103-01-01 05:20:26 ----RD---- C:\WINDOWS\Web
2103-01-01 05:20:26 ----HD---- C:\WINDOWS\inf
2103-01-01 05:20:26 ----D---- C:\WINDOWS\WinSxS
2103-01-01 05:20:26 ----D---- C:\WINDOWS\twain_32
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\wins
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\wbem
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\usmt
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\spool
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\ShellExt
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\Setup
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\ras
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\oobe
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\npp
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\mui
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\inetsrv
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\IME
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\icsxml
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\ias
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\export
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\drivers
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\dhcp
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\cs-cz
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\cs
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\config
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\3com_dmi
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\3076
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\2052
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\1054
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\1042
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\1041
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\1037
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\1033
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\1031
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\1029
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\1028
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\1025
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system
2103-01-01 05:20:26 ----D---- C:\WINDOWS\security
2103-01-01 05:20:26 ----D---- C:\WINDOWS\Resources
2103-01-01 05:20:26 ----D---- C:\WINDOWS\repair
2103-01-01 05:20:26 ----D---- C:\WINDOWS\Provisioning
2103-01-01 05:20:26 ----D---- C:\WINDOWS\pchealth
2103-01-01 05:20:26 ----D---- C:\WINDOWS\PeerNet
2103-01-01 05:20:26 ----D---- C:\WINDOWS\Network Diagnostic
2103-01-01 05:20:26 ----D---- C:\WINDOWS\mui
2103-01-01 05:20:26 ----D---- C:\WINDOWS\msapps
2103-01-01 05:20:26 ----D---- C:\WINDOWS\msagent
2103-01-01 05:20:26 ----D---- C:\WINDOWS\Media
2103-01-01 05:20:26 ----D---- C:\WINDOWS\L2Schemas
2103-01-01 05:20:26 ----D---- C:\WINDOWS\java
2103-01-01 05:20:26 ----D---- C:\WINDOWS\ime
2103-01-01 05:20:26 ----D---- C:\WINDOWS\Help
2103-01-01 05:20:26 ----D---- C:\WINDOWS\ehome
2103-01-01 05:20:26 ----D---- C:\WINDOWS\Driver Cache
2103-01-01 05:20:26 ----D---- C:\WINDOWS\Debug
2103-01-01 05:20:26 ----D---- C:\WINDOWS\Cursors
2103-01-01 05:20:26 ----D---- C:\WINDOWS\Connection Wizard
2103-01-01 05:20:26 ----D---- C:\WINDOWS\Config
2103-01-01 05:20:26 ----D---- C:\WINDOWS\AppPatch
2103-01-01 05:20:26 ----D---- C:\WINDOWS\addins
2103-01-01 05:20:26 ----D---- C:\WINDOWS
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP662c.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5999.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5738.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5718.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5709.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP56bb.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP567c.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP565d.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP564d.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP563e.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP561e.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP560f.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP55a2.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP55a1.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5563.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5536.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5535.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5534.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5524.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5515.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5505.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP54f6.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP54d8.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP54d7.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP54d6.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP54b8.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP54b7.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP54a8.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP54a7.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP547a.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5479.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP546a.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5469.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP545a.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5459.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP544a.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP540d.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP540c.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP540b.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP53fd.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP53fc.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP53ef.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP53ee.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP53ed.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP53ec.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP53dc.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP53cd.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP53be.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP53bd.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP53ad.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP538f.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP538e.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5380.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP537f.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5370.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP536f.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP535f.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5340.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5330.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5323.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5322.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5321.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5312.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5311.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5303.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5302.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP52f3.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP52f2.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP52e2.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP52d4.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP52d3.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP52c3.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP52b3.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP52a5.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP52a4.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5294.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5275.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP5246.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP4b12.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP4778.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP46cd.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP45d3.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP45c3.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP44aa.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP3fe7.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP2e05.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP2df5.tmp
2103-01-01 05:20:26 ----A---- C:\WINDOWS\DUMP2d88.tmp
2103-01-01 05:17:17 ----D---- C:\WINDOWS\system32\xircom
2103-01-01 05:17:17 ----D---- C:\Program Files\xerox
2103-01-01 05:17:17 ----D---- C:\Program Files\microsoft frontpage
2103-01-01 05:16:31 ----A---- C:\WINDOWS\OEWABLog.txt
2103-01-01 05:16:26 ----A---- C:\WINDOWS\system32\mapi32.dll
2103-01-01 05:15:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2103-01-01 05:15:17 ----RD---- C:\WINDOWS\Offline Web Pages
2103-01-01 05:15:17 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2103-01-01 05:15:10 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2103-01-01 05:15:04 ----HD---- C:\Program Files\WindowsUpdate
2103-01-01 05:14:59 ----D---- C:\Program Files\Online Services
2103-01-01 05:14:38 ----D---- C:\WINDOWS\system32\DirectX
2103-01-01 05:14:31 ----A---- C:\WINDOWS\system32\atrace.dll
2103-01-01 05:14:28 ----A---- C:\WINDOWS\system32\desktop.ini
2103-01-01 05:14:28 ----A---- C:\WINDOWS\desktop.ini
2103-01-01 05:14:19 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2103-01-01 05:14:18 ----A---- C:\WINDOWS\system32\acctres.dll
2103-01-01 05:14:17 ----D---- C:\Program Files\Common Files\Services
2103-01-01 05:14:14 ----SD---- C:\WINDOWS\Tasks
2103-01-01 05:14:14 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2103-01-01 05:14:12 ----D---- C:\Program Files\Common Files\MSSoap
2103-01-01 05:14:08 ----D---- C:\WINDOWS\srchasst
2103-01-01 05:14:07 ----D---- C:\WINDOWS\system32\Macromed
2103-01-01 05:14:03 ----A---- C:\WINDOWS\system32\wuweb.dll
2103-01-01 05:14:03 ----A---- C:\WINDOWS\system32\wucltui.dll
2103-01-01 05:14:03 ----A---- C:\WINDOWS\system32\wuauserv.dll
2103-01-01 05:14:03 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2103-01-01 05:14:02 ----N---- C:\WINDOWS\system32\wuauclt.exe
2103-01-01 05:14:02 ----A---- C:\WINDOWS\system32\wups.dll
2103-01-01 05:14:02 ----A---- C:\WINDOWS\system32\wuaueng.dll
2103-01-01 05:14:02 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2103-01-01 05:14:02 ----A---- C:\WINDOWS\system32\wuapi.dll
2103-01-01 05:14:02 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2103-01-01 05:14:02 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2103-01-01 05:14:01 ----N---- C:\WINDOWS\system32\qmgr.dll
2103-01-01 05:14:01 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2103-01-01 05:14:01 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2103-01-01 05:13:57 ----D---- C:\Program Files\Movie Maker
2103-01-01 05:13:34 ----A---- C:\WINDOWS\system32\safrslv.dll
2103-01-01 05:13:34 ----A---- C:\WINDOWS\system32\safrdm.dll
2103-01-01 05:13:34 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2103-01-01 05:13:34 ----A---- C:\WINDOWS\system32\racpldlg.dll
2103-01-01 05:13:30 ----A---- C:\WINDOWS\system32\fltMc.exe
2103-01-01 05:13:30 ----A---- C:\WINDOWS\system32\fltlib.dll
2103-01-01 05:13:29 ----N---- C:\WINDOWS\system32\srsvc.dll
2103-01-01 05:13:29 ----D---- C:\WINDOWS\system32\Restore
2103-01-01 05:13:29 ----A---- C:\WINDOWS\system32\srrstr.dll
2103-01-01 05:13:29 ----A---- C:\WINDOWS\system32\srclient.dll
2103-01-01 05:13:28 ----A---- C:\WINDOWS\system32\mnmdd.dll
2103-01-01 05:13:28 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2103-01-01 05:13:28 ----A---- C:\WINDOWS\system32\ils.dll
2103-01-01 05:13:27 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2103-01-01 05:13:27 ----A---- C:\WINDOWS\system32\msconf.dll
2103-01-01 05:13:27 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2103-01-01 05:13:24 ----D---- C:\Program Files\NetMeeting
2103-01-01 05:13:24 ----A---- C:\WINDOWS\system32\msoert2.dll
2103-01-01 05:13:23 ----A---- C:\WINDOWS\system32\msoeacct.dll
2103-01-01 05:13:22 ----A---- C:\WINDOWS\system32\inetres.dll
2103-01-01 05:13:22 ----A---- C:\WINDOWS\system32\inetcomm.dll
2103-01-01 05:13:19 ----N---- C:\WINDOWS\system32\schedsvc.dll
2103-01-01 05:13:19 ----D---- C:\Program Files\Outlook Express
2103-01-01 05:13:19 ----A---- C:\WINDOWS\system32\mstinit.exe
2103-01-01 05:13:19 ----A---- C:\WINDOWS\system32\mstask.dll
2103-01-01 05:13:19 ----A---- C:\WINDOWS\system32\icwphbk.dll
2103-01-01 05:13:18 ----A---- C:\WINDOWS\system32\isign32.dll
2103-01-01 05:13:18 ----A---- C:\WINDOWS\system32\inetcfg.dll
2103-01-01 05:13:18 ----A---- C:\WINDOWS\system32\icwdial.dll
2103-01-01 05:13:11 ----D---- C:\Program Files\Common Files\System
2103-01-01 05:13:10 ----D---- C:\Program Files\Internet Explorer
2103-01-01 05:12:19 ----A---- C:\WINDOWS\vbaddin.ini
2103-01-01 05:12:19 ----A---- C:\WINDOWS\vb.ini
2103-01-01 05:12:14 ----D---- C:\WINDOWS\Registration
2103-01-01 05:12:05 ----D---- C:\Program Files\Windows Media Player
2103-01-01 05:11:58 ----D---- C:\Program Files\Messenger
2103-01-01 05:11:53 ----D---- C:\Program Files\MSN Gaming Zone
2103-01-01 05:11:53 ----A---- C:\WINDOWS\system32\write.exe
2103-01-01 05:11:41 ----A---- C:\WINDOWS\system32\sndvol32.exe
2103-01-01 05:11:41 ----A---- C:\WINDOWS\system32\hticons.dll
2103-01-01 05:11:40 ----A---- C:\WINDOWS\system32\avwav.dll
2103-01-01 05:11:40 ----A---- C:\WINDOWS\system32\avtapi.dll
2103-01-01 05:11:40 ----A---- C:\WINDOWS\system32\avmeter.dll
2103-01-01 05:11:39 ----A---- C:\WINDOWS\system32\winchat.exe
2103-01-01 05:11:30 ----A---- C:\WINDOWS\system32\charmap.exe
2103-01-01 05:11:30 ----A---- C:\WINDOWS\system32\getuname.dll
2103-01-01 05:11:30 ----A---- C:\WINDOWS\system32\calc.exe
2103-01-01 05:11:29 ----A---- C:\WINDOWS\system32\winmine.exe
2103-01-01 05:11:29 ----A---- C:\WINDOWS\system32\sol.exe
2103-01-01 05:11:29 ----A---- C:\WINDOWS\system32\mshearts.exe
2103-01-01 05:11:28 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2103-01-01 05:11:28 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2103-01-01 05:11:28 ----A---- C:\WINDOWS\system32\tslabels.ini
2103-01-01 05:11:28 ----A---- C:\WINDOWS\system32\tskill.exe
2103-01-01 05:11:28 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2103-01-01 05:11:28 ----A---- C:\WINDOWS\system32\tscon.exe
2103-01-01 05:11:28 ----A---- C:\WINDOWS\system32\reset.exe
2103-01-01 05:11:28 ----A---- C:\WINDOWS\system32\freecell.exe
2103-01-01 05:11:27 ----A---- C:\WINDOWS\system32\shadow.exe
2103-01-01 05:11:27 ----A---- C:\WINDOWS\system32\rwinsta.exe
2103-01-01 05:11:27 ----A---- C:\WINDOWS\system32\regini.exe
2103-01-01 05:11:27 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2103-01-01 05:11:27 ----A---- C:\WINDOWS\system32\qwinsta.exe
2103-01-01 05:11:27 ----A---- C:\WINDOWS\system32\qappsrv.exe
2103-01-01 05:11:27 ----A---- C:\WINDOWS\system32\msg.exe
2103-01-01 05:11:27 ----A---- C:\WINDOWS\system32\logoff.exe
2103-01-01 05:11:26 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2103-01-01 05:11:26 ----A---- C:\WINDOWS\system32\cdmodem.dll
2103-01-01 05:11:19 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2103-01-01 05:11:18 ----A---- C:\WINDOWS\system32\accwiz.exe
2103-01-01 05:11:17 ----A---- C:\WINDOWS\system32\sndrec32.exe
2103-01-01 05:11:17 ----A---- C:\WINDOWS\system32\mplay32.exe
2103-01-01 05:11:17 ----A---- C:\WINDOWS\system32\hypertrm.dll
2103-01-01 05:11:16 ----D---- C:\Program Files\Windows NT
2103-01-01 05:11:16 ----A---- C:\WINDOWS\system32\mspaint.exe
2103-01-01 05:11:16 ----A---- C:\WINDOWS\system32\clipbrd.exe
2103-01-01 05:11:15 ----A---- C:\WINDOWS\system32\spider.exe
2103-01-01 05:11:14 ----A---- C:\WINDOWS\system32\tsgqec.dll
2103-01-01 05:11:14 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2103-01-01 05:11:14 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2103-01-01 05:11:13 ----A---- C:\WINDOWS\system32\mstscax.dll
2103-01-01 05:11:13 ----A---- C:\WINDOWS\system32\aaclient.dll
2103-01-01 05:11:12 ----A---- C:\WINDOWS\system32\sessmgr.exe
2103-01-01 05:11:12 ----A---- C:\WINDOWS\system32\remotepg.dll
2103-01-01 05:11:12 ----A---- C:\WINDOWS\system32\rdshost.exe
2103-01-01 05:11:12 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2103-01-01 05:11:12 ----A---- C:\WINDOWS\system32\mstsc.exe
2103-01-01 05:11:11 ----N---- C:\WINDOWS\system32\termsrv.dll
2103-01-01 05:11:11 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2103-01-01 05:11:11 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2103-01-01 05:11:11 ----A---- C:\WINDOWS\system32\rdpclip.exe
2103-01-01 05:11:11 ----A---- C:\WINDOWS\system32\rdchost.dll
2103-01-01 05:11:11 ----A---- C:\WINDOWS\system32\qprocess.exe
2103-01-01 05:11:11 ----A---- C:\WINDOWS\system32\icaapi.dll
2103-01-01 05:11:10 ----D---- C:\WINDOWS\system32\MsDtc
2103-01-01 05:11:10 ----A---- C:\WINDOWS\system32\mtxoci.dll
2103-01-01 05:11:10 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2103-01-01 05:11:10 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2103-01-01 05:11:10 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2103-01-01 05:11:09 ----A---- C:\WINDOWS\system32\xolehlp.dll
2103-01-01 05:11:09 ----A---- C:\WINDOWS\system32\msdtctm.dll
2103-01-01 05:11:09 ----A---- C:\WINDOWS\system32\msdtclog.dll
2103-01-01 05:11:09 ----A---- C:\WINDOWS\system32\msdtc.exe
2103-01-01 05:11:08 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2103-01-01 05:11:08 ----A---- C:\WINDOWS\system32\mtxex.dll
2103-01-01 05:11:08 ----A---- C:\WINDOWS\system32\mtxdm.dll
2103-01-01 05:11:08 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2103-01-01 05:11:07 ----D---- C:\WINDOWS\system32\Com
2103-01-01 05:11:07 ----A---- C:\WINDOWS\system32\stclient.dll
2103-01-01 05:11:07 ----A---- C:\WINDOWS\system32\comrepl.dll
2103-01-01 05:11:07 ----A---- C:\WINDOWS\system32\comaddin.dll
2103-01-01 05:11:07 ----A---- C:\WINDOWS\system32\colbact.dll
2103-01-01 05:11:07 ----A---- C:\WINDOWS\system32\clbcatex.dll
2103-01-01 05:11:07 ----A---- C:\WINDOWS\system32\catsrvps.dll
2103-01-01 05:11:06 ----A---- C:\WINDOWS\system32\catsrvut.dll
2103-01-01 05:11:06 ----A---- C:\WINDOWS\system32\catsrv.dll
2103-01-01 05:11:05 ----A---- C:\WINDOWS\system32\comuid.dll
2103-01-01 05:11:05 ----A---- C:\WINDOWS\system32\comsvcs.dll
2103-01-01 05:11:05 ----A---- C:\WINDOWS\system32\comsnap.dll
2103-01-01 05:11:04 ----A---- C:\WINDOWS\system32\clbcatq.dll
2103-01-01 05:10:57 ----A---- C:\WINDOWS\system32\servdeps.dll
2103-01-01 05:10:56 ----A---- C:\WINDOWS\system32\mmfutil.dll
2103-01-01 05:10:56 ----A---- C:\WINDOWS\system32\licwmi.dll
2103-01-01 05:10:56 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-01-09 17:44:26 ----D---- C:\Program Files\trend micro
2010-01-09 17:44:24 ----D---- C:\rsit
2010-01-09 17:26:09 ----D---- C:\Program Files\Mozilla Firefox 3.6 Beta 3
2010-01-09 11:40:21 ----D---- C:\ODHMYZOVACE
2010-01-09 01:18:09 ----SHD---- C:\RECYCLER
2010-01-09 01:13:15 ----D---- C:\WINDOWS\temp
2010-01-09 01:13:13 ----A---- C:\ComboFix.txt
2010-01-08 23:19:38 ----A---- C:\Boot.bak
2010-01-08 23:19:28 ----RASHD---- C:\cmdcons
2010-01-08 23:18:24 ----A---- C:\WINDOWS\zip.exe
2010-01-08 23:18:24 ----A---- C:\WINDOWS\SWREG.exe
2010-01-08 23:18:24 ----A---- C:\WINDOWS\sed.exe
2010-01-08 23:18:24 ----A---- C:\WINDOWS\PEV.exe
2010-01-08 23:18:24 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-08 23:18:24 ----A---- C:\WINDOWS\MBR.exe
2010-01-08 23:18:24 ----A---- C:\WINDOWS\grep.exe
2010-01-08 23:18:23 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-08 23:18:23 ----A---- C:\WINDOWS\SWSC.exe
2010-01-08 23:17:56 ----D---- C:\WINDOWS\ERDNT
2010-01-08 23:09:59 ----D---- C:\Qoobox
2010-01-03 14:19:07 ----D---- C:\Documents and Settings\Administrator\Data aplikací\CometNetwork
2010-01-03 14:18:41 ----D---- C:\Program Files\CometBird
2010-01-03 14:16:24 ----D---- C:\Downloads
2010-01-03 14:15:34 ----D---- C:\Program Files\BitComet
2010-01-03 14:06:16 ----D---- C:\Program Files\Rapidown
2010-01-03 11:17:43 ----N---- C:\WINDOWS\system32\spmsg2.dll
2010-01-03 11:17:34 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2010-01-03 11:14:38 ----D---- C:\WINDOWS\system32\XPSViewer
2010-01-03 11:14:31 ----D---- C:\Program Files\MSBuild
2010-01-03 11:14:28 ----D---- C:\WINDOWS\system32\en-US
2010-01-03 11:14:17 ----D---- C:\Program Files\Reference Assemblies
2010-01-03 11:13:17 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-01-03 11:13:17 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-01-03 11:13:17 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-12-28 00:15:34 ----D---- C:\spoolerlogs
2009-12-26 11:31:12 ----D---- C:\Program Files\Common Files\Autodata Limited Shared
2009-12-25 11:08:11 ----D---- C:\dokumenty
2009-12-23 18:45:54 ----SHD---- C:\WINDOWS\CSC
2009-12-16 23:44:20 ----D---- C:\Program Files\Babylon
2009-12-16 23:43:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Babylon
2009-12-16 23:43:07 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Babylon
2009-12-16 21:51:32 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2009-12-16 12:48:43 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2009-12-13 22:19:21 ----D---- C:\Program Files\eMule
2009-12-12 19:03:00 ----D---- C:\Program Files\ASIX
2009-12-12 14:12:16 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Kerio
2009-12-12 14:11:20 ----D---- C:\Program Files\Kerio
2009-12-12 00:08:18 ----A---- C:\WINDOWS\system32\DLPORTIO.DLL
2009-12-12 00:08:15 ----D---- C:\Program Files\PonyProg2000

======List of files/folders modified in the last 1 months======

2103-01-01 05:24:25 ----SHD---- C:\System Volume Information
2010-01-09 17:28:09 ----D---- C:\Program Files\Mozilla Firefox
2010-01-09 11:19:02 ----A---- C:\WINDOWS\win.ini
2010-01-09 11:16:49 ----D---- C:\WINDOWS\Minidump
2010-01-09 08:24:46 ----A---- C:\WINDOWS\system.ini
2010-01-08 23:41:57 ----D---- C:\Program Files\ESET
2010-01-08 23:33:17 ----D---- C:\Program Files\ICQ6.5
2010-01-08 17:48:21 ----A---- C:\WINDOWS\system32\imon.dll
2010-01-04 09:55:24 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-03 14:25:56 ----D---- C:\WINDOWS\Temporary Internet Files
2010-01-03 14:08:40 ----D---- C:\WINDOWS\pss
2010-01-03 12:48:34 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-03 12:48:26 ----RSD---- C:\WINDOWS\assembly
2010-01-03 09:27:18 ----D---- C:\EMAIL
2010-01-02 23:35:41 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2010-01-02 23:35:26 ----D---- C:\Documents and Settings\Administrator\Data aplikací\skypePM
2010-01-02 19:42:28 ----A---- C:\WINDOWS\TextSpy.ini
2009-12-31 12:43:20 ----D---- C:\ADCDA2
2009-12-16 21:18:41 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-16 08:40:03 ----D---- C:\BYT
2009-12-12 23:27:21 ----D---- C:\INSTALL
2009-12-11 21:33:47 ----A---- C:\WINDOWS\RBSystem.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2006-01-10 31846]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2010-01-08 15424]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2007-01-23 16896]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2010-01-08 512096]
R2 FastPara;FastPara; C:\WINDOWS\system32\drivers\FastPara.sys [1998-05-29 28544]
R2 HOSTNT;HOSTNT; C:\WINDOWS\system32\drivers\HOSTNT.sys [2009-11-15 4032]
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R3 adatadrv;adatadrv; C:\WINDOWS\system32\DRIVERS\adatadrv.sys [2009-07-01 762112]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-14 63744]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NmPar;PCI Parallel Port; C:\WINDOWS\system32\DRIVERS\NmPar.sys [2008-12-24 80256]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-13 1897408]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2008-04-13 32768]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 avy9zlem;avy9zlem; C:\WINDOWS\system32\drivers\avy9zlem.sys []
S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2005-06-08 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys []
S3 DLPortIO;DriverLINX Port I/O Driver; \??\C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS []
S3 kvnet;Kerio Virtual Network Adapter; C:\WINDOWS\system32\DRIVERS\kvnet.sys [2009-03-23 29696]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2007-01-23 317952]
S3 SNTNLUSB;SafeNet USB SuperPro/UltraPro/HardwareKey; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2008-07-11 37088]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 477696]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2006-09-22 69632]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2010-01-08 552064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S4 Autodata Limited License Service;Autodata Limited License Service; C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [2009-12-26 72704]
S4 KVPNCSvc;Kerio VPN Client Service; C:\Program Files\Kerio\VPN Client\kvpncsvc.exe [2009-10-26 972648]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S4 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]

-----------------EOF-----------------

[meteorolog]

OK, pošlete ještě log z Combofix

Stáhneme na plochu, ukončíme všechna aktivní okna a spustíme ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Po spuštění potvrdíme podmínky užití
- Dále postupujeme dle pokynů, během aplikování ComboFixu neklikejte do zobrazujících se oken
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt
- ComboFix je třeba spustit pod účtem s právy administrátora

[origosch]

Log z Combofix:
ComboFix 10-01-04.01 - Administrator 09.01.2010 21:51:13.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.508 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-09 do 2010-01-09 )))))))))))))))))))))))))))))))
.

V tomto časovém úseku nebyly vytvořeny žádné nové soubory.

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2103-01-01 04:12 . 2103-01-01 04:12 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-09 20:28 . 2009-09-04 07:34 -------- d-----w- c:\program files\ESET
2010-01-09 16:45 . 2010-01-09 16:44 -------- d-----w- c:\program files\trend micro
2010-01-09 16:27 . 2010-01-09 16:26 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 3
2010-01-09 13:37 . 2010-01-03 13:18 -------- d-----w- c:\program files\CometBird
2010-01-08 22:33 . 2009-11-06 12:11 -------- d-----w- c:\program files\ICQ6.5
2010-01-08 16:48 . 2009-09-04 07:35 298104 ----a-w- c:\windows\system32\imon.dll
2010-01-08 16:48 . 2009-09-04 07:35 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2010-01-08 16:48 . 2009-12-11 19:07 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2010-01-04 06:10 . 2010-01-03 13:15 -------- d-----w- c:\program files\BitComet
2010-01-03 10:54 . 2001-10-25 16:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-01-03 10:54 . 2001-10-25 16:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-01-03 10:14 . 2010-01-03 10:14 -------- d-----w- c:\program files\MSBuild
2010-01-03 10:14 . 2010-01-03 10:14 -------- d-----w- c:\program files\Reference Assemblies
2009-12-26 10:31 . 2009-12-26 10:31 -------- d-----w- c:\program files\Common Files\Autodata Limited Shared
2009-12-23 22:19 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP662c.tmp
2009-12-23 19:49 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP4778.tmp
2009-12-23 19:38 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP4b12.tmp
2009-12-23 17:57 . 2103-01-01 04:20 81920 ----a-w- c:\windows\DUMP2d88.tmp
2009-12-23 17:56 . 2103-01-01 04:20 81920 ----a-w- c:\windows\DUMP45c3.tmp
2009-12-23 17:56 . 2103-01-01 04:20 81920 ----a-w- c:\windows\DUMP46cd.tmp
2009-12-23 17:49 . 2103-01-01 04:20 81920 ----a-w- c:\windows\DUMP2df5.tmp
2009-12-23 17:48 . 2103-01-01 04:20 81920 ----a-w- c:\windows\DUMP44aa.tmp
2009-12-23 17:45 . 2103-01-01 04:20 81920 ----a-w- c:\windows\DUMP2e05.tmp
2009-12-23 17:44 . 2103-01-01 04:20 81920 ----a-w- c:\windows\DUMP45d3.tmp
2009-12-23 17:44 . 2103-01-01 04:20 81920 ----a-w- c:\windows\DUMP5536.tmp
2009-12-23 17:42 . 2103-01-01 04:20 81920 ----a-w- c:\windows\DUMP5323.tmp
2009-12-23 17:36 . 2103-01-01 04:20 81920 ----a-w- c:\windows\DUMP5322.tmp
2009-12-23 17:34 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP3fe7.tmp
2009-12-23 17:33 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP52b3.tmp
2009-12-23 17:32 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53dc.tmp
2009-12-23 17:31 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP540d.tmp
2009-12-23 17:30 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP567c.tmp
2009-12-23 17:29 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53fd.tmp
2009-12-23 17:29 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5718.tmp
2009-12-23 17:28 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5294.tmp
2009-12-23 17:27 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP52a5.tmp
2009-12-23 17:26 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5709.tmp
2009-12-23 17:25 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP546a.tmp
2009-12-23 17:24 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5535.tmp
2009-12-23 17:23 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP52a4.tmp
2009-12-23 17:22 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5303.tmp
2009-12-23 17:21 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53fc.tmp
2009-12-23 17:20 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53ef.tmp
2009-12-23 17:19 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP560f.tmp
2009-12-23 17:18 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP561e.tmp
2009-12-23 17:17 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5515.tmp
2009-12-23 17:17 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP540c.tmp
2009-12-23 17:16 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5246.tmp
2009-12-23 17:15 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5321.tmp
2009-12-23 17:14 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP56bb.tmp
2009-12-23 17:13 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5370.tmp
2009-12-23 17:12 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5524.tmp
2009-12-23 17:11 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5302.tmp
2009-12-23 17:10 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53cd.tmp
2009-12-23 17:09 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP54a8.tmp
2009-12-23 17:08 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP54d8.tmp
2009-12-23 17:07 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP547a.tmp
2009-12-23 17:06 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP54d7.tmp
2009-12-23 17:06 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP54d6.tmp
2009-12-23 17:05 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP52d4.tmp
2009-12-23 17:04 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP54b8.tmp
2009-12-23 17:03 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5479.tmp
2009-12-23 17:02 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP538f.tmp
2009-12-23 17:01 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5340.tmp
2009-12-23 17:00 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5469.tmp
2009-12-23 16:59 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5380.tmp
2009-12-23 16:58 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP52e2.tmp
2009-12-23 16:57 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP55a2.tmp
2009-12-23 16:56 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP565d.tmp
2009-12-23 16:55 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5738.tmp
2009-12-23 16:55 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5999.tmp
2009-12-23 16:54 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5330.tmp
2009-12-23 16:53 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5563.tmp
2009-12-23 16:52 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP54f6.tmp
2009-12-23 16:51 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP536f.tmp
2009-12-23 16:50 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53ee.tmp
2009-12-23 16:49 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP538e.tmp
2009-12-23 16:48 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5534.tmp
2009-12-23 16:47 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP537f.tmp
2009-12-23 16:46 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP564d.tmp
2009-12-23 16:45 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5312.tmp
2009-12-23 16:44 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP52f3.tmp
2009-12-23 16:43 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5275.tmp
2009-12-23 16:43 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP52f2.tmp
2009-12-23 16:42 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP545a.tmp
2009-12-23 16:41 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53ed.tmp
2009-12-23 16:40 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP544a.tmp
2009-12-23 16:39 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53ad.tmp
2009-12-23 16:38 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53be.tmp
2009-12-23 16:37 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5505.tmp
2009-12-23 16:36 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP535f.tmp
2009-12-23 16:35 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP563e.tmp
2009-12-23 16:34 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP54a7.tmp
2009-12-23 16:33 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP55a1.tmp
2009-12-23 16:32 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53bd.tmp
2009-12-23 16:32 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53ec.tmp
2009-12-23 16:31 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP54b7.tmp
2009-12-23 16:30 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP52c3.tmp
2009-12-23 16:29 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP540b.tmp
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-02 205256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-01-08 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Rapidown.lnk]
path=c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\Rapidown.lnk
backup=c:\windows\pss\Rapidown.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Reminder-cor40212.lnk]
path=c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\Reminder-cor40212.lnk
backup=c:\windows\pss\Reminder-cor40212.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Utility Tray.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ZDWLan Utility.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ZDWLan Utility.lnk
backup=c:\windows\pss\ZDWLan Utility.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KTSInit]
c:\documents and settings\Administrator\Local Settings\Data aplikací\Mozilla\Firefox\Mozilla Firefox\updates\0 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-09-02 04:52 205256 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 08:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kerio VPN Client]
2009-10-26 14:27 4986728 ----a-w- c:\program files\Kerio\VPN Client\kvpncgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2007-01-23 10:34 53248 ----a-w- c:\windows\system32\SiSPower.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"Autodata Limited License Service"=2 (0x2)
"aawservice"=2 (0x2)
"UPS"=3 (0x3)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"StarWindServiceAE"=2 (0x2)
"KVPNCSvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"NMIndexingService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\winbox.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8260:TCP"= 8260:TCP:BitComet 8260 TCP
"8260:UDP"= 8260:UDP:BitComet 8260 UDP

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [11.12.2009 20:07 15424]
R2 FastPara;FastPara;c:\windows\system32\drivers\fastpara.sys [17.11.2009 21:19 28544]
R2 HOSTNT;HOSTNT;c:\windows\system32\drivers\hostnt.sys [15.11.2009 16:44 4032]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [12.12.2009 23:28 2368]
R3 adatadrv;adatadrv;c:\windows\system32\drivers\adatadrv.sys [15.11.2009 0:36 762112]
R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [24.12.2008 5:40 80256]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.11.2009 21:19 717296]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [13.11.2009 19:36 20608]
S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [12.12.2009 0:08 3584]
S3 kvnet;Kerio Virtual Network Adapter;c:\windows\system32\drivers\kvnet.sys [23.3.2009 10:25 29696]
S4 KVPNCSvc;Kerio VPN Client Service;c:\program files\Kerio\VPN Client\kvpncsvc.exe [26.10.2009 15:28 972648]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.atcomet.com/b/
IE: Download all by Rapidown... - c:\program files\Rapidown\rapidownGetAll.htm
IE: Download by Rapidown... - c:\program files\Rapidown\rapidownGet.htm
IE: {{57E91B47-F40A-11D1-B792-444553540011} - c:\program files\Rapidown\rapidown.exe
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\walgffpe.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Rapidown - c:\program files\Rapidown\rapidown.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-09 21:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1614895754-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,ce,b5,a2,e3,13,13,44,8c,76,81,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,ce,b5,a2,e3,13,13,44,8c,76,81,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(632)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-01-09 22:01:00
ComboFix-quarantined-files.txt 2010-01-09 21:00
ComboFix2.txt 2010-01-09 00:13
ComboFix3.txt 2010-01-08 22:40

Před spuštěním: 3 901 878 272
Po spuštění: 4 072 644 608

- - End Of File - - 2669E54C46AF5111E9A73CBF297D5EE5

[meteorolog]

otevřte poznámkový blok (Notepad) a zkopírujte do něj následující text:

KillAll::
File::
c:\windows\DUMP662c.tmp
c:\windows\DUMP4778.tmp
c:\windows\DUMP4b12.tmp
c:\windows\DUMP2d88.tmp
c:\windows\DUMP45c3.tmp
c:\windows\DUMP46cd.tmp
c:\windows\DUMP2df5.tmp
c:\windows\DUMP44aa.tmp
c:\windows\DUMP2e05.tmp
c:\windows\DUMP45d3.tmp
c:\windows\DUMP5536.tmp
c:\windows\DUMP5323.tmp
c:\windows\DUMP5322.tmp
c:\windows\DUMP3fe7.tmp
c:\windows\DUMP52b3.tmp
c:\windows\DUMP53dc.tmp
c:\windows\DUMP540d.tmp
c:\windows\DUMP567c.tmp
c:\windows\DUMP53fd.tmp
c:\windows\DUMP5718.tmp
c:\windows\DUMP5294.tmp
c:\windows\DUMP52a5.tmp
c:\windows\DUMP5709.tmp
c:\windows\DUMP546a.tmp
c:\windows\DUMP5535.tmp
c:\windows\DUMP52a4.tmp
c:\windows\DUMP5303.tmp
c:\windows\DUMP53fc.tmp
c:\windows\DUMP53ef.tmp
c:\windows\DUMP560f.tmp
c:\windows\DUMP561e.tmp
c:\windows\DUMP5515.tmp
c:\windows\DUMP540c.tmp
c:\windows\DUMP5246.tmp
c:\windows\DUMP5321.tmp
c:\windows\DUMP56bb.tmp
c:\windows\DUMP5370.tmp
c:\windows\DUMP5524.tmp
c:\windows\DUMP5302.tmp
c:\windows\DUMP53cd.tmp
c:\windows\DUMP54a8.tmp
c:\windows\DUMP547a.tmp
c:\windows\DUMP54d7.tmp
c:\windows\DUMP54d6.tmp
c:\windows\DUMP52d4.tmp
c:\windows\DUMP54b8.tmp
c:\windows\DUMP5479.tmp
c:\windows\DUMP538f.tmp
c:\windows\DUMP5340.tmp
c:\windows\DUMP5469.tmp
c:\windows\DUMP5380.tmp
c:\windows\DUMP52e2.tmp
c:\windows\DUMP55a2.tmp
c:\windows\DUMP565d.tmp
c:\windows\DUMP5738.tmp
c:\windows\DUMP5999.tmp
c:\windows\DUMP5330.tmp
c:\windows\DUMP5563.tmp
c:\windows\DUMP54f6.tmp
c:\windows\DUMP536f.tmp
c:\windows\DUMP53ee.tmp
c:\windows\DUMP538e.tmp
c:\windows\DUMP5534.tmp
c:\windows\DUMP537f.tmp
c:\windows\DUMP564d.tmp
c:\windows\DUMP5312.tmp
c:\windows\DUMP52f3.tmp
c:\windows\DUMP5275.tmp
c:\windows\DUMP52f2.tmp
c:\windows\DUMP545a.tmp
c:\windows\DUMP53ed.tmp
c:\windows\DUMP544a.tmp
c:\windows\DUMP53ad.tmp
c:\windows\DUMP53be.tmp
c:\windows\DUMP5505.tmp
c:\windows\DUMP535f.tmp
c:\windows\DUMP563e.tmp
c:\windows\DUMP54a7.tmp
c:\windows\DUMP55a1.tmp
c:\windows\DUMP53bd.tmp
c:\windows\DUMP53ec.tmp
c:\windows\DUMP54b7.tmp
c:\windows\DUMP52c3.tmp
c:\windows\DUMP540b.tmp

RegLock::
[HKEY_USERS\S-1-5-21-1409082233-1614895754-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]

Extra::
Firefox::
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\walgffpe.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

Soubor uložte na plochu jako CFScript.txt a podle obrázku přetáhněte nad ComboFix



spustí se ComboFix a vykoná příkaz ze skriptu - potom pošlete nový log

[origosch]

Zdravím, udělal jsem to, 2x to zcorruptovalo a tady je log:
ComboFix 10-01-04.01 - Administrator 10.01.2010 9:33.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.567 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.

V tomto časovém úseku nebyly vytvořeny žádné nové soubory.

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2103-01-01 04:12 . 2103-01-01 04:12 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-09 22:50 . 2010-01-09 16:26 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 3
2010-01-09 22:35 . 2010-01-09 22:35 -------- d-----w- c:\program files\Hide IP NG
2010-01-09 22:21 . 2009-09-04 07:34 -------- d-----w- c:\program files\ESET
2010-01-09 16:45 . 2010-01-09 16:44 -------- d-----w- c:\program files\trend micro
2010-01-09 13:37 . 2010-01-03 13:18 -------- d-----w- c:\program files\CometBird
2010-01-08 22:33 . 2009-11-06 12:11 -------- d-----w- c:\program files\ICQ6.5
2010-01-08 16:48 . 2009-09-04 07:35 298104 ----a-w- c:\windows\system32\imon.dll
2010-01-08 16:48 . 2009-09-04 07:35 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2010-01-08 16:48 . 2009-12-11 19:07 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2010-01-04 06:10 . 2010-01-03 13:15 -------- d-----w- c:\program files\BitComet
2010-01-03 10:54 . 2001-10-25 16:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-01-03 10:54 . 2001-10-25 16:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-01-03 10:14 . 2010-01-03 10:14 -------- d-----w- c:\program files\MSBuild
2010-01-03 10:14 . 2010-01-03 10:14 -------- d-----w- c:\program files\Reference Assemblies
2009-12-26 10:31 . 2009-12-26 10:31 -------- d-----w- c:\program files\Common Files\Autodata Limited Shared
2009-12-23 22:19 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP662c.tmp
2009-12-23 19:49 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP4778.tmp
2009-12-23 19:38 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP4b12.tmp
2009-12-23 17:57 . 2103-01-01 04:20 81920 ----a-w- c:\windows\DUMP2d88.tmp
2009-12-23 17:56 . 2103-01-01 04:20 81920 ----a-w- c:\windows\DUMP45c3.tmp
2009-12-23 17:56 . 2103-01-01 04:20 81920 ----a-w- c:\windows\DUMP46cd.tmp
2009-12-23 17:49 . 2103-01-01 04:20 81920 ----a-w- c:\windows\DUMP2df5.tmp
2009-12-23 17:48 . 2103-01-01 04:20 81920 ----a-w- c:\windows\DUMP44aa.tmp
2009-12-23 17:45 . 2103-01-01 04:20 81920 ----a-w- c:\windows\DUMP2e05.tmp
2009-12-23 17:44 . 2103-01-01 04:20 81920 ----a-w- c:\windows\DUMP45d3.tmp
2009-12-23 17:44 . 2103-01-01 04:20 81920 ----a-w- c:\windows\DUMP5536.tmp
2009-12-23 17:42 . 2103-01-01 04:20 81920 ----a-w- c:\windows\DUMP5323.tmp
2009-12-23 17:36 . 2103-01-01 04:20 81920 ----a-w- c:\windows\DUMP5322.tmp
2009-12-23 17:34 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP3fe7.tmp
2009-12-23 17:33 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP52b3.tmp
2009-12-23 17:32 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53dc.tmp
2009-12-23 17:31 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP540d.tmp
2009-12-23 17:30 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP567c.tmp
2009-12-23 17:29 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53fd.tmp
2009-12-23 17:29 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5718.tmp
2009-12-23 17:28 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5294.tmp
2009-12-23 17:27 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP52a5.tmp
2009-12-23 17:26 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5709.tmp
2009-12-23 17:25 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP546a.tmp
2009-12-23 17:24 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5535.tmp
2009-12-23 17:23 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP52a4.tmp
2009-12-23 17:22 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5303.tmp
2009-12-23 17:21 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53fc.tmp
2009-12-23 17:20 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53ef.tmp
2009-12-23 17:19 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP560f.tmp
2009-12-23 17:18 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP561e.tmp
2009-12-23 17:17 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5515.tmp
2009-12-23 17:17 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP540c.tmp
2009-12-23 17:16 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5246.tmp
2009-12-23 17:15 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5321.tmp
2009-12-23 17:14 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP56bb.tmp
2009-12-23 17:13 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5370.tmp
2009-12-23 17:12 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5524.tmp
2009-12-23 17:11 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5302.tmp
2009-12-23 17:10 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53cd.tmp
2009-12-23 17:09 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP54a8.tmp
2009-12-23 17:08 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP54d8.tmp
2009-12-23 17:07 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP547a.tmp
2009-12-23 17:06 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP54d7.tmp
2009-12-23 17:06 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP54d6.tmp
2009-12-23 17:05 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP52d4.tmp
2009-12-23 17:04 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP54b8.tmp
2009-12-23 17:03 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5479.tmp
2009-12-23 17:02 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP538f.tmp
2009-12-23 17:01 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5340.tmp
2009-12-23 17:00 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5469.tmp
2009-12-23 16:59 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5380.tmp
2009-12-23 16:58 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP52e2.tmp
2009-12-23 16:57 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP55a2.tmp
2009-12-23 16:56 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP565d.tmp
2009-12-23 16:55 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5738.tmp
2009-12-23 16:55 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5999.tmp
2009-12-23 16:54 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5330.tmp
2009-12-23 16:53 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5563.tmp
2009-12-23 16:52 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP54f6.tmp
2009-12-23 16:51 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP536f.tmp
2009-12-23 16:50 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53ee.tmp
2009-12-23 16:49 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP538e.tmp
2009-12-23 16:48 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5534.tmp
2009-12-23 16:47 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP537f.tmp
2009-12-23 16:46 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP564d.tmp
2009-12-23 16:45 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5312.tmp
2009-12-23 16:44 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP52f3.tmp
2009-12-23 16:43 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5275.tmp
2009-12-23 16:43 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP52f2.tmp
2009-12-23 16:42 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP545a.tmp
2009-12-23 16:41 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53ed.tmp
2009-12-23 16:40 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP544a.tmp
2009-12-23 16:39 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53ad.tmp
2009-12-23 16:38 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53be.tmp
2009-12-23 16:37 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP5505.tmp
2009-12-23 16:36 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP535f.tmp
2009-12-23 16:35 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP563e.tmp
2009-12-23 16:34 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP54a7.tmp
2009-12-23 16:33 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP55a1.tmp
2009-12-23 16:32 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53bd.tmp
2009-12-23 16:32 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP53ec.tmp
2009-12-23 16:31 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP54b7.tmp
2009-12-23 16:30 . 2103-01-01 04:20 90112 ----a-w- c:\windows\DUMP52c3.tmp
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-02 205256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-01-08 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Rapidown.lnk]
path=c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\Rapidown.lnk
backup=c:\windows\pss\Rapidown.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Reminder-cor40212.lnk]
path=c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\Reminder-cor40212.lnk
backup=c:\windows\pss\Reminder-cor40212.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Utility Tray.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ZDWLan Utility.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ZDWLan Utility.lnk
backup=c:\windows\pss\ZDWLan Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KTSInit]
c:\documents and settings\Administrator\Local Settings\Data aplikací\Mozilla\Firefox\Mozilla Firefox\updates\0 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-09-02 04:52 205256 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 08:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kerio VPN Client]
2009-10-26 14:27 4986728 ----a-w- c:\program files\Kerio\VPN Client\kvpncgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2007-01-23 10:34 53248 ----a-w- c:\windows\system32\SiSPower.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"Autodata Limited License Service"=2 (0x2)
"aawservice"=2 (0x2)
"UPS"=3 (0x3)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"StarWindServiceAE"=2 (0x2)
"KVPNCSvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"NMIndexingService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\winbox.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8260:TCP"= 8260:TCP:BitComet 8260 TCP
"8260:UDP"= 8260:UDP:BitComet 8260 UDP

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [11.12.2009 20:07 15424]
R2 FastPara;FastPara;c:\windows\system32\drivers\fastpara.sys [17.11.2009 21:19 28544]
R2 HOSTNT;HOSTNT;c:\windows\system32\drivers\hostnt.sys [15.11.2009 16:44 4032]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [12.12.2009 23:28 2368]
R3 adatadrv;adatadrv;c:\windows\system32\drivers\adatadrv.sys [15.11.2009 0:36 762112]
R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [24.12.2008 5:40 80256]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.11.2009 21:19 717296]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [13.11.2009 19:36 20608]
S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [12.12.2009 0:08 3584]
S3 kvnet;Kerio Virtual Network Adapter;c:\windows\system32\drivers\kvnet.sys [23.3.2009 10:25 29696]
S4 KVPNCSvc;Kerio VPN Client Service;c:\program files\Kerio\VPN Client\kvpncsvc.exe [26.10.2009 15:28 972648]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.atcomet.com/b/
uInternet Settings,ProxyServer = socks=
IE: Download all by Rapidown... - c:\program files\Rapidown\rapidownGetAll.htm
IE: Download by Rapidown... - c:\program files\Rapidown\rapidownGet.htm
IE: {{57E91B47-F40A-11D1-B792-444553540011} - c:\program files\Rapidown\rapidown.exe
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\walgffpe.default\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 10:42
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(632)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-01-10 10:44:57
ComboFix-quarantined-files.txt 2010-01-10 09:44
ComboFix2.txt 2010-01-09 21:01
ComboFix3.txt 2010-01-09 00:13
ComboFix4.txt 2010-01-08 22:40

Před spuštěním: 3 855 863 808
Po spuštění: 4 026 363 904

- - End Of File - - 6BFE2D5DC68A88A9A9F85DB4EE7B980B

[meteorolog]

stáhněte OTMoveIt3 - viewtopic.php?f=15&t=72743 a použijte tento script:

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s

:commands
[purity]
[emptytemp]
[reboot]

vložte sem log, který program vytvoří

[origosch]

Provedeno, zde je log:
All processes killed
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP192.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1AC.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCAA.tmp folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 330622 bytes
->FireFox cache emptied: 63013716 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 60,00 mb


OTM by OldTimer - Version 3.1.5.0 log created on 01102010_125631

Files moved on Reboot...

Registry entries deleted on Reboot...

[meteorolog]

tak ještě tento script:

:files
C:\WINDOWS\DUMP*.tmp /s

:commands
[reboot]

[origosch]

Proces proběhl, po restartu žádný log. Je to docela alchymie.

[meteorolog]

log by měl být zde - C:\_OTMoveIt\MovedFiles

[origosch]

Ano, ========== FILES ==========
File/Folder C:\WINDOWS\DUMP*.tmp not found.
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.5.0 log created on 01102010_132628

[meteorolog]

OK, pošlete aktuální log z RSIT

[origosch]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-01-10 14:34:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (10%) free of 38 GB
Total RAM: 767 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:34:41, on 10.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 3\firefox.exe
C:\ODHMYZOVACE\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [DeleteGrabPro] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\Orbitdownloader\GrabPro.dll"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe (file missing)
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2515589562
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 4503 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2010-01-08 949376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-09-02 205256]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteGrabPro"=advpack.dll,DelNodeRunDLL32 C:\Program Files\Orbitdownloader\GrabPro.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-09-02 205256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kerio VPN Client]
C:\Program Files\Kerio\VPN Client\kvpncgui.exe [2009-10-26 4986728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KTSInit]
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Mozilla\Firefox\Mozilla Firefox\updates\0 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
SiSPower.dll,ModeAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Rapidown.lnk]
C:\PROGRA~1\Rapidown\rapidown.exe rapstart.startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Reminder-cor40212.lnk]
C:\PROGRA~1\Corel\GRAPHI~1\Register\Remind32.exe [1998-07-23 67584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.exe.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1998-05-06 108544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-18 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Utility Tray.lnk]
C:\WINDOWS\system32\sistray.exe [2007-01-23 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ZDWLan Utility.lnk]
C:\PROGRA~1\ZYDAST~1\ZYDAS_~1.11G\ZDWlan.exe [2006-09-01 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2
"Autodata Limited License Service"=2
"aawservice"=2
"UPS"=3
"TermService"=3
"TapiSrv"=3
"StarWindServiceAE"=2
"KVPNCSvc"=2
"FastUserSwitchingCompatibility"=3
"NMIndexingService"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Administrator\Plocha\winbox.exe"="C:\Documents and Settings\Administrator\Plocha\winbox.exe:*:Enabled:winbox"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2103-01-01 06:09:49 ----A---- C:\WINDOWS\system32\h323log.txt
2103-01-01 05:29:11 ----A---- C:\WINDOWS\system32\usbui.dll
2103-01-01 05:28:00 ----A---- C:\WINDOWS\imsins.BAK
2103-01-01 05:27:56 ----SHD---- C:\WINDOWS\Installer
2103-01-01 05:27:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2103-01-01 05:27:55 ----D---- C:\Program Files\Common Files\ODBC
2103-01-01 05:27:55 ----A---- C:\WINDOWS\ODBCINST.INI
2103-01-01 05:27:51 ----D---- C:\Program Files\Common Files\SpeechEngines
2103-01-01 05:27:50 ----RD---- C:\Program Files
2103-01-01 05:27:50 ----D---- C:\Program Files\Common Files\Microsoft Shared
2103-01-01 05:27:50 ----D---- C:\Program Files\Common Files
2103-01-01 05:27:46 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2103-01-01 05:27:46 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2103-01-01 05:27:46 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2103-01-01 05:27:44 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2103-01-01 05:27:44 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2103-01-01 05:27:43 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2103-01-01 05:27:43 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2103-01-01 05:27:43 ----RA---- C:\WINDOWS\system32\kbdur.dll
2103-01-01 05:27:43 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2103-01-01 05:27:43 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2103-01-01 05:27:43 ----RA---- C:\WINDOWS\system32\kbdru.dll
2103-01-01 05:27:43 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2103-01-01 05:27:43 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2103-01-01 05:27:43 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2103-01-01 05:27:43 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2103-01-01 05:27:40 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2103-01-01 05:27:40 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2103-01-01 05:27:40 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2103-01-01 05:27:40 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2103-01-01 05:27:40 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2103-01-01 05:27:40 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2103-01-01 05:27:40 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2103-01-01 05:27:38 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2103-01-01 05:27:38 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2103-01-01 05:27:38 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2103-01-01 05:27:38 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2103-01-01 05:27:38 ----RA---- C:\WINDOWS\system32\kbdest.dll
2103-01-01 05:27:34 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2103-01-01 05:27:33 ----A---- C:\WINDOWS\system32\kbdycl.dll
2103-01-01 05:27:33 ----A---- C:\WINDOWS\system32\kbdsl.dll
2103-01-01 05:27:33 ----A---- C:\WINDOWS\system32\kbdro.dll
2103-01-01 05:27:33 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2103-01-01 05:27:33 ----A---- C:\WINDOWS\system32\kbdpl.dll
2103-01-01 05:27:33 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2103-01-01 05:27:33 ----A---- C:\WINDOWS\system32\kbdhu.dll
2103-01-01 05:27:33 ----A---- C:\WINDOWS\system32\kbdcr.dll
2103-01-01 05:27:33 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2103-01-01 05:27:31 ----A---- C:\WINDOWS\system32\spxcoins.dll
2103-01-01 05:27:31 ----A---- C:\WINDOWS\system32\irclass.dll
2103-01-01 05:27:31 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2103-01-01 05:27:31 ----A---- C:\WINDOWS\system32\dgsetup.dll
2103-01-01 05:27:31 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2103-01-01 05:27:28 ----A---- C:\WINDOWS\TASKMAN.EXE
2103-01-01 05:27:27 ----A---- C:\WINDOWS\system32\batt.dll
2103-01-01 05:27:26 ----A---- C:\WINDOWS\NOTEPAD.EXE
2103-01-01 05:27:25 ----A---- C:\WINDOWS\system32\storprop.dll
2103-01-01 05:27:16 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2103-01-01 05:27:00 ----D---- C:\WINDOWS\system32\CatRoot2
2103-01-01 05:27:00 ----D---- C:\WINDOWS\system32\CatRoot
2103-01-01 05:26:54 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2103-01-01 05:26:32 ----A---- C:\WINDOWS\setuplog.txt
2103-01-01 05:26:29 ----D---- C:\Documents and Settings
2103-01-01 05:25:46 ----RASH---- C:\boot.ini
2103-01-01 05:24:44 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Identities
2103-01-01 05:24:42 ----HD---- C:\Program Files\Uninstall Information
2103-01-01 05:24:34 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2103-01-01 05:24:33 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2103-01-01 05:24:25 ----D---- C:\WINDOWS\SoftwareDistribution
2103-01-01 05:24:24 ----D---- C:\WINDOWS\Prefetch
2103-01-01 05:24:23 ----SD---- C:\WINDOWS\system32\Microsoft
2103-01-01 05:24:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2103-01-01 05:20:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2103-01-01 05:20:26 ----RSD---- C:\WINDOWS\Fonts
2103-01-01 05:20:26 ----RD---- C:\WINDOWS\Web
2103-01-01 05:20:26 ----HD---- C:\WINDOWS\inf
2103-01-01 05:20:26 ----D---- C:\WINDOWS\WinSxS
2103-01-01 05:20:26 ----D---- C:\WINDOWS\twain_32
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\wins
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\wbem
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\usmt
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\spool
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\ShellExt
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\Setup
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\ras
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\oobe
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\npp
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\mui
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\inetsrv
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\IME
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\icsxml
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\ias
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\export
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\drivers
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\dhcp
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\cs-cz
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\cs
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\config
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\3com_dmi
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\3076
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\2052
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\1054
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\1042
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\1041
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\1037
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\1033
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\1031
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\1029
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\1028
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32\1025
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system32
2103-01-01 05:20:26 ----D---- C:\WINDOWS\system
2103-01-01 05:20:26 ----D---- C:\WINDOWS\security
2103-01-01 05:20:26 ----D---- C:\WINDOWS\Resources
2103-01-01 05:20:26 ----D---- C:\WINDOWS\repair
2103-01-01 05:20:26 ----D---- C:\WINDOWS\Provisioning
2103-01-01 05:20:26 ----D---- C:\WINDOWS\pchealth
2103-01-01 05:20:26 ----D---- C:\WINDOWS\PeerNet
2103-01-01 05:20:26 ----D---- C:\WINDOWS\Network Diagnostic
2103-01-01 05:20:26 ----D---- C:\WINDOWS\mui
2103-01-01 05:20:26 ----D---- C:\WINDOWS\msapps
2103-01-01 05:20:26 ----D---- C:\WINDOWS\msagent
2103-01-01 05:20:26 ----D---- C:\WINDOWS\Media
2103-01-01 05:20:26 ----D---- C:\WINDOWS\L2Schemas
2103-01-01 05:20:26 ----D---- C:\WINDOWS\java
2103-01-01 05:20:26 ----D---- C:\WINDOWS\ime
2103-01-01 05:20:26 ----D---- C:\WINDOWS\Help
2103-01-01 05:20:26 ----D---- C:\WINDOWS\ehome
2103-01-01 05:20:26 ----D---- C:\WINDOWS\Driver Cache
2103-01-01 05:20:26 ----D---- C:\WINDOWS\Debug
2103-01-01 05:20:26 ----D---- C:\WINDOWS\Cursors
2103-01-01 05:20:26 ----D---- C:\WINDOWS\Connection Wizard
2103-01-01 05:20:26 ----D---- C:\WINDOWS\Config
2103-01-01 05:20:26 ----D---- C:\WINDOWS\AppPatch
2103-01-01 05:20:26 ----D---- C:\WINDOWS\addins
2103-01-01 05:20:26 ----D---- C:\WINDOWS
2103-01-01 05:17:17 ----D---- C:\WINDOWS\system32\xircom
2103-01-01 05:17:17 ----D---- C:\Program Files\xerox
2103-01-01 05:17:17 ----D---- C:\Program Files\microsoft frontpage
2103-01-01 05:16:31 ----A---- C:\WINDOWS\OEWABLog.txt
2103-01-01 05:16:26 ----A---- C:\WINDOWS\system32\mapi32.dll
2103-01-01 05:15:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2103-01-01 05:15:17 ----RD---- C:\WINDOWS\Offline Web Pages
2103-01-01 05:15:17 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2103-01-01 05:15:10 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2103-01-01 05:15:04 ----HD---- C:\Program Files\WindowsUpdate
2103-01-01 05:14:59 ----D---- C:\Program Files\Online Services
2103-01-01 05:14:38 ----D---- C:\WINDOWS\system32\DirectX
2103-01-01 05:14:31 ----A---- C:\WINDOWS\system32\atrace.dll
2103-01-01 05:14:28 ----A---- C:\WINDOWS\system32\desktop.ini
2103-01-01 05:14:28 ----A---- C:\WINDOWS\desktop.ini
2103-01-01 05:14:19 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2103-01-01 05:14:18 ----A---- C:\WINDOWS\system32\acctres.dll
2103-01-01 05:14:17 ----D---- C:\Program Files\Common Files\Services
2103-01-01 05:14:14 ----SD---- C:\WINDOWS\Tasks
2103-01-01 05:14:14 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2103-01-01 05:14:12 ----D---- C:\Program Files\Common Files\MSSoap
2103-01-01 05:14:08 ----D---- C:\WINDOWS\srchasst
2103-01-01 05:14:07 ----D---- C:\WINDOWS\system32\Macromed
2103-01-01 05:14:03 ----A---- C:\WINDOWS\system32\wuweb.dll
2103-01-01 05:14:03 ----A---- C:\WINDOWS\system32\wucltui.dll
2103-01-01 05:14:03 ----A---- C:\WINDOWS\system32\wuauserv.dll
2103-01-01 05:14:03 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2103-01-01 05:14:02 ----N---- C:\WINDOWS\system32\wuauclt.exe
2103-01-01 05:14:02 ----A---- C:\WINDOWS\system32\wups.dll
2103-01-01 05:14:02 ----A---- C:\WINDOWS\system32\wuaueng.dll
2103-01-01 05:14:02 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2103-01-01 05:14:02 ----A---- C:\WINDOWS\system32\wuapi.dll
2103-01-01 05:14:02 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2103-01-01 05:14:02 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2103-01-01 05:14:01 ----N---- C:\WINDOWS\system32\qmgr.dll
2103-01-01 05:14:01 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2103-01-01 05:14:01 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2103-01-01 05:13:57 ----D---- C:\Program Files\Movie Maker
2103-01-01 05:13:34 ----A---- C:\WINDOWS\system32\safrslv.dll
2103-01-01 05:13:34 ----A---- C:\WINDOWS\system32\safrdm.dll
2103-01-01 05:13:34 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2103-01-01 05:13:34 ----A---- C:\WINDOWS\system32\racpldlg.dll
2103-01-01 05:13:30 ----A---- C:\WINDOWS\system32\fltMc.exe
2103-01-01 05:13:30 ----A---- C:\WINDOWS\system32\fltlib.dll
2103-01-01 05:13:29 ----N---- C:\WINDOWS\system32\srsvc.dll
2103-01-01 05:13:29 ----D---- C:\WINDOWS\system32\Restore
2103-01-01 05:13:29 ----A---- C:\WINDOWS\system32\srrstr.dll
2103-01-01 05:13:29 ----A---- C:\WINDOWS\system32\srclient.dll
2103-01-01 05:13:28 ----A---- C:\WINDOWS\system32\mnmdd.dll
2103-01-01 05:13:28 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2103-01-01 05:13:28 ----A---- C:\WINDOWS\system32\ils.dll
2103-01-01 05:13:27 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2103-01-01 05:13:27 ----A---- C:\WINDOWS\system32\msconf.dll
2103-01-01 05:13:27 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2103-01-01 05:13:24 ----D---- C:\Program Files\NetMeeting
2103-01-01 05:13:24 ----A---- C:\WINDOWS\system32\msoert2.dll
2103-01-01 05:13:23 ----A---- C:\WINDOWS\system32\msoeacct.dll
2103-01-01 05:13:22 ----A---- C:\WINDOWS\system32\inetres.dll
2103-01-01 05:13:22 ----A---- C:\WINDOWS\system32\inetcomm.dll
2103-01-01 05:13:19 ----N---- C:\WINDOWS\system32\schedsvc.dll
2103-01-01 05:13:19 ----D---- C:\Program Files\Outlook Express
2103-01-01 05:13:19 ----A---- C:\WINDOWS\system32\mstinit.exe
2103-01-01 05:13:19 ----A---- C:\WINDOWS\system32\mstask.dll
2103-01-01 05:13:19 ----A---- C:\WINDOWS\system32\icwphbk.dll
2103-01-01 05:13:18 ----A---- C:\WINDOWS\system32\isign32.dll
2103-01-01 05:13:18 ----A---- C:\WINDOWS\system32\inetcfg.dll
2103-01-01 05:13:18 ----A---- C:\WINDOWS\system32\icwdial.dll
2103-01-01 05:13:11 ----D---- C:\Program Files\Common Files\System
2103-01-01 05:13:10 ----D---- C:\Program Files\Internet Explorer
2103-01-01 05:12:19 ----A---- C:\WINDOWS\vbaddin.ini
2103-01-01 05:12:19 ----A---- C:\WINDOWS\vb.ini
2103-01-01 05:12:14 ----D---- C:\WINDOWS\Registration
2103-01-01 05:12:05 ----D---- C:\Program Files\Windows Media Player
2103-01-01 05:11:58 ----D---- C:\Program Files\Messenger
2103-01-01 05:11:53 ----D---- C:\Program Files\MSN Gaming Zone
2103-01-01 05:11:53 ----A---- C:\WINDOWS\system32\write.exe
2103-01-01 05:11:41 ----A---- C:\WINDOWS\system32\sndvol32.exe
2103-01-01 05:11:41 ----A---- C:\WINDOWS\system32\hticons.dll
2103-01-01 05:11:40 ----A---- C:\WINDOWS\system32\avwav.dll
2103-01-01 05:11:40 ----A---- C:\WINDOWS\system32\avtapi.dll
2103-01-01 05:11:40 ----A---- C:\WINDOWS\system32\avmeter.dll
2103-01-01 05:11:39 ----A---- C:\WINDOWS\system32\winchat.exe
2103-01-01 05:11:30 ----A---- C:\WINDOWS\system32\charmap.exe
2103-01-01 05:11:30 ----A---- C:\WINDOWS\system32\getuname.dll
2103-01-01 05:11:30 ----A---- C:\WINDOWS\system32\calc.exe
2103-01-01 05:11:29 ----A---- C:\WINDOWS\system32\winmine.exe
2103-01-01 05:11:29 ----A---- C:\WINDOWS\system32\sol.exe
2103-01-01 05:11:29 ----A---- C:\WINDOWS\system32\mshearts.exe
2103-01-01 05:11:28 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2103-01-01 05:11:28 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2103-01-01 05:11:28 ----A---- C:\WINDOWS\system32\tslabels.ini
2103-01-01 05:11:28 ----A---- C:\WINDOWS\system32\tskill.exe
2103-01-01 05:11:28 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2103-01-01 05:11:28 ----A---- C:\WINDOWS\system32\tscon.exe
2103-01-01 05:11:28 ----A---- C:\WINDOWS\system32\reset.exe
2103-01-01 05:11:28 ----A---- C:\WINDOWS\system32\freecell.exe
2103-01-01 05:11:27 ----A---- C:\WINDOWS\system32\shadow.exe
2103-01-01 05:11:27 ----A---- C:\WINDOWS\system32\rwinsta.exe
2103-01-01 05:11:27 ----A---- C:\WINDOWS\system32\regini.exe
2103-01-01 05:11:27 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2103-01-01 05:11:27 ----A---- C:\WINDOWS\system32\qwinsta.exe
2103-01-01 05:11:27 ----A---- C:\WINDOWS\system32\qappsrv.exe
2103-01-01 05:11:27 ----A---- C:\WINDOWS\system32\msg.exe
2103-01-01 05:11:27 ----A---- C:\WINDOWS\system32\logoff.exe
2103-01-01 05:11:26 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2103-01-01 05:11:26 ----A---- C:\WINDOWS\system32\cdmodem.dll
2103-01-01 05:11:19 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2103-01-01 05:11:18 ----A---- C:\WINDOWS\system32\accwiz.exe
2103-01-01 05:11:17 ----A---- C:\WINDOWS\system32\sndrec32.exe
2103-01-01 05:11:17 ----A---- C:\WINDOWS\system32\mplay32.exe
2103-01-01 05:11:17 ----A---- C:\WINDOWS\system32\hypertrm.dll
2103-01-01 05:11:16 ----D---- C:\Program Files\Windows NT
2103-01-01 05:11:16 ----A---- C:\WINDOWS\system32\mspaint.exe
2103-01-01 05:11:16 ----A---- C:\WINDOWS\system32\clipbrd.exe
2103-01-01 05:11:15 ----A---- C:\WINDOWS\system32\spider.exe
2103-01-01 05:11:14 ----A---- C:\WINDOWS\system32\tsgqec.dll
2103-01-01 05:11:14 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2103-01-01 05:11:14 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2103-01-01 05:11:13 ----A---- C:\WINDOWS\system32\mstscax.dll
2103-01-01 05:11:13 ----A---- C:\WINDOWS\system32\aaclient.dll
2103-01-01 05:11:12 ----A---- C:\WINDOWS\system32\sessmgr.exe
2103-01-01 05:11:12 ----A---- C:\WINDOWS\system32\remotepg.dll
2103-01-01 05:11:12 ----A---- C:\WINDOWS\system32\rdshost.exe
2103-01-01 05:11:12 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2103-01-01 05:11:12 ----A---- C:\WINDOWS\system32\mstsc.exe
2103-01-01 05:11:11 ----N---- C:\WINDOWS\system32\termsrv.dll
2103-01-01 05:11:11 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2103-01-01 05:11:11 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2103-01-01 05:11:11 ----A---- C:\WINDOWS\system32\rdpclip.exe
2103-01-01 05:11:11 ----A---- C:\WINDOWS\system32\rdchost.dll
2103-01-01 05:11:11 ----A---- C:\WINDOWS\system32\qprocess.exe
2103-01-01 05:11:11 ----A---- C:\WINDOWS\system32\icaapi.dll
2103-01-01 05:11:10 ----D---- C:\WINDOWS\system32\MsDtc
2103-01-01 05:11:10 ----A---- C:\WINDOWS\system32\mtxoci.dll
2103-01-01 05:11:10 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2103-01-01 05:11:10 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2103-01-01 05:11:10 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2103-01-01 05:11:09 ----A---- C:\WINDOWS\system32\xolehlp.dll
2103-01-01 05:11:09 ----A---- C:\WINDOWS\system32\msdtctm.dll
2103-01-01 05:11:09 ----A---- C:\WINDOWS\system32\msdtclog.dll
2103-01-01 05:11:09 ----A---- C:\WINDOWS\system32\msdtc.exe
2103-01-01 05:11:08 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2103-01-01 05:11:08 ----A---- C:\WINDOWS\system32\mtxex.dll
2103-01-01 05:11:08 ----A---- C:\WINDOWS\system32\mtxdm.dll
2103-01-01 05:11:08 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2103-01-01 05:11:07 ----D---- C:\WINDOWS\system32\Com
2103-01-01 05:11:07 ----A---- C:\WINDOWS\system32\stclient.dll
2103-01-01 05:11:07 ----A---- C:\WINDOWS\system32\comrepl.dll
2103-01-01 05:11:07 ----A---- C:\WINDOWS\system32\comaddin.dll
2103-01-01 05:11:07 ----A---- C:\WINDOWS\system32\colbact.dll
2103-01-01 05:11:07 ----A---- C:\WINDOWS\system32\clbcatex.dll
2103-01-01 05:11:07 ----A---- C:\WINDOWS\system32\catsrvps.dll
2103-01-01 05:11:06 ----A---- C:\WINDOWS\system32\catsrvut.dll
2103-01-01 05:11:06 ----A---- C:\WINDOWS\system32\catsrv.dll
2103-01-01 05:11:05 ----A---- C:\WINDOWS\system32\comuid.dll
2103-01-01 05:11:05 ----A---- C:\WINDOWS\system32\comsvcs.dll
2103-01-01 05:11:05 ----A---- C:\WINDOWS\system32\comsnap.dll
2103-01-01 05:11:04 ----A---- C:\WINDOWS\system32\clbcatq.dll
2103-01-01 05:10:57 ----A---- C:\WINDOWS\system32\servdeps.dll
2103-01-01 05:10:56 ----A---- C:\WINDOWS\system32\mmfutil.dll
2103-01-01 05:10:56 ----A---- C:\WINDOWS\system32\licwmi.dll
2103-01-01 05:10:56 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-01-10 14:25:09 ----D---- C:\Documents and Settings\Administrator\Data aplikací\GrabPro
2010-01-10 14:25:01 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Orbit
2010-01-10 14:08:00 ----D---- C:\Program Files\CCleaner
2010-01-10 13:23:21 ----D---- C:\_OTM
2010-01-10 12:56:35 ----SHD---- C:\RECYCLER
2010-01-10 12:47:11 ----D---- C:\WINDOWS\temp
2010-01-10 12:47:09 ----A---- C:\ComboFix.txt
2010-01-09 23:35:26 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Hide IP NG
2010-01-09 17:44:26 ----D---- C:\Program Files\trend micro
2010-01-09 17:44:24 ----D---- C:\rsit
2010-01-09 17:26:09 ----D---- C:\Program Files\Mozilla Firefox 3.6 Beta 3
2010-01-09 11:40:21 ----D---- C:\ODHMYZOVACE
2010-01-08 23:19:38 ----A---- C:\Boot.bak
2010-01-08 23:19:28 ----RASHD---- C:\cmdcons
2010-01-08 23:18:24 ----A---- C:\WINDOWS\zip.exe
2010-01-08 23:18:24 ----A---- C:\WINDOWS\SWREG.exe
2010-01-08 23:18:24 ----A---- C:\WINDOWS\sed.exe
2010-01-08 23:18:24 ----A---- C:\WINDOWS\PEV.exe
2010-01-08 23:18:24 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-08 23:18:24 ----A---- C:\WINDOWS\MBR.exe
2010-01-08 23:18:24 ----A---- C:\WINDOWS\grep.exe
2010-01-08 23:18:23 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-08 23:18:23 ----A---- C:\WINDOWS\SWSC.exe
2010-01-08 23:17:56 ----D---- C:\WINDOWS\ERDNT
2010-01-08 23:09:59 ----D---- C:\Qoobox
2010-01-03 14:19:07 ----D---- C:\Documents and Settings\Administrator\Data aplikací\CometNetwork
2010-01-03 14:18:41 ----D---- C:\Program Files\CometBird
2010-01-03 14:16:24 ----D---- C:\Downloads
2010-01-03 14:15:34 ----D---- C:\Program Files\BitComet
2010-01-03 11:17:43 ----N---- C:\WINDOWS\system32\spmsg2.dll
2010-01-03 11:17:34 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2010-01-03 11:14:38 ----D---- C:\WINDOWS\system32\XPSViewer
2010-01-03 11:14:31 ----D---- C:\Program Files\MSBuild
2010-01-03 11:14:28 ----D---- C:\WINDOWS\system32\en-US
2010-01-03 11:14:17 ----D---- C:\Program Files\Reference Assemblies
2010-01-03 11:13:17 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-01-03 11:13:17 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-01-03 11:13:17 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-12-28 00:15:34 ----D---- C:\spoolerlogs
2009-12-26 11:31:12 ----D---- C:\Program Files\Common Files\Autodata Limited Shared
2009-12-25 11:08:11 ----D---- C:\dokumenty
2009-12-23 18:45:54 ----SHD---- C:\WINDOWS\CSC
2009-12-16 23:44:20 ----D---- C:\Program Files\Babylon
2009-12-16 23:43:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Babylon
2009-12-16 23:43:07 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Babylon
2009-12-16 21:51:32 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2009-12-16 12:48:43 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2009-12-13 22:19:21 ----D---- C:\Program Files\eMule
2009-12-12 19:03:00 ----D---- C:\Program Files\ASIX
2009-12-12 14:12:16 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Kerio
2009-12-12 14:11:20 ----D---- C:\Program Files\Kerio
2009-12-12 00:08:18 ----A---- C:\WINDOWS\system32\DLPORTIO.DLL
2009-12-12 00:08:15 ----D---- C:\Program Files\PonyProg2000

======List of files/folders modified in the last 1 months======

2103-01-01 05:24:25 ----SHD---- C:\System Volume Information
2010-01-10 13:29:55 ----A---- C:\WINDOWS\win.ini
2010-01-10 12:43:31 ----A---- C:\WINDOWS\system.ini
2010-01-09 23:21:34 ----D---- C:\Program Files\ESET
2010-01-09 17:28:09 ----D---- C:\Program Files\Mozilla Firefox
2010-01-09 11:16:49 ----D---- C:\WINDOWS\Minidump
2010-01-08 23:33:17 ----D---- C:\Program Files\ICQ6.5
2010-01-08 17:48:21 ----A---- C:\WINDOWS\system32\imon.dll
2010-01-04 09:55:24 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-03 14:25:56 ----D---- C:\WINDOWS\Temporary Internet Files
2010-01-03 14:08:40 ----D---- C:\WINDOWS\pss
2010-01-03 12:48:34 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-03 12:48:26 ----RSD---- C:\WINDOWS\assembly
2010-01-03 09:27:18 ----D---- C:\EMAIL
2010-01-02 23:35:41 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2010-01-02 23:35:26 ----D---- C:\Documents and Settings\Administrator\Data aplikací\skypePM
2010-01-02 19:42:28 ----A---- C:\WINDOWS\TextSpy.ini
2009-12-31 12:43:20 ----D---- C:\ADCDA2
2009-12-16 21:18:41 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-16 08:40:03 ----D---- C:\BYT
2009-12-12 23:27:21 ----D---- C:\INSTALL
2009-12-11 21:33:47 ----A---- C:\WINDOWS\RBSystem.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2006-01-10 31846]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2010-01-08 15424]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2007-01-23 16896]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2010-01-08 512096]
R2 FastPara;FastPara; C:\WINDOWS\system32\drivers\FastPara.sys [1998-05-29 28544]
R2 HOSTNT;HOSTNT; C:\WINDOWS\system32\drivers\HOSTNT.sys [2009-11-15 4032]
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R3 adatadrv;adatadrv; C:\WINDOWS\system32\DRIVERS\adatadrv.sys [2009-07-01 762112]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-14 63744]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NmPar;PCI Parallel Port; C:\WINDOWS\system32\DRIVERS\NmPar.sys [2008-12-24 80256]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-13 1897408]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2008-04-13 32768]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 adgk4bs3;adgk4bs3; C:\WINDOWS\system32\drivers\adgk4bs3.sys []
S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2005-06-08 20608]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys []
S3 DLPortIO;DriverLINX Port I/O Driver; \??\C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS []
S3 kvnet;Kerio Virtual Network Adapter; C:\WINDOWS\system32\DRIVERS\kvnet.sys [2009-03-23 29696]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2007-01-23 317952]
S3 SNTNLUSB;SafeNet USB SuperPro/UltraPro/HardwareKey; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2008-07-11 37088]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 477696]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2006-09-22 69632]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2010-01-08 552064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S4 Autodata Limited License Service;Autodata Limited License Service; C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [2009-12-26 72704]
S4 KVPNCSvc;Kerio VPN Client Service; C:\Program Files\Kerio\VPN Client\kvpncsvc.exe [2009-10-26 972648]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S4 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]

-----------------EOF-----------------