VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu, problém s Vundo.KA

https://forum.viry.cz:443/viewtopic.php?t=97582

Stránka 1 z 2

Prosím o kontrolu logu, problém s Vundo.KA

Napsal: 13 úno 2010 01:08
od Morticie Addams
Dobrý den, prosím o pomoc. Objevil se mi v počítači Trojan Vundo.KA ve svchostu a prohlížečích, už sem vyzkoušela snad všechno a pořád se toho ne a ne zbavit. Tady je log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by doma at 2010-02-13 00:58:29
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 34 GB (67%) free of 50 GB
Total RAM: 953 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:58:42, on 13.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\wmiprvsr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\PLFSetL.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\doma\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Documents and Settings\doma\Plocha\RSIT.exe
C:\Program Files\trend micro\doma.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Centrum.cz Toolbar - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Softwares] C:\WINDOWS\wmiprvsr.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\raqimgr.exe
O4 - HKLM\..\Run: [reset] regedit /s reset.reg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\doma\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O18 - Protocol: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: cbssreg - C:\Documents and Settings\All Users\Dokumenty\Settings\cbss.dll
O20 - Winlogon Notify: RailNotification - C:\WINDOWS\
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

--
End of file - 10041 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1801674531-1417001333-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1801674531-1417001333-1004UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-01-29 1230288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-02-06 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A}]
CentrumczToolbar BHO - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2010-01-29 1261872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-02-13 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944]
{D5D47440-0750-463D-BAEF-A47D02414806} - Centrum.cz Toolbar - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2010-01-29 1261872]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-01-29 1230288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"AzMixerSel"=C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [2006-07-18 53248]
"Softwares"=C:\WINDOWS\wmiprvsr.exe [2010-02-06 463872]
"Systems"=C:\WINDOWS\raqimgr.exe [2010-02-06 463872]
"reset"=regedit /s reset.reg []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-06-17 150040]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-06-17 170520]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-06-17 141848]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-06-13 16871936]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-02-22 1032192]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2009-01-10 196608]
"ZPdtWzdVitaKey MC3000"=C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [2010-02-06 3724800]
"PLFSetL"=C:\WINDOWS\PLFSetL.exe [2007-07-05 94208]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-07-25 875016]
"IntelZeroConfig"=C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2008-04-30 1347584]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2008-04-30 1191936]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-02-06 198160]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-02-13 2033432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]
"Google Update"=C:\Documents and Settings\doma\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-02-13 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000]
C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [2010-02-06 3167744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg]
C:\Documents and Settings\All Users\Dokumenty\Settings\cbss.dll [2010-02-12 38912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-06-11 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RailNotification]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\spba]
C:\Program Files\Common Files\SPBA\homefus2.dll [2008-03-25 567560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2010-01-14 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2010-01-14 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\Acer\Acer Bio Protection\PwdFilter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-02-13 00:58:30 ----D---- C:\Program Files\trend micro
2010-02-13 00:58:29 ----D---- C:\rsit
2010-02-13 00:02:05 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-02-12 22:50:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-02-12 22:42:42 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-12 22:42:42 ----D---- C:\Documents and Settings\doma\Data aplikací\SUPERAntiSpyware.com
2010-02-12 22:41:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-12 19:15:15 ----D---- C:\Program Files\Crawler
2010-02-12 18:40:06 ----A---- C:\WINDOWS\system32\tmp.txt
2010-02-12 18:39:13 ----A---- C:\rapport.txt
2010-02-12 18:38:30 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2010-02-12 18:38:29 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2010-02-12 18:38:29 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2010-02-12 18:38:29 ----A---- C:\WINDOWS\system32\VACFix.exe
2010-02-12 18:38:29 ----A---- C:\WINDOWS\system32\swxcacls.exe
2010-02-12 18:38:29 ----A---- C:\WINDOWS\system32\swsc.exe
2010-02-12 18:38:29 ----A---- C:\WINDOWS\system32\swreg.exe
2010-02-12 18:38:29 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2010-02-12 18:38:29 ----A---- C:\WINDOWS\system32\Process.exe
2010-02-12 18:38:29 ----A---- C:\WINDOWS\system32\o4Patch.exe
2010-02-12 18:38:29 ----A---- C:\WINDOWS\system32\IEDFix.exe
2010-02-12 18:38:29 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2010-02-12 18:38:29 ----A---- C:\WINDOWS\system32\dumphive.exe
2010-02-12 18:38:29 ----A---- C:\WINDOWS\system32\404Fix.exe
2010-02-10 15:56:00 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-09 17:29:20 ----HD---- C:\$AVG
2010-02-09 17:28:44 ----D---- C:\Program Files\AVG
2010-02-09 17:28:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-02-07 20:11:00 ----A---- C:\WINDOWS\system32\MFC71.dll
2010-02-07 19:53:30 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-06 22:07:20 ----D---- C:\Program Files\CCleaner
2010-02-06 21:52:18 ----A---- C:\WINDOWS\ODBC.INI
2010-02-06 21:52:12 ----A---- C:\WINDOWS\system32\mdimon.dll
2010-02-06 19:56:43 ----D---- C:\Documents and Settings\doma\Data aplikací\Ahead
2010-02-06 19:56:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ahead
2010-02-06 19:54:24 ----D---- C:\Program Files\Nero
2010-02-06 19:54:24 ----D---- C:\Program Files\Common Files\Ahead
2010-02-06 17:53:20 ----D---- C:\QIP Infium JadrisPack
2010-02-06 17:47:03 ----D---- C:\Program Files\QIP
2010-02-06 16:34:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2010-02-06 16:27:57 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-02-06 16:27:52 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-02-06 16:27:52 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-02-06 16:27:51 ----D---- C:\Program Files\Common Files\xing shared
2010-02-06 16:27:38 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-02-06 16:27:38 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-02-06 16:27:38 ----A---- C:\WINDOWS\system32\msvcp71.dll
2010-02-06 16:27:37 ----D---- C:\Program Files\Real
2010-02-06 16:27:36 ----D---- C:\Program Files\Common Files\Real
2010-02-06 16:27:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2010-02-06 16:27:31 ----D---- C:\Documents and Settings\doma\Data aplikací\Real
2010-02-06 14:56:13 ----D---- C:\Program Files\QIP Infium
2010-02-06 14:44:20 ----D---- C:\Documents and Settings\doma\Data aplikací\Windows Search
2010-02-06 14:37:45 ----D---- C:\Documents and Settings\doma\Data aplikací\Mozilla
2010-02-06 14:37:32 ----D---- C:\Program Files\Mozilla Firefox
2010-02-06 14:37:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\CentrumczToolbar
2010-02-06 14:36:59 ----D---- C:\Program Files\CentrumczToolbar
2010-02-06 14:32:37 ----D---- C:\WINDOWS\system32\KB905474
2010-02-06 14:14:46 ----D---- C:\Program Files\Atheros
2010-02-06 14:07:36 ----D---- C:\Program Files\Common Files\Intel
2010-02-06 14:06:25 ----D---- C:\Program Files\Ralink
2010-02-06 14:06:02 ----D---- C:\temp
2010-02-06 12:54:31 ----A---- C:\WINDOWS\setup.INI
2010-02-06 12:53:34 ----D---- C:\Program Files\Launch Manager
2010-02-06 12:52:13 ----D---- C:\WINDOWS\Acer Crystal Eye Webcam
2010-02-06 12:52:11 ----D---- C:\WINDOWS\system32\x64
2010-02-06 12:52:11 ----A---- C:\WINDOWS\system32\vsnp2uvc.dll
2010-02-06 12:52:10 ----D---- C:\Program Files\Common Files\snp2uvc
2010-02-06 12:52:10 ----A---- C:\WINDOWS\system32\rsnp2uvc.dll
2010-02-06 12:52:10 ----A---- C:\WINDOWS\system32\PLFSetL.exe
2010-02-06 12:52:10 ----A---- C:\WINDOWS\system32\PidList.ini
2010-02-06 12:52:10 ----A---- C:\WINDOWS\system32\csnp2uvc.dll
2010-02-06 12:52:10 ----A---- C:\WINDOWS\PLFSetL.exe
2010-02-06 12:51:36 ----A---- C:\WINDOWS\FixUVC.exe
2010-02-06 12:50:20 ----A---- C:\WINDOWS\system32\VMC3KAPI.dll
2010-02-06 12:50:20 ----A---- C:\WINDOWS\system32\VCryptAPI.dll
2010-02-06 12:50:18 ----A---- C:\WINDOWS\system32\ShlCmd.exe
2010-02-06 12:50:17 ----A---- C:\WINDOWS\system32\biologon.dll
2010-02-06 12:50:03 ----A---- C:\WINDOWS\system32\DrvCrypt.dll
2010-02-06 12:50:03 ----A---- C:\WINDOWS\system32\AlfaFF.dll
2010-02-06 12:49:58 ----A---- C:\WINDOWS\system32\bsapi.dll
2010-02-06 12:48:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\UIB
2010-02-06 12:48:09 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2010-02-06 12:47:00 ----RA---- C:\WINDOWS\system32\WdfCoInstaller01005.dll
2010-02-06 12:46:59 ----RA---- C:\WINDOWS\system32\Vxdif.dll
2010-02-06 12:46:59 ----D---- C:\Program Files\Apoint2K
2010-02-06 12:45:08 ----A---- C:\WINDOWS\system32\SynTPCo4.dll
2010-02-06 12:45:07 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2010-02-06 12:45:06 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2010-02-06 12:45:06 ----A---- C:\WINDOWS\system32\SynCOM.dll
2010-02-06 12:43:26 ----D---- C:\WINDOWS\system32\SDA
2010-02-06 12:40:19 ----A---- C:\WINDOWS\system32\btw_ci.dll
2010-02-06 12:40:09 ----D---- C:\Program Files\WIDCOMM
2010-02-06 12:33:48 ----D---- C:\Program Files\ATI Technologies
2010-02-06 12:17:04 ----D---- C:\Program Files\QMI
2010-02-06 12:16:54 ----A---- C:\WINDOWS\system32\athihvs.dll
2010-02-06 12:15:46 ----R---- C:\WINDOWS\system32\QmiInstDev.exe
2010-02-06 12:07:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Atheros
2010-02-06 11:54:40 ----A---- C:\WINDOWS\system32\RaCoInst.dll
2010-02-06 11:54:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ralink
2010-02-06 11:51:27 ----A---- C:\WINDOWS\system32\4318_0312_Update32D.BAT
2010-02-06 11:51:27 ----A---- C:\WINDOWS\system32\4318_0312_Update32C.BAT
2010-02-06 11:51:27 ----A---- C:\WINDOWS\system32\4318_0312_Remove32D.BAT
2010-02-06 11:51:27 ----A---- C:\WINDOWS\system32\4318_0312_Remove32C.BAT
2010-02-06 11:51:27 ----A---- C:\WINDOWS\system32\4318_0311_Update32D.BAT
2010-02-06 11:51:27 ----A---- C:\WINDOWS\system32\4318_0311_Update32C.BAT
2010-02-06 11:51:27 ----A---- C:\WINDOWS\system32\4318_0311_Remove32D.BAT
2010-02-06 11:51:27 ----A---- C:\WINDOWS\system32\4318_0311_Remove32C.BAT
2010-02-06 11:51:27 ----A---- C:\WINDOWS\system32\4315_Update32D.BAT
2010-02-06 11:51:27 ----A---- C:\WINDOWS\system32\4315_Update32C.BAT
2010-02-06 11:51:27 ----A---- C:\WINDOWS\system32\4315_Remove32D.BAT
2010-02-06 11:51:27 ----A---- C:\WINDOWS\system32\4315_Remove32C.BAT
2010-02-06 11:51:26 ----RASH---- C:\WINDOWS\system32\Desktop_.ini
2010-02-06 11:51:26 ----A---- C:\WINDOWS\system32\devIA64.exe
2010-02-06 11:51:26 ----A---- C:\WINDOWS\system32\devcon.exe
2010-02-06 11:51:26 ----A---- C:\WINDOWS\system32\devAMD64.exe
2010-02-06 11:51:26 ----A---- C:\WINDOWS\system32\4328_Update32D.BAT
2010-02-06 11:51:26 ----A---- C:\WINDOWS\system32\4328_Update32C.BAT
2010-02-06 11:51:26 ----A---- C:\WINDOWS\system32\4328_Remove32D.BAT
2010-02-06 11:51:26 ----A---- C:\WINDOWS\system32\4328_Remove32C.BAT
2010-02-06 11:51:26 ----A---- C:\WINDOWS\system32\4311_Update32D.BAT
2010-02-06 11:51:26 ----A---- C:\WINDOWS\system32\4311_Update32C.BAT
2010-02-06 11:51:26 ----A---- C:\WINDOWS\system32\4311_Remove32D.BAT
2010-02-06 11:51:26 ----A---- C:\WINDOWS\system32\4311_Remove32C.BAT
2010-02-06 11:51:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Broadcom
2010-02-06 11:48:24 ----D---- C:\Documents and Settings\doma\Data aplikací\Intel
2010-02-06 11:47:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Intel
2010-02-06 10:08:02 ----A---- C:\WINDOWS\system32\msonpmon.dll
2010-02-06 10:06:38 ----D---- C:\Program Files\Common Files\DESIGNER
2010-02-06 10:06:11 ----D---- C:\Program Files\Microsoft.NET
2010-02-06 10:04:05 ----D---- C:\WINDOWS\SHELLNEW
2010-02-06 10:03:47 ----D---- C:\Program Files\Microsoft Office
2010-02-06 10:00:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-02-06 00:21:37 ----A---- C:\WINDOWS\raqimgr.exe
2010-02-06 00:21:36 ----A---- C:\WINDOWS\wmiprvsr.exe
2010-02-06 00:21:35 ----A---- C:\WINDOWS\system32\load.exe
2010-02-06 00:21:14 ----D---- C:\Documents and Settings\doma\Data aplikací\WinRAR
2010-02-06 00:20:47 ----D---- C:\Program Files\WinRAR
2010-02-05 23:54:42 ----D---- C:\Config.Msi
2010-02-05 23:36:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-02-05 23:24:58 ----D---- C:\WINDOWS\ie8updates
2010-02-05 23:02:20 ----D---- C:\Program Files\Ask.com
2010-02-05 22:46:49 ----D---- C:\Program Files\K-Lite Codec Pack
2010-02-05 22:28:50 ----SHD---- C:\RECYCLER
2010-02-05 22:27:01 ----D---- C:\Documents and Settings\doma\Data aplikací\uTorrent
2010-02-05 22:21:13 ----D---- C:\Documents and Settings\doma\Data aplikací\Macromedia
2010-02-05 22:16:54 ----D---- C:\Documents and Settings\doma\Data aplikací\Adobe
2010-02-05 22:09:06 ----A---- C:\WINDOWS\system32\h323log.txt
2010-02-05 22:06:58 ----A---- C:\WINDOWS\system32\usbui.dll
2010-02-05 22:05:51 ----SHD---- C:\WINDOWS\Installer
2010-02-05 22:05:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-05 22:05:50 ----D---- C:\Program Files\Common Files\ODBC
2010-02-05 22:05:50 ----A---- C:\WINDOWS\ODBCINST.INI
2010-02-05 22:05:47 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-02-05 22:05:46 ----RD---- C:\Program Files
2010-02-05 22:05:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-05 22:05:46 ----D---- C:\Program Files\Common Files
2010-02-05 22:05:22 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-02-05 22:05:21 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-02-05 22:05:21 ----A---- C:\WINDOWS\system32\batt.dll
2010-02-05 22:05:21 ----A---- C:\WINDOWS\NOTEPAD.EXE
2010-02-05 22:05:20 ----A---- C:\WINDOWS\system32\storprop.dll
2010-02-05 22:05:12 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-02-05 22:04:55 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-05 22:04:55 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-05 22:04:50 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-02-05 22:04:27 ----D---- C:\Documents and Settings
2010-02-05 22:04:26 ----SHD---- C:\System Volume Information
2010-02-05 22:03:36 ----SH---- C:\boot.ini
2010-02-05 22:00:11 ----SD---- C:\WINDOWS\Offline Web Pages
2010-02-05 22:00:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-05 22:00:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-05 22:00:11 ----RSD---- C:\WINDOWS\Fonts
2010-02-05 22:00:11 ----RD---- C:\WINDOWS\Web
2010-02-05 22:00:11 ----HD---- C:\WINDOWS\inf
2010-02-05 22:00:11 ----D---- C:\WINDOWS\WinSxS
2010-02-05 22:00:11 ----D---- C:\WINDOWS\WBEM
2010-02-05 22:00:11 ----D---- C:\WINDOWS\twain_32
2010-02-05 22:00:11 ----D---- C:\WINDOWS\Temp
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\wins
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\wbem
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\usmt
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\spool
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\ShellExt
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\Setup
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\ras
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\oobe
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\npp
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\mui
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\inetsrv
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\IME
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\icsxml
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\ias
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\export
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\drivers
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\dhcp
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\cs-cz
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\cs
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\config
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\3com_dmi
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\3076
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\2052
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\1054
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\1042
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\1041
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\1037
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\1033
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\1031
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\1029
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\1028
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32\1025
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system32
2010-02-05 22:00:11 ----D---- C:\WINDOWS\system
2010-02-05 22:00:11 ----D---- C:\WINDOWS\security
2010-02-05 22:00:11 ----D---- C:\WINDOWS\Resources
2010-02-05 22:00:11 ----D---- C:\WINDOWS\repair
2010-02-05 22:00:11 ----D---- C:\WINDOWS\Provisioning
2010-02-05 22:00:11 ----D---- C:\WINDOWS\pchealth
2010-02-05 22:00:11 ----D---- C:\WINDOWS\PeerNet
2010-02-05 22:00:11 ----D---- C:\WINDOWS\Network Diagnostic
2010-02-05 22:00:11 ----D---- C:\WINDOWS\mui
2010-02-05 22:00:11 ----D---- C:\WINDOWS\msapps
2010-02-05 22:00:11 ----D---- C:\WINDOWS\msagent
2010-02-05 22:00:11 ----D---- C:\WINDOWS\Media
2010-02-05 22:00:11 ----D---- C:\WINDOWS\L2Schemas
2010-02-05 22:00:11 ----D---- C:\WINDOWS\java
2010-02-05 22:00:11 ----D---- C:\WINDOWS\ime
2010-02-05 22:00:11 ----D---- C:\WINDOWS\Help
2010-02-05 22:00:11 ----D---- C:\WINDOWS\ehome
2010-02-05 22:00:11 ----D---- C:\WINDOWS\Driver Cache
2010-02-05 21:34:56 ----R---- C:\WINDOWS\SkyTel.exe
2010-02-05 21:34:55 ----R---- C:\WINDOWS\RtlUpd.exe
2010-02-05 21:34:54 ----R---- C:\WINDOWS\RTLCPL.exe
2010-02-05 21:34:50 ----R---- C:\WINDOWS\RTHDCPL.exe
2010-02-05 21:34:50 ----R---- C:\WINDOWS\MicCal.exe
2010-02-05 21:33:25 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2010-02-05 21:33:25 ----A---- C:\WINDOWS\system32\igfxress.dll
2010-02-05 21:33:25 ----A---- C:\WINDOWS\system32\igfxpers.exe
2010-02-05 21:33:25 ----A---- C:\WINDOWS\system32\igfxdev.dll
2010-02-05 21:33:25 ----A---- C:\WINDOWS\system32\hkcmd.exe
2010-02-05 21:33:25 ----A---- C:\WINDOWS\system32\hccutils.dll
2010-02-05 21:33:14 ----RA---- C:\WINDOWS\system32\igxpun.exe
2010-02-05 21:33:14 ----RA---- C:\WINDOWS\system32\difxapi.dll
2010-02-05 21:33:14 ----D---- C:\WINDOWS\system32\Lang
2010-02-05 21:32:08 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-05 21:32:08 ----D---- C:\Documents and Settings\doma\Data aplikací\InstallShield
2010-02-05 21:30:48 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-05 21:30:46 ----RA---- C:\WINDOWS\system32\CSVer.dll
2010-02-05 21:30:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-05 21:30:46 ----D---- C:\Program Files\Intel
2010-02-05 21:30:33 ----D---- C:\Intel
2010-02-05 21:29:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-02-05 21:29:24 ----D---- C:\Program Files\Common Files\Adobe
2010-02-05 21:29:24 ----D---- C:\Program Files\Adobe
2010-02-05 21:25:46 ----D---- C:\Documents and Settings\doma\Data aplikací\Windows Desktop Search
2010-02-05 21:25:24 ----D---- C:\Documents and Settings\doma\Data aplikací\Identities
2010-02-05 21:25:22 ----HD---- C:\Program Files\Uninstall Information
2010-02-05 21:25:09 ----SD---- C:\Documents and Settings\doma\Data aplikací\Microsoft
2010-02-05 21:25:09 ----ASH---- C:\Documents and Settings\doma\Data aplikací\desktop.ini
2010-02-05 21:24:21 ----SD---- C:\WINDOWS\system32\Microsoft
2010-02-05 21:24:21 ----D---- C:\WINDOWS\Prefetch
2010-02-05 21:24:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-05 21:21:22 ----D---- C:\WINDOWS\system32\xircom
2010-02-05 21:21:22 ----D---- C:\Program Files\xerox
2010-02-05 21:21:22 ----D---- C:\Program Files\microsoft frontpage
2010-02-05 21:20:47 ----N---- C:\WINDOWS\system32\spmsg2.dll
2010-02-05 21:20:46 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2010-02-05 21:20:26 ----D---- C:\WINDOWS\system32\XPSViewer
2010-02-05 21:20:26 ----D---- C:\WINDOWS\system32\en-US
2010-02-05 21:20:25 ----D---- C:\Program Files\MSBuild
2010-02-05 21:20:22 ----D---- C:\Program Files\Reference Assemblies
2010-02-05 21:20:17 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-02-05 21:20:14 ----A---- C:\WINDOWS\system32\rgb9rast_2.dll
2010-02-05 21:18:30 ----A---- C:\WINDOWS\control.ini
2010-02-05 21:18:30 ----A---- C:\AUTOEXEC.BAT
2010-02-05 21:17:46 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-02-05 21:16:57 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-02-05 21:16:54 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-02-05 21:16:48 ----HD---- C:\Program Files\WindowsUpdate
2010-02-05 21:16:44 ----D---- C:\Program Files\Online Services
2010-02-05 21:16:32 ----D---- C:\Program Files\Windows Media Connect 2
2010-02-05 21:16:18 ----D---- C:\WINDOWS\system32\DirectX
2010-02-05 21:16:09 ----A---- C:\WINDOWS\system32\atrace.dll
2010-02-05 21:16:06 ----A---- C:\WINDOWS\system32\desktop.ini
2010-02-05 21:16:06 ----A---- C:\WINDOWS\desktop.ini
2010-02-05 21:15:59 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-02-05 21:15:58 ----A---- C:\WINDOWS\system32\acctres.dll
2010-02-05 21:15:57 ----D---- C:\Program Files\Common Files\Services
2010-02-05 21:15:54 ----SD---- C:\WINDOWS\Tasks
2010-02-05 21:15:54 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-02-05 21:15:53 ----D---- C:\Program Files\Common Files\MSSoap
2010-02-05 21:15:46 ----D---- C:\WINDOWS\srchasst
2010-02-05 21:15:44 ----D---- C:\WINDOWS\system32\Macromed
2010-02-05 21:15:41 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-02-05 21:15:41 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-02-05 21:15:41 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-02-05 21:15:41 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-02-05 21:15:40 ----A---- C:\WINDOWS\system32\wups.dll
2010-02-05 21:15:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-02-05 21:15:40 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-02-05 21:15:40 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-02-05 21:15:40 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-02-05 21:15:40 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2010-02-05 21:15:40 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-02-05 21:15:40 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-02-05 21:15:39 ----D---- C:\WINDOWS\system32\bits
2010-02-05 21:15:39 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-02-05 21:15:39 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-02-05 21:15:36 ----D---- C:\Program Files\Movie Maker
2010-02-05 21:15:17 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-02-05 21:15:17 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-02-05 21:15:16 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-02-05 21:15:16 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-02-05 21:15:12 ----D---- C:\WINDOWS\system32\Restore
2010-02-05 21:15:12 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-02-05 21:15:12 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-02-05 21:15:12 ----A---- C:\WINDOWS\system32\fltMc.exe
2010-02-05 21:15:12 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-02-05 21:15:11 ----A---- C:\WINDOWS\system32\srclient.dll
2010-02-05 21:15:11 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-02-05 21:15:11 ----A---- C:\WINDOWS\system32\ils.dll
2010-02-05 21:15:10 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-02-05 21:15:10 ----A---- C:\WINDOWS\system32\msconf.dll
2010-02-05 21:15:10 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-02-05 21:15:10 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-02-05 21:15:07 ----D---- C:\Program Files\NetMeeting
2010-02-05 21:15:07 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-02-05 21:15:07 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-02-05 21:15:06 ----A---- C:\WINDOWS\system32\inetres.dll
2010-02-05 21:15:05 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-02-05 21:15:03 ----D---- C:\Program Files\Outlook Express
2010-02-05 21:15:03 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-02-05 21:15:03 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-02-05 21:15:03 ----A---- C:\WINDOWS\system32\mstask.dll
2010-02-05 21:15:02 ----A---- C:\WINDOWS\system32\isign32.dll
2010-02-05 21:15:02 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-02-05 21:15:02 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-02-05 21:15:02 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-02-05 21:14:54 ----D---- C:\Program Files\Common Files\System
2010-02-05 21:14:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2010-02-05 21:13:49 ----RSD---- C:\WINDOWS\assembly
2010-02-05 21:13:36 ----D---- C:\Program Files\ComPlus Applications
2010-02-05 21:13:34 ----A---- C:\WINDOWS\vbaddin.ini
2010-02-05 21:13:34 ----A---- C:\WINDOWS\vb.ini
2010-02-05 21:13:30 ----D---- C:\WINDOWS\Registration
2010-02-05 21:13:23 ----D---- C:\Program Files\Windows Media Player
2010-02-05 21:13:16 ----A---- C:\WINDOWS\system32\xpssvcs.dll
2010-02-05 21:13:16 ----A---- C:\WINDOWS\system32\xpsshhdr.dll
2010-02-05 21:13:16 ----A---- C:\WINDOWS\system32\prntvpt.dll
2010-02-05 21:13:06 ----D---- C:\WINDOWS\system32\DRM
2010-02-05 21:13:06 ----D---- C:\WINDOWS\BitLockerDiscoveryVolumeContents
2010-02-05 21:13:06 ----A---- C:\WINDOWS\system32\SecProc_ssp_isv.dll
2010-02-05 21:13:06 ----A---- C:\WINDOWS\system32\SecProc_ssp.dll
2010-02-05 21:13:06 ----A---- C:\WINDOWS\system32\RmActivate_ssp_isv.exe
2010-02-05 21:13:05 ----A---- C:\WINDOWS\system32\RmActivate_ssp.exe
2010-02-05 21:13:05 ----A---- C:\WINDOWS\system32\RmActivate_isv.exe
2010-02-05 21:13:05 ----A---- C:\WINDOWS\system32\RmActivate.exe
2010-02-05 21:13:04 ----A---- C:\WINDOWS\system32\SecProc_isv.dll
2010-02-05 21:13:04 ----A---- C:\WINDOWS\system32\SecProc.dll
2010-02-05 21:13:04 ----A---- C:\WINDOWS\system32\msdrm.dll
2010-02-05 21:13:03 ----N---- C:\WINDOWS\system32\WgaLogon.dll
2010-02-05 21:13:03 ----A---- C:\WINDOWS\system32\winUsbCoinstaller.dll
2010-02-05 21:13:02 ----A---- C:\WINDOWS\system32\WdfCoInstaller01007.dll
2010-02-05 21:13:01 ----A---- C:\WINDOWS\system32\WUDFUpdate_01007.dll
2010-02-05 21:13:00 ----A---- C:\WINDOWS\system32\UncDMS.dll
2010-02-05 21:13:00 ----A---- C:\WINDOWS\system32\imapi2fs.dll
2010-02-05 21:13:00 ----A---- C:\WINDOWS\system32\imapi2.dll
2010-02-05 21:12:59 ----A---- C:\WINDOWS\system32\UncRes.dll
2010-02-05 21:12:59 ----A---- C:\WINDOWS\system32\UncPH.dll
2010-02-05 21:12:59 ----A---- C:\WINDOWS\system32\UncNE.dll
2010-02-05 21:12:59 ----A---- C:\WINDOWS\system32\UncCplExt.dll
2010-02-05 21:12:59 ----A---- C:\WINDOWS\system32\oephRes.dll
2010-02-05 21:12:59 ----A---- C:\WINDOWS\system32\oeph.dll
2010-02-05 21:12:53 ----D---- C:\Program Files\Windows Desktop Search
2010-02-05 21:12:52 ----A---- C:\WINDOWS\system32\tquery.dll.mui
2010-02-05 21:12:52 ----A---- C:\WINDOWS\system32\srchadmin.dll.mui
2010-02-05 21:12:52 ----A---- C:\WINDOWS\system32\propsys.dll.mui
2010-02-05 21:12:52 ----A---- C:\WINDOWS\system32\mssphtb.dll.mui
2010-02-05 21:12:52 ----A---- C:\WINDOWS\system32\mssph.dll.mui
2010-02-05 21:12:51 ----A---- C:\WINDOWS\system32\srchadmin.dll
2010-02-05 21:12:51 ----A---- C:\WINDOWS\system32\searchindexer.exe.mui
2010-02-05 21:12:51 ----A---- C:\WINDOWS\system32\propsys.dll
2010-02-05 21:12:51 ----A---- C:\WINDOWS\system32\mssrch.dll.mui
2010-02-05 21:12:50 ----A---- C:\WINDOWS\system32\xmlfilter.dll
2010-02-05 21:12:50 ----A---- C:\WINDOWS\system32\rtffilt.dll
2010-02-05 21:12:50 ----A---- C:\WINDOWS\system32\msshsq.dll
2010-02-05 21:12:50 ----A---- C:\WINDOWS\system32\msshooks.dll
2010-02-05 21:12:49 ----A---- C:\WINDOWS\system32\msscb.dll
2010-02-05 21:12:49 ----A---- C:\WINDOWS\system32\idxcntrs.ini
2010-02-05 21:12:49 ----A---- C:\WINDOWS\system32\gthrctr.ini
2010-02-05 21:12:49 ----A---- C:\WINDOWS\system32\gsrvctr.ini
2010-02-05 21:12:48 ----A---- C:\WINDOWS\system32\tquery.dll
2010-02-05 21:12:48 ----A---- C:\WINDOWS\system32\propdefs.dll
2010-02-05 21:12:48 ----A---- C:\WINDOWS\system32\msstrc.dll
2010-02-05 21:12:47 ----A---- C:\WINDOWS\system32\mssrch.dll
2010-02-05 21:12:47 ----A---- C:\WINDOWS\system32\mssprxy.dll
2010-02-05 21:12:47 ----A---- C:\WINDOWS\system32\mssphtb.dll
2010-02-05 21:12:47 ----A---- C:\WINDOWS\system32\mssph.dll
2010-02-05 21:12:46 ----A---- C:\WINDOWS\system32\searchprotocolhost.exe
2010-02-05 21:12:46 ----A---- C:\WINDOWS\system32\searchindexer.exe
2010-02-05 21:12:46 ----A---- C:\WINDOWS\system32\searchfilterhost.exe
2010-02-05 21:12:46 ----A---- C:\WINDOWS\system32\mssitlb.dll
2010-02-05 21:12:46 ----A---- C:\WINDOWS\system32\msscntrs.dll
2010-02-05 21:12:44 ----A---- C:\WINDOWS\system32\msxml4r.dll
2010-02-05 21:12:44 ----A---- C:\WINDOWS\system32\msxml4.dll
2010-02-05 21:12:43 ----D---- C:\Program Files\MSXML 4.0
2010-02-05 21:12:35 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2010-02-05 21:12:34 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2010-02-05 21:12:34 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2010-02-05 21:12:34 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2010-02-05 21:12:34 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2010-02-05 21:12:34 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2010-02-05 21:12:33 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2010-02-05 21:12:33 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2010-02-05 21:12:33 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2010-02-05 21:12:33 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2010-02-05 21:12:33 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2010-02-05 21:12:32 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2010-02-05 21:12:32 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2010-02-05 21:12:32 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2010-02-05 21:12:32 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2010-02-05 21:12:32 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2010-02-05 21:12:32 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2010-02-05 21:12:32 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2010-02-05 21:12:31 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2010-02-05 21:12:31 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2010-02-05 21:12:31 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2010-02-05 21:12:31 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2010-02-05 21:12:31 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2010-02-05 21:12:31 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2010-02-05 21:12:31 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2010-02-05 21:12:31 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2010-02-05 21:12:31 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2010-02-05 21:12:30 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2010-02-05 21:12:30 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2010-02-05 21:12:30 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2010-02-05 21:12:30 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2010-02-05 21:11:56 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-05 21:11:56 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-05 21:11:56 ----A---- C:\WINDOWS\system32\muweb.dll
2010-02-05 21:11:55 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-02-05 21:11:55 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-02-05 21:11:55 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-02-05 21:11:55 ----A---- C:\WINDOWS\system32\MicrosoftUpdateCatalogWebControl.dll
2010-02-05 21:11:54 ----D---- C:\WINDOWS\system32\PreInstall
2010-02-05 21:11:50 ----A---- C:\WINDOWS\system32\pwrshplugin.dll
2010-02-05 21:11:31 ----D---- C:\WINDOWS\system32\winrm
2010-02-05 21:11:31 ----D---- C:\WINDOWS\system32\WindowsPowerShell
2010-02-05 21:11:31 ----D---- C:\WINDOWS\system32\GroupPolicy
2010-02-05 21:11:30 ----A---- C:\WINDOWS\system32\wsmprovhost.exe
2010-02-05 21:11:30 ----A---- C:\WINDOWS\system32\winrmprov.dll
2010-02-05 21:11:30 ----A---- C:\WINDOWS\system32\wevtfwd.dll
2010-02-05 21:11:29 ----A---- C:\WINDOWS\system32\wsmplpxy.dll
2010-02-05 21:11:29 ----A---- C:\WINDOWS\system32\wsmanhttpconfig.exe
2010-02-05 21:11:29 ----A---- C:\WINDOWS\system32\winrssrv.dll
2010-02-05 21:11:29 ----A---- C:\WINDOWS\system32\winrsmgr.dll
2010-02-05 21:11:29 ----A---- C:\WINDOWS\system32\winrshost.exe
2010-02-05 21:11:29 ----A---- C:\WINDOWS\system32\winrscmd.dll
2010-02-05 21:11:29 ----A---- C:\WINDOWS\system32\winrs.exe
2010-02-05 21:11:28 ----A---- C:\WINDOWS\system32\WsmWmiPl.dll
2010-02-05 21:11:28 ----A---- C:\WINDOWS\system32\WsmSvc.dll
2010-02-05 21:11:28 ----A---- C:\WINDOWS\system32\WsmRes.dll
2010-02-05 21:11:28 ----A---- C:\WINDOWS\system32\WsmAuto.dll
2010-02-05 21:11:28 ----A---- C:\WINDOWS\system32\winrm.vbs
2010-02-05 21:11:27 ----A---- C:\WINDOWS\system32\winrm.cmd
2010-02-05 21:11:13 ----A---- C:\WINDOWS\system32\netfxperf.dll
2010-02-05 21:11:09 ----D---- C:\Program Files\Internet Explorer
2010-02-05 21:10:56 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-05 21:10:53 ----D---- C:\Program Files\Messenger
2010-02-05 21:10:49 ----D---- C:\Program Files\MSN Gaming Zone
2010-02-05 21:10:49 ----A---- C:\WINDOWS\system32\write.exe
2010-02-05 21:10:41 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-02-05 21:10:41 ----A---- C:\WINDOWS\system32\hticons.dll
2010-02-05 21:10:40 ----A---- C:\WINDOWS\system32\winchat.exe
2010-02-05 21:10:40 ----A---- C:\WINDOWS\system32\avwav.dll
2010-02-05 21:10:40 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-02-05 21:10:40 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-02-05 21:10:33 ----A---- C:\WINDOWS\system32\getuname.dll
2010-02-05 21:10:32 ----A---- C:\WINDOWS\system32\sol.exe
2010-02-05 21:10:32 ----A---- C:\WINDOWS\system32\charmap.exe
2010-02-05 21:10:32 ----A---- C:\WINDOWS\system32\calc.exe
2010-02-05 21:10:31 ----A---- C:\WINDOWS\system32\winmine.exe
2010-02-05 21:10:31 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-02-05 21:10:31 ----A---- C:\WINDOWS\system32\freecell.exe
2010-02-05 21:10:30 ----A---- C:\WINDOWS\system32\rdpshell.exe
2010-02-05 21:10:30 ----A---- C:\WINDOWS\system32\rdpinit.exe
2010-02-05 21:10:29 ----A---- C:\WINDOWS\system32\wksprtps.dll
2010-02-05 21:10:29 ----A---- C:\WINDOWS\system32\wksprt.exe
2010-02-05 21:10:29 ----A---- C:\WINDOWS\system32\winlogonnotification.dll
2010-02-05 21:10:29 ----A---- C:\WINDOWS\system32\tswbprxy.exe
2010-02-05 21:10:29 ----A---- C:\WINDOWS\system32\tspubwmi.dll
2010-02-05 21:10:28 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-02-05 21:10:28 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-02-05 21:10:28 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-02-05 21:10:28 ----A---- C:\WINDOWS\system32\tskill.exe
2010-02-05 21:10:28 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-02-05 21:10:28 ----A---- C:\WINDOWS\system32\tscon.exe
2010-02-05 21:10:28 ----A---- C:\WINDOWS\system32\shadow.exe
2010-02-05 21:10:28 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-02-05 21:10:28 ----A---- C:\WINDOWS\system32\reset.exe
2010-02-05 21:10:28 ----A---- C:\WINDOWS\system32\regini.exe
2010-02-05 21:10:28 ----A---- C:\WINDOWS\system32\MsRdpWebAccess.dll
2010-02-05 21:10:27 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-02-05 21:10:27 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-02-05 21:10:27 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-02-05 21:10:27 ----A---- C:\WINDOWS\system32\msg.exe
2010-02-05 21:10:27 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-02-05 21:10:27 ----A---- C:\WINDOWS\system32\logoff.exe
2010-02-05 21:10:27 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-02-05 21:10:20 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-02-05 21:10:20 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-02-05 21:10:19 ----D---- C:\Program Files\Windows NT
2010-02-05 21:10:19 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-02-05 21:10:19 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-02-05 21:10:19 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-02-05 21:10:18 ----A---- C:\WINDOWS\system32\spider.exe
2010-02-05 21:10:18 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-02-05 21:10:18 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-02-05 21:10:17 ----A---- C:\WINDOWS\system32\tsgqec.dll
2010-02-05 21:10:17 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-02-05 21:10:16 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2010-02-05 21:10:16 ----A---- C:\WINDOWS\system32\aaclient.dll
2010-02-05 21:10:15 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-02-05 21:10:15 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-02-05 21:10:15 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-02-05 21:10:15 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-02-05 21:10:15 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-02-05 21:10:15 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-02-05 21:10:15 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-02-05 21:10:14 ----D---- C:\WINDOWS\system32\MsDtc
2010-02-05 21:10:14 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-02-05 21:10:14 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-02-05 21:10:14 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-02-05 21:10:14 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-02-05 21:10:14 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-02-05 21:10:14 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-02-05 21:10:14 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-02-05 21:10:14 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-02-05 21:10:13 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-02-05 21:10:13 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-02-05 21:10:13 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-02-05 21:10:13 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-02-05 21:10:13 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-02-05 21:10:12 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-02-05 21:10:12 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-02-05 21:10:12 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-02-05 21:10:12 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-02-05 21:10:12 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-02-05 21:10:11 ----D---- C:\WINDOWS\system32\Com
2010-02-05 21:10:11 ----A---- C:\WINDOWS\system32\stclient.dll
2010-02-05 21:10:11 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-02-05 21:10:11 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-02-05 21:10:11 ----A---- C:\WINDOWS\system32\colbact.dll
2010-02-05 21:10:11 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-02-05 21:10:11 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-02-05 21:10:10 ----A---- C:\WINDOWS\system32\comuid.dll
2010-02-05 21:10:10 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-02-05 21:10:10 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-02-05 21:10:10 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-02-05 21:10:10 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-02-05 21:10:09 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-02-05 21:10:01 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-02-05 21:10:00 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-02-05 21:10:00 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-02-05 21:10:00 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-01-14 16:07:24 ----A---- C:\WINDOWS\system32\wups2.dll
2010-01-14 16:07:24 ----A---- C:\WINDOWS\system32\wudfx.dll
2010-01-14 16:07:23 ----A---- C:\WINDOWS\system32\wudfplatform.dll


======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-02-13 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-02-13 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-02-13 360584]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 Int15;Int 15; \??\C:\WINDOWS\System32\drivers\int15.sys []
R2 rspndr;Odpovídající zařízení zjišťování topologie linkové vrstvy; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2010-01-14 62848]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-03-20 11904]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2009-01-10 190512]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-06-30 1574112]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2009-03-20 991136]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2006-01-20 17408]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-06-11 6021184]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-14 4754944]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2009-06-08 30464]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 DumpDrv;Crash Dump Driver; C:\WINDOWS\system32\drivers\DumpDrv.sys [2010-01-14 9472]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2001-10-24 97120]
S3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-02-22 222400]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS [2006-06-09 6909]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2010-01-14 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2010-01-14 82944]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2010-01-14 133632]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-02-13 285392]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2009-03-23 349528]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-04-30 815104]
R2 IGBASVC;iGroupTec Service; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [2010-02-06 3566080]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2007-02-12 65536]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-04-30 466944]
R2 S24EventMonitor;Intel® PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2008-04-30 901120]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2010-01-14 14848]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2010-01-14 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2010-01-14 14848]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Předem díky

Re: Prosím o kontrolu logu, problém s Vundo.KA

Napsal: 13 úno 2010 09:38
od meteorolog
Dobrý den :-)

stáhněte a nainstalujte Malwarebytes' Anti-Malware - http://www.slunecnice.cz/sw/malwarebytes-anti-malware/

:!: program aktualizujte - toto určitě proveďte, je to důležité :!:

zavřete všechny spuštěné aplikace, nechte zaškrtnuté "Rychlá kontrola" a klikněte na "Spustit kontrolu" - po skončení skenování (3 - 15 minut, někdy i déle) klikněte na Zobrazit výsledky, nechte zaškrtnutá všechna políčka a klikněte na Odstranit vybrané, potom na OK a restartujte PC - znovu spusťte Malwarebytes', otevřte záložku Záznamy a vložte sem aktuální log :)

Re: Prosím o kontrolu logu, problém s Vundo.KA

Napsal: 13 úno 2010 14:40
od Morticie Addams
Tak tady je ten log:

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3732
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13.2.2010 14:33:17
mbam-log-2010-02-13 (14-33-17).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 116493
Uplynulý čas: 4 minute(s), 9 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systems (Backdoor.Bot) -> Quarantined and deleted successfully.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\NetworkService\Local Settings\Temp\9A33.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.

Re: Prosím o kontrolu logu, problém s Vundo.KA

Napsal: 13 úno 2010 14:51
od meteorolog
OK, pošlete ještě log z Combofix:

Stáhneme na plochu, ukončíme všechna aktivní okna a spustíme ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Po spuštění potvrdíme podmínky užití
- Dále postupujeme dle pokynů, během aplikování ComboFixu neklikejte do zobrazujících se oken
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt
- ComboFix je třeba spustit pod účtem s právy administrátora

Re: Prosím o kontrolu logu, problém s Vundo.KA

Napsal: 13 úno 2010 15:13
od Morticie Addams
Posílám log z ComboFixu:

ComboFix 10-02-12.01 - doma 13.02.2010 15:02:29.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.953.577 [GMT 1:00]
Spuštěný z: c:\documents and settings\doma\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dokumenty\Settings
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\bcmwl5.inf
c:\windows\system32\Desktop_.ini
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\structuredqueryschematrivial.bin
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf

Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-13 do 2010-02-13 )))))))))))))))))))))))))))))))
.

2010-02-13 13:05 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-13 13:05 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-13 13:05 . 2010-02-13 13:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-12 23:58 . 2010-02-12 23:58 -------- d-----w- c:\program files\trend micro
2010-02-12 23:58 . 2010-02-12 23:58 -------- d-----w- C:\rsit
2010-02-12 23:02 . 2010-02-12 23:02 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-12 23:02 . 2010-02-12 23:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-12 23:02 . 2010-02-12 23:02 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-12 23:01 . 2010-02-12 23:01 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-12 23:01 . 2010-02-13 12:46 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-12 21:42 . 2010-02-13 13:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-12 21:41 . 2010-02-12 21:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-12 18:15 . 2010-02-12 18:15 -------- d-----w- c:\program files\Crawler
2010-02-10 14:56 . 2010-02-10 15:00 -------- d--h--w- c:\windows\$hf_mig$
2010-02-10 14:50 . 2009-11-27 17:25 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-02-10 14:50 . 2009-11-27 16:29 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2010-02-10 14:50 . 2009-11-27 16:29 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2010-02-10 14:49 . 2009-12-04 17:25 456832 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-10 14:49 . 2009-12-09 10:03 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-10 14:49 . 2009-12-09 10:03 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-09 16:29 . 2010-02-09 19:19 -------- d-----w- C:\$AVG
2010-02-09 16:28 . 2010-02-09 16:28 -------- d-----w- c:\program files\AVG
2010-02-07 19:11 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2010-02-06 21:31 . 2008-04-13 22:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-02-06 21:07 . 2010-02-06 21:07 -------- d-----w- c:\program files\CCleaner
2010-02-06 20:52 . 2007-04-09 12:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-02-06 20:52 . 2007-04-09 12:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2010-02-06 18:54 . 2010-02-06 19:25 -------- d-----w- c:\program files\Common Files\Ahead
2010-02-06 18:54 . 2010-02-06 18:54 -------- d-----w- c:\program files\Nero
2010-02-06 16:53 . 2010-02-06 16:53 -------- d-----w- C:\QIP Infium JadrisPack
2010-02-06 16:47 . 2010-02-06 21:09 -------- d-----w- c:\program files\QIP
2010-02-06 15:43 . 2010-02-06 23:13 -------- d-----w- c:\documents and settings\NeroMediaHomeUser.4
2010-02-06 15:43 . 2010-02-06 16:14 -------- d-----r- c:\documents and settings\NeroMediaHomeUser.4\Nabídka Start
2010-02-06 15:43 . 2010-02-06 16:14 -------- d--h--r- c:\documents and settings\NeroMediaHomeUser.4\Data aplikací
2010-02-06 15:27 . 2010-02-06 15:27 -------- d-----w- c:\program files\Common Files\xing shared
2010-02-06 15:27 . 2010-02-06 15:27 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-02-06 15:27 . 2010-02-06 15:27 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-02-06 15:27 . 2010-02-06 15:27 -------- d-----w- c:\program files\Real
2010-02-06 15:27 . 2010-02-06 15:27 -------- d-----w- c:\program files\Common Files\Real
2010-02-06 13:56 . 2010-02-06 16:35 -------- d-----w- c:\program files\QIP Infium
2010-02-06 13:37 . 2010-02-06 13:37 0 ----a-w- c:\windows\nsreg.dat
2010-02-06 13:36 . 2010-02-06 13:36 -------- d-----w- c:\program files\CentrumczToolbar
2010-02-06 13:32 . 2010-02-06 13:32 -------- d-----w- c:\windows\system32\KB905474
2010-02-06 13:32 . 2009-03-10 21:26 1435008 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-02-06 13:32 . 2009-03-10 21:18 454024 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-02-06 13:14 . 2010-02-06 13:14 -------- d-----w- c:\program files\Atheros
2010-02-06 13:14 . 2008-11-05 18:09 1343616 ----a-w- c:\windows\system32\athw.sys
2010-02-06 13:07 . 2010-02-06 13:07 -------- d-----w- c:\program files\Common Files\Intel
2010-02-06 13:06 . 2010-02-06 13:06 -------- d-----w- c:\program files\Ralink
2010-02-06 13:06 . 2010-02-08 20:12 -------- d-----w- C:\temp
2010-02-06 13:06 . 2007-12-13 16:19 55808 ----a-w- c:\temp\devcon.exe
2010-02-06 13:04 . 2009-06-30 21:37 1574112 ----a-r- c:\windows\system32\drivers\athw.sys
2010-02-06 11:53 . 2010-02-06 11:54 -------- d-----w- c:\program files\Launch Manager
2010-02-06 11:51 . 2007-05-15 11:00 105984 ----a-w- c:\windows\FixUVC.exe
2010-02-06 11:50 . 2010-02-06 11:50 118784 ----a-w- c:\windows\system32\VMC3KAPI.dll
2010-02-06 11:50 . 2010-02-06 11:50 114688 ----a-w- c:\windows\system32\VCryptAPI.dll
2010-02-06 11:50 . 2010-02-06 11:50 23040 ----a-w- c:\windows\system32\ShlCmd.exe
2010-02-06 11:50 . 2010-02-06 11:50 5632 ----a-w- c:\windows\system32\biologon.dll
2010-02-06 11:50 . 2010-02-06 11:50 42608 ----a-w- c:\windows\system32\drivers\AlfaFF.sys
2010-02-06 11:50 . 2010-02-06 11:50 338416 ----a-w- c:\windows\system32\DrvCrypt.dll
2010-02-06 11:50 . 2010-02-06 11:50 24048 ----a-w- c:\windows\system32\AlfaFF.dll
2010-02-06 11:49 . 2010-02-06 11:49 1468928 ----a-w- c:\windows\system32\bsapi.dll
2010-02-06 11:47 . 2006-11-02 15:09 1419232 ----a-r- c:\windows\system32\WdfCoInstaller01005.dll
2010-02-06 11:46 . 2010-02-06 11:47 -------- d-----w- c:\program files\Apoint2K
2010-02-06 11:46 . 2009-01-10 02:38 190512 ----a-r- c:\windows\system32\drivers\Apfiltr.sys
2010-02-06 11:46 . 2009-01-06 23:29 104206 ----a-r- c:\windows\system32\Vxdif.dll
2010-02-06 11:45 . 2008-02-22 18:49 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-02-06 11:45 . 2008-02-22 18:11 147456 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-02-06 11:45 . 2008-02-22 17:55 222400 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-02-06 11:45 . 2008-02-22 17:58 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2010-02-06 11:45 . 2008-02-22 17:57 163840 ----a-w- c:\windows\system32\SynCOM.dll
2010-02-06 11:43 . 2010-02-06 11:43 -------- d-----w- c:\windows\system32\SDA
2010-02-06 11:40 . 2007-09-20 18:59 106557 ----a-w- c:\windows\system32\btw_ci.dll
2010-02-06 11:40 . 2009-03-20 04:19 991136 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2010-02-06 11:40 . 2010-02-06 11:40 -------- d-----w- c:\program files\WIDCOMM
2010-02-06 11:33 . 2010-02-06 11:33 -------- d-----w- c:\program files\ATI Technologies
2010-02-06 11:17 . 2010-02-06 11:17 -------- d-----w- c:\program files\QMI
2010-02-06 11:16 . 2008-04-28 10:37 393216 ----a-w- c:\windows\system32\athihvs.dll
2010-02-06 11:15 . 2009-04-17 01:06 385024 ------r- c:\windows\system32\QmiInstDev.exe
2010-02-06 10:54 . 2008-07-01 12:10 217088 ----a-w- c:\windows\system32\RaCoInst.dll
2010-02-06 10:54 . 2008-07-01 12:10 14028 ----a-w- c:\windows\system32\RaCoInst.dat
2010-02-06 10:54 . 2008-07-01 12:12 637824 ----a-w- c:\windows\system32\rt2860.sys
2010-02-06 09:09 . 2009-09-02 09:20 652 ----a-w- c:\windows\FIX.reg
2010-02-06 09:09 . 2008-11-01 12:23 280 ----a-w- c:\windows\reset.reg
2010-02-06 09:08 . 2008-11-10 10:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-02-06 09:08 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-02-06 09:06 . 2010-02-06 09:06 -------- d-----w- c:\program files\Microsoft.NET
2010-02-06 09:04 . 2010-02-06 21:02 -------- d-----w- c:\windows\SHELLNEW
2010-02-05 23:32 . 2010-02-05 23:32 -------- d-sh--w- c:\documents and settings\doma\IECompatCache
2010-02-05 23:21 . 2010-02-05 23:21 463872 ----a-w- c:\windows\raqimgr.exe
2010-02-05 23:21 . 2010-02-05 23:21 463872 ----a-w- c:\windows\wmiprvsr.exe
2010-02-05 23:21 . 2010-02-05 23:21 463872 ----a-w- c:\windows\system32\load.exe
2010-02-05 23:01 . 2010-02-05 23:01 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-05 22:24 . 2010-02-05 22:24 -------- d-----w- c:\windows\ie8updates
2010-02-05 22:02 . 2010-02-05 23:16 -------- d-----w- c:\program files\Ask.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 14:06 . 2008-04-14 11:00 91934 ----a-w- c:\windows\system32\perfc005.dat
2010-02-13 14:06 . 2008-04-14 11:00 461862 ----a-w- c:\windows\system32\perfh005.dat
2010-02-06 20:59 . 2010-02-05 20:20 -------- d-----w- c:\program files\MSBuild
2010-02-06 16:22 . 2010-02-05 20:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-06 13:10 . 2010-02-05 20:36 -------- d-----w- c:\program files\Broadcom
2010-02-06 11:52 . 2010-02-06 11:52 -------- d-----w- c:\program files\Common Files\snp2uvc
2010-02-06 11:49 . 2010-02-05 20:42 -------- d-----w- c:\program files\Common Files\SPBA
2010-02-06 11:48 . 2010-02-06 11:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-02-06 11:48 . 2010-02-06 11:48 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-02-06 11:43 . 2010-02-05 20:40 -------- d-----w- c:\program files\O2Micro Flash Memory Card Driver
2010-02-06 11:33 . 2010-02-05 20:34 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-06 10:47 . 2010-02-05 20:30 -------- d-----w- c:\program files\Intel
2010-02-06 07:26 . 2010-02-05 20:17 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-06 07:26 . 2010-02-05 20:17 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-02-06 07:26 . 2010-02-05 20:17 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-02-05 23:01 . 2010-02-05 20:50 -------- d-----w- c:\program files\ESET(2)
2010-02-05 23:01 . 2010-02-05 21:46 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-05 20:42 . 2010-02-05 20:42 -------- d-----w- c:\program files\Acer
2010-02-05 20:41 . 2010-02-05 20:41 -------- d-----w- c:\program files\Synaptics
2010-02-05 20:34 . 2010-02-05 20:34 -------- d-----w- c:\program files\Realtek
2010-02-05 20:34 . 2010-02-05 20:34 315392 ----a-w- c:\windows\HideWin.exe
2010-02-05 20:29 . 2010-02-05 20:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-05 20:21 . 2010-02-05 20:21 -------- d-----w- c:\program files\microsoft frontpage
2010-02-05 20:20 . 2010-02-05 20:20 -------- d-----w- c:\program files\Reference Assemblies
2010-02-05 20:16 . 2010-02-05 20:16 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-05 20:13 . 2010-02-05 20:13 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-05 20:12 . 2010-02-05 20:12 -------- d-----w- c:\program files\Windows Desktop Search
2010-02-05 20:12 . 2010-02-05 20:12 -------- d-----w- c:\program files\MSXML 4.0
2010-02-05 20:11 . 2010-02-05 20:11 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 15:13 . 2001-10-24 11:25 77891 ----a-w- c:\windows\system32\usrmlnka.exe
2010-01-14 15:07 . 2010-02-05 20:13 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2010-01-14 15:06 . 2010-02-05 20:13 581192 ----a-w- c:\windows\system32\winUsbCoinstaller.dll
2010-01-14 15:05 . 2010-02-05 20:12 44032 ----a-w- c:\windows\system32\msstrc.dll
2010-01-14 15:05 . 2010-02-05 20:12 1418240 ----a-w- c:\windows\system32\mssrch.dll
2010-01-14 15:05 . 2010-02-05 20:12 350208 ----a-w- c:\windows\system32\mssph.dll
2010-01-14 15:05 . 2010-02-05 20:12 32768 ----a-w- c:\windows\system32\mssprxy.dll
2010-01-14 15:05 . 2010-02-05 20:12 203776 ----a-w- c:\windows\system32\mssphtb.dll
2010-01-14 15:05 . 2010-02-05 20:12 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-01-14 15:05 . 2010-02-05 20:12 11776 ----a-w- c:\windows\system32\msshooks.dll
2010-01-14 15:05 . 2010-02-05 20:12 34816 ----a-w- c:\windows\system32\msscb.dll
2010-01-14 15:05 . 2010-02-05 20:12 87552 ----a-w- c:\windows\system32\mssitlb.dll
2010-01-14 15:05 . 2010-02-05 20:12 60416 ----a-w- c:\windows\system32\msscntrs.dll
2010-01-14 15:05 . 2010-02-05 20:13 323696 ----a-w- c:\windows\system32\msdrm.dll
2010-01-14 15:05 . 2010-01-14 15:05 312128 ----a-w- c:\windows\system32\msdelta.dll
2010-01-14 15:05 . 2010-01-14 15:05 265720 ----a-w- c:\windows\system32\msdbg2.dll
2010-01-14 15:03 . 2010-02-05 20:12 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-01-14 15:02 . 2010-01-14 15:02 96792 ----a-w- c:\windows\system32\basecsp.dll
2010-01-14 15:01 . 2010-01-14 15:01 1209344 ----a-w- c:\windows\system32\urlmon(2).dll
2010-01-14 15:00 . 2010-01-14 15:00 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-01-14 14:59 . 2010-01-14 14:59 56320 ----a-w- c:\windows\system32\dot3msm.dll
2010-01-14 09:48 . 2010-01-14 09:48 4463 ----a-w- c:\windows\system32\oembios.dat
2010-01-14 09:48 . 2010-01-14 09:48 13107200 ----a-w- c:\windows\system32\oembios.bin
2010-01-01 07:58 . 2010-01-14 15:01 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 07:42 . 2010-02-05 20:10 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2008-04-14 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 14:33 . 2009-08-04 21:53 2068352 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 14:33 . 2010-01-14 15:01 2191488 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-04 17:25 . 2010-01-14 15:00 456832 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:25 . 2010-01-14 15:01 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:25 . 2008-04-14 07:51 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:29 . 2010-01-14 14:59 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:29 . 2008-04-14 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:29 . 2008-04-14 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:29 . 2008-04-14 07:51 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:29 . 2001-10-24 11:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-10-05 17:34 . 2010-02-06 13:57 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.

------- Sigcheck -------

[-] 2009-10-09 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 13:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"Google Update"="c:\documents and settings\doma\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-02-07 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reset"="regedit" [X]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248]
"Softwares"="c:\windows\wmiprvsr.exe" [2010-02-05 463872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1032192]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-01-10 196608]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2010-02-06 3724800]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-04-30 1347584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-04-30 1191936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-06 198160]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2010-2-5 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2010-01-14 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-12 23:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2010-02-06 11:50 3167744 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 14:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [6.2.2010 12:50 42608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13.2.2010 0:02 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13.2.2010 0:02 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [13.2.2010 0:01 285392]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [6.2.2010 12:50 3566080]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [14.1.2010 16:04 9472]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.1.2010 16:01 14848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'

2010-02-13 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-09-02 13:56]

2010-02-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-02-06 21:18]
.
.
------- Doplňkový sken -------
.
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\doma\Data aplikací\Mozilla\Firefox\Profiles\6986egtj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.dll
Notify-RailNotification - (no file)
Notify-WgaLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 15:09
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\program files\Acer\Acer Bio Protection\WinNotify.dll
c:\program files\Acer\Acer Bio Protection\CustomRes.dll
c:\program files\Common Files\SPBA\vtapip.dll
c:\program files\Common Files\SPBA\infql2.dll
c:\windows\system32\bsapi.dll
c:\program files\Common Files\SPBA\homefus2.dll
c:\program files\Common Files\SPBA\homepass.dll
c:\program files\Common Files\SPBA\bio.dll
c:\program files\Common Files\SPBA\qlbase.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(1184)
c:\windows\system32\btmmhook.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\HidFind.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\igfxext.exe
c:\docume~1\doma\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2010-02-13 15:11:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-13 14:11

Před spuštěním: Volných bajtů: 34 901 073 920
Po spuštění: Volných bajtů: 34 905 153 536

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 3BD3C78B6758BFD766ED53D3CBDC9CBB

Re: Prosím o kontrolu logu, problém s Vundo.KA

Napsal: 13 úno 2010 15:25
od meteorolog
stáhněte OTMoveIt3 - http://www.viry.cz/forum/viewtopic.php?f=15&t=72743 a použijte tento script:
:files
c:\windows\FIX.reg
c:\windows\reset.reg
c:\program files\Ask.com
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s

:reg
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reset"=-

:commands
[purity]
[emptytemp]
[reboot]
vložte sem log, který program vytvoří

Re: Prosím o kontrolu logu, problém s Vundo.KA

Napsal: 13 úno 2010 16:12
od Morticie Addams
Mám problém :( OTM se mi kouslo asi v polovině příkazu a dobrou půl hodinu trčelo na stejném místě a totálně zamrzl počítač. Musela jsem natvrdo vypnout a znovu zapnout počítač. To asi nebude normální, aby se to takhle kousalo, že..nebo jo? :roll: začínám z toho kompu mírně propadat panice :cry:

Re: Prosím o kontrolu logu, problém s Vundo.KA

Napsal: 13 úno 2010 16:27
od meteorolog
použijte http://sweb.cz/Marinus/T-Cleaner.exe - pro potvrzení stiskněte vždy klávesu A nebo Enter, restartujte PC a postup zopakujte

pak zkuste znovu ten skript s OTM

Re: Prosím o kontrolu logu, problém s Vundo.KA

Napsal: 13 úno 2010 17:16
od Morticie Addams
Tak jsem to dvakrát prohnala T-Cleanerem a pořád nic:(

Re: Prosím o kontrolu logu, problém s Vundo.KA

Napsal: 13 úno 2010 17:17
od meteorolog
OK, pošlete nový log z Combofix

Re: Prosím o kontrolu logu, problém s Vundo.KA

Napsal: 13 úno 2010 17:46
od Morticie Addams
Tady je:

ComboFix 10-02-12.01 - doma 13.02.2010 17:40:54.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.953.550 [GMT 1:00]
Spuštěný z: c:\documents and settings\doma\Dokumenty\Stažené soubory\ComboFix.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-13 do 2010-02-13 )))))))))))))))))))))))))))))))
.

2010-02-13 13:05 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-13 13:05 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-13 13:05 . 2010-02-13 13:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-12 21:42 . 2010-02-13 13:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-12 21:41 . 2010-02-12 21:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-12 18:15 . 2010-02-12 18:15 -------- d-----w- c:\program files\Crawler
2010-02-10 14:56 . 2010-02-10 15:00 -------- d--h--w- c:\windows\$hf_mig$
2010-02-10 14:50 . 2009-11-27 17:25 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-02-10 14:50 . 2009-11-27 16:29 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2010-02-10 14:50 . 2009-11-27 16:29 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2010-02-10 14:49 . 2009-12-04 17:25 456832 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-10 14:49 . 2009-12-09 10:03 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-10 14:49 . 2009-12-09 10:03 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-09 16:28 . 2010-02-09 16:28 -------- d-----w- c:\program files\AVG
2010-02-07 19:11 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2010-02-06 21:31 . 2008-04-13 22:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-02-06 21:07 . 2010-02-06 21:07 -------- d-----w- c:\program files\CCleaner
2010-02-06 20:52 . 2007-04-09 12:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-02-06 20:52 . 2007-04-09 12:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2010-02-06 18:54 . 2010-02-06 19:25 -------- d-----w- c:\program files\Common Files\Ahead
2010-02-06 18:54 . 2010-02-06 18:54 -------- d-----w- c:\program files\Nero
2010-02-06 16:53 . 2010-02-06 16:53 -------- d-----w- C:\QIP Infium JadrisPack
2010-02-06 16:47 . 2010-02-06 21:09 -------- d-----w- c:\program files\QIP
2010-02-06 15:43 . 2010-02-06 23:13 -------- d-----w- c:\documents and settings\NeroMediaHomeUser.4
2010-02-06 15:43 . 2010-02-06 16:14 -------- d-----r- c:\documents and settings\NeroMediaHomeUser.4\Nabídka Start
2010-02-06 15:43 . 2010-02-06 16:14 -------- d--h--r- c:\documents and settings\NeroMediaHomeUser.4\Data aplikací
2010-02-06 15:27 . 2010-02-06 15:27 -------- d-----w- c:\program files\Common Files\xing shared
2010-02-06 15:27 . 2010-02-06 15:27 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-02-06 15:27 . 2010-02-06 15:27 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-02-06 15:27 . 2010-02-06 15:27 -------- d-----w- c:\program files\Real
2010-02-06 15:27 . 2010-02-06 15:27 -------- d-----w- c:\program files\Common Files\Real
2010-02-06 13:56 . 2010-02-06 16:35 -------- d-----w- c:\program files\QIP Infium
2010-02-06 13:37 . 2010-02-06 13:37 0 ----a-w- c:\windows\nsreg.dat
2010-02-06 13:36 . 2010-02-06 13:36 -------- d-----w- c:\program files\CentrumczToolbar
2010-02-06 13:32 . 2010-02-06 13:32 -------- d-----w- c:\windows\system32\KB905474
2010-02-06 13:32 . 2009-03-10 21:26 1435008 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-02-06 13:32 . 2009-03-10 21:18 454024 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-02-06 13:14 . 2010-02-06 13:14 -------- d-----w- c:\program files\Atheros
2010-02-06 13:14 . 2008-11-05 18:09 1343616 ----a-w- c:\windows\system32\athw.sys
2010-02-06 13:07 . 2010-02-06 13:07 -------- d-----w- c:\program files\Common Files\Intel
2010-02-06 13:06 . 2010-02-06 13:06 -------- d-----w- c:\program files\Ralink
2010-02-06 13:06 . 2010-02-08 20:12 -------- d-----w- C:\temp
2010-02-06 13:06 . 2007-12-13 16:19 55808 ----a-w- c:\temp\devcon.exe
2010-02-06 13:04 . 2009-06-30 21:37 1574112 ----a-r- c:\windows\system32\drivers\athw.sys
2010-02-06 11:53 . 2010-02-06 11:54 -------- d-----w- c:\program files\Launch Manager
2010-02-06 11:51 . 2007-05-15 11:00 105984 ----a-w- c:\windows\FixUVC.exe
2010-02-06 11:50 . 2010-02-06 11:50 118784 ----a-w- c:\windows\system32\VMC3KAPI.dll
2010-02-06 11:50 . 2010-02-06 11:50 114688 ----a-w- c:\windows\system32\VCryptAPI.dll
2010-02-06 11:50 . 2010-02-06 11:50 23040 ----a-w- c:\windows\system32\ShlCmd.exe
2010-02-06 11:50 . 2010-02-06 11:50 5632 ----a-w- c:\windows\system32\biologon.dll
2010-02-06 11:50 . 2010-02-06 11:50 42608 ----a-w- c:\windows\system32\drivers\AlfaFF.sys
2010-02-06 11:50 . 2010-02-06 11:50 338416 ----a-w- c:\windows\system32\DrvCrypt.dll
2010-02-06 11:50 . 2010-02-06 11:50 24048 ----a-w- c:\windows\system32\AlfaFF.dll
2010-02-06 11:49 . 2010-02-06 11:49 1468928 ----a-w- c:\windows\system32\bsapi.dll
2010-02-06 11:47 . 2006-11-02 15:09 1419232 ----a-r- c:\windows\system32\WdfCoInstaller01005.dll
2010-02-06 11:46 . 2010-02-06 11:47 -------- d-----w- c:\program files\Apoint2K
2010-02-06 11:46 . 2009-01-10 02:38 190512 ----a-r- c:\windows\system32\drivers\Apfiltr.sys
2010-02-06 11:46 . 2009-01-06 23:29 104206 ----a-r- c:\windows\system32\Vxdif.dll
2010-02-06 11:45 . 2008-02-22 18:49 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-02-06 11:45 . 2008-02-22 18:11 147456 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-02-06 11:45 . 2008-02-22 17:55 222400 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-02-06 11:45 . 2008-02-22 17:58 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2010-02-06 11:45 . 2008-02-22 17:57 163840 ----a-w- c:\windows\system32\SynCOM.dll
2010-02-06 11:43 . 2010-02-06 11:43 -------- d-----w- c:\windows\system32\SDA
2010-02-06 11:40 . 2007-09-20 18:59 106557 ----a-w- c:\windows\system32\btw_ci.dll
2010-02-06 11:40 . 2009-03-20 04:19 991136 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2010-02-06 11:40 . 2010-02-06 11:40 -------- d-----w- c:\program files\WIDCOMM
2010-02-06 11:33 . 2010-02-06 11:33 -------- d-----w- c:\program files\ATI Technologies
2010-02-06 11:17 . 2010-02-06 11:17 -------- d-----w- c:\program files\QMI
2010-02-06 11:16 . 2008-04-28 10:37 393216 ----a-w- c:\windows\system32\athihvs.dll
2010-02-06 11:15 . 2009-04-17 01:06 385024 ------r- c:\windows\system32\QmiInstDev.exe
2010-02-06 10:54 . 2008-07-01 12:10 217088 ----a-w- c:\windows\system32\RaCoInst.dll
2010-02-06 10:54 . 2008-07-01 12:10 14028 ----a-w- c:\windows\system32\RaCoInst.dat
2010-02-06 10:54 . 2008-07-01 12:12 637824 ----a-w- c:\windows\system32\rt2860.sys
2010-02-06 09:08 . 2008-11-10 10:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-02-06 09:08 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-02-06 09:06 . 2010-02-06 09:06 -------- d-----w- c:\program files\Microsoft.NET
2010-02-06 09:04 . 2010-02-06 21:02 -------- d-----w- c:\windows\SHELLNEW
2010-02-05 23:32 . 2010-02-05 23:32 -------- d-sh--w- c:\documents and settings\doma\IECompatCache
2010-02-05 23:21 . 2010-02-05 23:21 463872 ----a-w- c:\windows\raqimgr.exe
2010-02-05 23:21 . 2010-02-05 23:21 463872 ----a-w- c:\windows\wmiprvsr.exe
2010-02-05 23:21 . 2010-02-05 23:21 463872 ----a-w- c:\windows\system32\load.exe
2010-02-05 23:01 . 2010-02-05 23:01 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-05 22:24 . 2010-02-05 22:24 -------- d-----w- c:\windows\ie8updates

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 16:40 . 2008-04-14 11:00 91934 ----a-w- c:\windows\system32\perfc005.dat
2010-02-13 16:40 . 2008-04-14 11:00 461862 ----a-w- c:\windows\system32\perfh005.dat
2010-02-06 20:59 . 2010-02-05 20:20 -------- d-----w- c:\program files\MSBuild
2010-02-06 16:22 . 2010-02-05 20:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-06 13:10 . 2010-02-05 20:36 -------- d-----w- c:\program files\Broadcom
2010-02-06 11:52 . 2010-02-06 11:52 -------- d-----w- c:\program files\Common Files\snp2uvc
2010-02-06 11:49 . 2010-02-05 20:42 -------- d-----w- c:\program files\Common Files\SPBA
2010-02-06 11:48 . 2010-02-06 11:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-02-06 11:48 . 2010-02-06 11:48 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-02-06 11:43 . 2010-02-05 20:40 -------- d-----w- c:\program files\O2Micro Flash Memory Card Driver
2010-02-06 11:33 . 2010-02-05 20:34 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-06 10:47 . 2010-02-05 20:30 -------- d-----w- c:\program files\Intel
2010-02-06 07:26 . 2010-02-05 20:17 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-06 07:26 . 2010-02-05 20:17 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-02-06 07:26 . 2010-02-05 20:17 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-02-05 23:01 . 2010-02-05 20:50 -------- d-----w- c:\program files\ESET(2)
2010-02-05 23:01 . 2010-02-05 21:46 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-05 20:42 . 2010-02-05 20:42 -------- d-----w- c:\program files\Acer
2010-02-05 20:41 . 2010-02-05 20:41 -------- d-----w- c:\program files\Synaptics
2010-02-05 20:34 . 2010-02-05 20:34 -------- d-----w- c:\program files\Realtek
2010-02-05 20:34 . 2010-02-05 20:34 315392 ----a-w- c:\windows\HideWin.exe
2010-02-05 20:29 . 2010-02-05 20:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-05 20:21 . 2010-02-05 20:21 -------- d-----w- c:\program files\microsoft frontpage
2010-02-05 20:20 . 2010-02-05 20:20 -------- d-----w- c:\program files\Reference Assemblies
2010-02-05 20:16 . 2010-02-05 20:16 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-05 20:13 . 2010-02-05 20:13 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-05 20:12 . 2010-02-05 20:12 -------- d-----w- c:\program files\Windows Desktop Search
2010-02-05 20:12 . 2010-02-05 20:12 -------- d-----w- c:\program files\MSXML 4.0
2010-02-05 20:11 . 2010-02-05 20:11 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 15:13 . 2001-10-24 11:25 77891 ----a-w- c:\windows\system32\usrmlnka.exe
2010-01-14 15:07 . 2010-02-05 20:13 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2010-01-14 15:06 . 2010-02-05 20:13 581192 ----a-w- c:\windows\system32\winUsbCoinstaller.dll
2010-01-14 15:05 . 2010-02-05 20:12 44032 ----a-w- c:\windows\system32\msstrc.dll
2010-01-14 15:05 . 2010-02-05 20:12 1418240 ----a-w- c:\windows\system32\mssrch.dll
2010-01-14 15:05 . 2010-02-05 20:12 350208 ----a-w- c:\windows\system32\mssph.dll
2010-01-14 15:05 . 2010-02-05 20:12 32768 ----a-w- c:\windows\system32\mssprxy.dll
2010-01-14 15:05 . 2010-02-05 20:12 203776 ----a-w- c:\windows\system32\mssphtb.dll
2010-01-14 15:05 . 2010-02-05 20:12 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-01-14 15:05 . 2010-02-05 20:12 11776 ----a-w- c:\windows\system32\msshooks.dll
2010-01-14 15:05 . 2010-02-05 20:12 34816 ----a-w- c:\windows\system32\msscb.dll
2010-01-14 15:05 . 2010-02-05 20:12 87552 ----a-w- c:\windows\system32\mssitlb.dll
2010-01-14 15:05 . 2010-02-05 20:12 60416 ----a-w- c:\windows\system32\msscntrs.dll
2010-01-14 15:05 . 2010-02-05 20:13 323696 ----a-w- c:\windows\system32\msdrm.dll
2010-01-14 15:05 . 2010-01-14 15:05 312128 ----a-w- c:\windows\system32\msdelta.dll
2010-01-14 15:05 . 2010-01-14 15:05 265720 ----a-w- c:\windows\system32\msdbg2.dll
2010-01-14 15:03 . 2010-02-05 20:12 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-01-14 15:02 . 2010-01-14 15:02 96792 ----a-w- c:\windows\system32\basecsp.dll
2010-01-14 15:01 . 2010-01-14 15:01 1209344 ----a-w- c:\windows\system32\urlmon(2).dll
2010-01-14 15:00 . 2010-01-14 15:00 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-01-14 14:59 . 2010-01-14 14:59 56320 ----a-w- c:\windows\system32\dot3msm.dll
2010-01-14 09:48 . 2010-01-14 09:48 4463 ----a-w- c:\windows\system32\oembios.dat
2010-01-14 09:48 . 2010-01-14 09:48 13107200 ----a-w- c:\windows\system32\oembios.bin
2010-01-01 07:58 . 2010-01-14 15:01 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 07:42 . 2010-02-05 20:10 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2008-04-14 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 14:33 . 2009-08-04 21:53 2068352 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 14:33 . 2010-01-14 15:01 2191488 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-04 17:25 . 2010-01-14 15:00 456832 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:25 . 2010-01-14 15:01 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:25 . 2008-04-14 07:51 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:29 . 2010-01-14 14:59 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:29 . 2008-04-14 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:29 . 2008-04-14 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:29 . 2008-04-14 07:51 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:29 . 2001-10-24 11:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-10-05 17:34 . 2010-02-06 13:57 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.

------- Sigcheck -------

[-] 2009-10-09 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"Google Update"="c:\documents and settings\doma\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-02-07 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reset"="regedit" [X]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248]
"Softwares"="c:\windows\wmiprvsr.exe" [2010-02-05 463872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1032192]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-01-10 196608]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2010-02-06 3724800]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-04-30 1347584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-04-30 1191936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-06 198160]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2010-2-5 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2010-01-14 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2010-02-06 11:50 3167744 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 14:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [6.2.2010 12:50 42608]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [14.1.2010 16:04 9472]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [6.2.2010 12:50 3566080]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.1.2010 16:01 14848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'

2010-02-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-02-06 21:18]
.
.
------- Doplňkový sken -------
.
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\doma\Data aplikací\Mozilla\Firefox\Profiles\6986egtj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 17:43
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\program files\Acer\Acer Bio Protection\WinNotify.dll
c:\program files\Acer\Acer Bio Protection\CustomRes.dll
c:\program files\Common Files\SPBA\vtapip.dll
c:\program files\Common Files\SPBA\infql2.dll
c:\windows\system32\bsapi.dll
c:\program files\Common Files\SPBA\homefus2.dll
c:\program files\Common Files\SPBA\homepass.dll
c:\program files\Common Files\SPBA\bio.dll
c:\program files\Common Files\SPBA\qlbase.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(3452)
c:\windows\system32\btmmhook.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-02-13 17:45:07
ComboFix-quarantined-files.txt 2010-02-13 16:45

Před spuštěním: Volných bajtů: 39 452 090 368
Po spuštění: Volných bajtů: 39 409 745 920

- - End Of File - - 36BE2FB05B88F5127AE3DFA0A8B6D4D4

Re: Prosím o kontrolu logu, problém s Vundo.KA

Napsal: 13 úno 2010 18:05
od meteorolog
OTM smazal co měl :)

Otevřte si Poznámkový blok a zkopírujte do něj tento text:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reset"=-
Nyní uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek, klik na uložit, pak na soubor standardně 2x kliknete a potvrďte dialogové okno.

znovu použijte http://sweb.cz/Marinus/T-Cleaner.exe - pro potvrzení stiskněte vždy klávesu A nebo Enter

potom CCleaner - položky Čistič a Registry - čištění opakujte do odstranění všech problémů

a nakonec ATF Cleaner - http://www.atribune.org/ccount/click.php?id=1:

po spuštění staženého souboru se objeví okno:

Obrázek

zatrhněte Select All, klikněte na Empty Selected a Exit

stejným způsobem vymažte případně cache Firefoxu a Opery :-)

restartujte PC

Re: Prosím o kontrolu logu, problém s Vundo.KA

Napsal: 13 úno 2010 18:57
od Morticie Addams
Hotovo:)) takže mám konečně zase čistý počítač? nebo ještě nějaké pokračování?:) aa ještě vlastně dotaz, jak mám nejlépe zabezpečit počítač, aby se tato událost už neopakovala? vhodný antivirový program a podobně:) Děkuji

Re: Prosím o kontrolu logu, problém s Vundo.KA

Napsal: 13 úno 2010 19:10
od meteorolog
mělo by být čisto :)

ad zabezpečení - vyzkoušejte třeba Avast5 a ZoneAlarm

a nemáte zač :James008:

Re: Prosím o kontrolu logu, problém s Vundo.KA

Napsal: 13 úno 2010 20:17
od Morticie Addams
Tak mám všechno nainstalováno:) Nechala jsem zkontrolovat počítač a mám čisto:) Takže vám ještě jednou děkuji za váš čas a ochotu :worship: a přeju příjemný zbytek večera :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz