Avast hlásí skrytý objekt ceorbjti.sys

Zpráva

nekrox · #1 Příspěvek od **nekrox** » 05 dub 2010 15:15

Dobrý den, při každém spuštění pc mi Avast hlásí, že našel rootkit, Jméno souboru: C:\WINDOWS\System32\Drivers\ceorbjti.sys a nabízí možnost smazat. Se souborem se ale nic neděje a při dalším spuštění se objevuje stejná hláška. Se souborem samotným nejde nic dělat (přejmenovat, skopírovat, zabalit atd.). Můžete mi poradit co s tím. Díky

nekrox · #2 Příspěvek od **nekrox** » 06 dub 2010 18:05

Ahoj, vkládám OTL, ale mám problém s tím druhým souborem Extras, když jsem pustil program poprvé, měl jsem zapnutý Avast a psalo mi to nějakou chybu, tak jsem ten soubor odstranil a spustil OTL znova. Podruhé už se soubor Extras nevytvořil.

OTL logfile created on: 6.4.2010 18:08:39 - Run 4
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\svast\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 635,00 Mb Available Physical Memory | 62,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 3,67 Gb Free Space | 18,79% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 7,46 Gb Free Space | 12,73% Space Free | Partition Type: NTFS
Drive E: | 70,92 Gb Total Space | 17,42 Gb Free Space | 24,56% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 2,80 Gb Free Space | 0,94% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NEKROX
Current User Name: svast
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.06 18:05:38 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\svast\Plocha\OTL.exe
PRC - [2010.03.28 20:07:59 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009.11.25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009.09.06 20:14:34 | 002,811,392 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2008.10.31 07:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
PRC - [2008.10.31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2008.10.31 07:24:26 | 001,705,256 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.11.06 17:24:36 | 003,604,480 | ---- | M] () -- D:\tvorbastranek\ComplexWebServer\mysql\bin\mysqld-nt.exe
PRC - [2006.09.17 22:55:58 | 000,686,080 | ---- | M] (Jilm

) -- D:\tvorbastranek\ComplexWebServer\bin\ServiceDirect.exe
PRC - [2005.10.09 20:17:00 | 000,020,541 | ---- | M] (Apache Software Foundation) -- D:\tvorbastranek\ComplexWebServer\apache\bin\Apache.exe
PRC - [2003.02.27 08:29:26 | 000,047,104 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2001.03.03 04:26:26 | 000,007,680 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

========== Modules (SafeList) ==========

MOD - [2010.04.06 18:05:38 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\svast\Plocha\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008.10.31 07:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4)
SRV - [2008.10.31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2006.11.06 17:24:36 | 003,604,480 | ---- | M] () [Auto | Running] -- D:\tvorbastranek\ComplexWebServer\mysql\bin\mysqld-nt.exe -- (CWS_MySQL_3306)
SRV - [2005.10.09 20:17:00 | 000,020,541 | ---- | M] (Apache Software Foundation) [Auto | Running] -- D:\tvorbastranek\ComplexWebServer\apache\bin\apache.exe -- (CWS_Apache_80)

========== Driver Services (SafeList) ==========

DRV - [2009.11.25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.11.25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.10.18 12:51:09 | 000,000,169 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\ultra.INI -- (ultra)
DRV - [2008.10.31 07:09:06 | 000,270,888 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2008.06.21 04:54:54 | 000,066,600 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2008.06.21 04:54:54 | 000,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2008.04.13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2008.04.13 20:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2007.11.03 12:21:02 | 000,068,096 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2007.10.13 01:12:14 | 000,025,544 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.06.29 00:43:00 | 006,807,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004.04.21 17:11:06 | 000,729,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003.02.27 09:03:52 | 000,701,676 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2001.10.24 12:46:00 | 000,075,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimpae.sys -- (atirage3)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010.04.04 16:51:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll ()
O2 - BHO: (CHelper Class) - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - C:\Program Files\Eurotran 2003\e2003i.dll ()
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll ()
O3 - HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ComplexWebServer] D:\tvorbastranek\ComplexWebServer\bin\ServiceDirect.exe (Jilm

)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\Winampa.exe ()
O4 - HKU\S-1-5-21-1547161642-1035525444-1177238915-1008..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\Program Files\Eurotran 2003\e2003i.dll ()
O9 - Extra 'Tools' menuitem : Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\Program Files\Eurotran 2003\e2003i.dll ()
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll ()
O15 - HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\..Trusted Domains: postovnisporitelna.cz ([maxibps] https in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region-Free\DVDShell.dll (Fengtao Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.09.10 17:02:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.03.22 19:59:14 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (http://www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338281256517632)

========== Files/Folders - Created Within 7 Days ==========

[2010.04.06 18:05:34 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\svast\Plocha\OTL.exe
[2010.04.05 22:50:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010.04.05 22:49:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.04.05 22:19:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.04.05 18:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\svast\Plocha\RootkitR
[2010.04.05 17:31:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\svast\Recent
[2010.04.05 09:49:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.04.03 08:09:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.04.03 08:07:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.04.03 08:07:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.04.03 08:07:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.04.03 08:07:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.04.03 08:07:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.04.01 21:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\SecTaskMan
[2010.03.27 13:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2007.09.10 17:06:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2007.09.10 17:06:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2007.09.10 17:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.04.06 18:12:31 | 000,804,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\ceorbjti.sys
[2010.04.06 18:12:00 | 000,000,468 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AA87C180-2987-45E3-8744-33CFC7034EC3}.job
[2010.04.06 18:05:38 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\svast\Plocha\OTL.exe
[2010.04.06 17:58:43 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1035525444-1177238915-1008.job
[2010.04.06 17:58:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.06 17:58:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.06 17:58:28 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.05 23:48:53 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\svast\NTUSER.DAT
[2010.04.05 23:48:53 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\svast\ntuser.ini
[2010.04.05 23:48:46 | 000,003,124 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.04.05 23:45:33 | 000,027,824 | ---- | M] () -- C:\Documents and Settings\svast\Plocha\excel.xlsx
[2010.04.05 22:47:50 | 000,005,278 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2010.04.05 21:08:02 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1035525444-1177238915-1008.job
[2010.04.05 20:54:16 | 000,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010.04.05 18:13:35 | 000,041,418 | -H-- | M] () -- C:\TREEINFO.WC
[2010.04.05 17:36:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.05 17:29:45 | 001,054,510 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.05 17:29:45 | 000,443,724 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.05 17:29:45 | 000,440,590 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.04.05 17:29:45 | 000,083,832 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.04.05 17:29:45 | 000,071,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.05 15:34:14 | 000,010,434 | ---- | M] () -- C:\Documents and Settings\svast\Plocha\tma.docx
[2010.04.05 11:12:52 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.04 16:52:37 | 000,000,270 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.04 16:51:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.04.04 16:35:35 | 003,907,280 | R--- | M] () -- C:\Documents and Settings\svast\Plocha\ComboFix.exe
[2010.04.03 12:00:36 | 002,639,686 | -H-- | M] () -- C:\Documents and Settings\svast\Local Settings\Data aplikací\IconCache.db
[2010.04.03 11:59:48 | 000,219,136 | ---- | M] () -- C:\Documents and Settings\svast\Plocha\spne.xls
[2010.04.03 08:09:32 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.04.02 22:49:17 | 000,015,248 | ---- | M] () -- C:\Documents and Settings\svast\Plocha\Xiao hun yu (1979).docx
[2010.04.02 21:10:57 | 019,167,744 | ---- | M] () -- C:\Documents and Settings\svast\Plocha\šicht2010.xls
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.04 19:06:25 | 000,010,434 | ---- | C] () -- C:\Documents and Settings\svast\Plocha\tma.docx
[2010.04.03 08:09:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.04.03 08:09:29 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.04.03 08:07:40 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.04.03 08:07:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.04.03 08:07:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.04.03 08:07:40 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.04.03 08:07:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.04.03 08:04:01 | 003,907,280 | R--- | C] () -- C:\Documents and Settings\svast\Plocha\ComboFix.exe
[2010.04.01 22:28:18 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2010.03.26 21:25:06 | 000,804,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\ceorbjti.sys
[2010.03.26 21:16:27 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\svast\Data aplikací\jasltw.dat
[2010.03.26 20:47:14 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\svast\Local Settings\Data aplikací\fusioncache.dat
[2010.03.25 21:04:10 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010.03.25 20:34:14 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2010.03.21 18:41:20 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\jasltw.dat
[2010.03.21 18:41:13 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\svast\Data aplikací\avdrn.dat
[2010.03.03 20:45:03 | 000,027,939 | ---- | C] () -- C:\Documents and Settings\svast\Data aplikací\OFMissionEditorConfig.xml
[2010.02.27 10:53:43 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2010.01.26 18:02:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AutoVyuk.INI
[2009.12.27 02:24:40 | 000,166,912 | ---- | C] () -- C:\WINDOWS\System32\libmcrypt.dll
[2009.12.27 02:24:39 | 002,076,672 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll
[2009.10.18 12:53:55 | 000,000,103 | ---- | C] () -- C:\WINDOWS\pro.INI
[2009.10.18 12:51:09 | 000,000,169 | ---- | C] () -- C:\WINDOWS\ultra.INI
[2009.08.23 18:49:48 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS76.DLL
[2008.12.23 21:13:41 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008.12.18 20:25:34 | 000,000,271 | ---- | C] () -- C:\WINDOWS\game.ini
[2008.10.17 15:44:15 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\svast\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.05.01 20:37:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008.03.23 11:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.03.23 11:59:56 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.03.01 23:32:47 | 000,000,308 | ---- | C] () -- C:\WINDOWS\SSC.INI
[2008.02.28 21:47:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\svast\Data aplikací\AVSDVDPlayer.m3u
[2008.02.25 21:48:09 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SystemInfo32.sys
[2008.02.09 12:23:14 | 000,491,520 | ---- | C] () -- C:\WINDOWS\WebIE.dll
[2008.02.09 12:22:09 | 000,002,733 | ---- | C] () -- C:\WINDOWS\UN32P.INI
[2008.02.09 12:21:36 | 000,001,780 | ---- | C] () -- C:\WINDOWS\MAILTRAN.INI
[2008.02.09 12:21:35 | 000,002,863 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2008.02.09 12:21:27 | 000,005,278 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2008.02.09 12:21:27 | 000,004,991 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2008.01.27 20:40:43 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\svast\Data aplikací\PnkBstrK.sys
[2008.01.25 17:42:57 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\svast\ntuser.ini
[2008.01.25 17:42:55 | 009,699,328 | -H-- | C] () -- C:\Documents and Settings\svast\NTUSER.DAT
[2008.01.25 17:42:55 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\svast\NtUser.dat.LOG
[2007.12.25 13:38:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PV_TUNER.INI
[2007.12.22 11:32:36 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007.10.12 21:00:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.09.16 10:51:10 | 000,000,042 | ---- | C] () -- C:\WINDOWS\STXKBD.INI
[2007.09.16 10:51:10 | 000,000,035 | ---- | C] () -- C:\WINDOWS\WTRDCTM.INI
[2007.09.16 10:51:09 | 000,001,475 | ---- | C] () -- C:\WINDOWS\WINTRAN.INI
[2007.09.16 10:51:09 | 000,000,700 | ---- | C] () -- C:\WINDOWS\WTRDICT.INI
[2007.09.13 00:01:37 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.09.12 23:55:52 | 000,000,062 | ---- | C] () -- C:\WINDOWS\Bloodline.ini
[2007.09.10 22:53:03 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.09.10 22:28:53 | 000,000,202 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2007.09.10 22:07:53 | 000,003,124 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.09.10 17:19:26 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2007.06.29 00:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.06.29 00:43:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.06.29 00:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.06.29 00:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.06.29 00:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.11.01 14:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.11.01 14:52:38 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 12:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2004.10.27 00:39:04 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004.04.21 16:58:26 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2001.03.03 04:26:29 | 000,088,064 | ---- | C] () -- C:\WINDOWS\System32\AudioExCtl.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009.08.23 18:50:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2009.09.20 09:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.03.21 20:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Drivers HeadQuarters Inc
[2010.04.03 10:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SecTaskMan
[2009.09.06 20:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SpeedBit
[2010.04.06 18:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.05.09 10:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\BSplayer
[2010.02.13 21:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\flightgear.org
[2010.03.21 20:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\GetRightToGo
[2009.09.13 19:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\HYL
[2008.10.22 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\ICQ Toolbar
[2008.10.22 22:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\ICQLite
[2009.01.06 00:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Miranda
[2008.08.12 22:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\MoyeaFLV2Video
[2010.01.21 22:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\MySQL
[2008.11.16 18:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\VitySoft
[2010.04.06 18:12:00 | 000,000,468 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AA87C180-2987-45E3-8744-33CFC7034EC3}.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"NBJ" = "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" -- [2005.04.14 16:56:06 | 001,957,888 | ---- | M] (Ahead Software AG)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008.12.22 20:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Adobe
[2009.09.03 20:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Ahead
[2009.05.09 10:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\BSplayer
[2010.02.13 21:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\flightgear.org
[2010.03.21 20:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\GetRightToGo
[2009.11.28 10:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Google
[2008.04.02 19:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Help
[2009.09.13 19:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\HYL
[2008.10.22 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\ICQ Toolbar
[2008.10.22 22:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\ICQLite
[2008.01.25 17:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Identities
[2008.01.25 18:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Macromedia
[2008.03.23 12:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Media Player Classic
[2010.03.22 20:09:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\svast\Data aplikací\Microsoft
[2009.01.06 00:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Miranda
[2008.08.12 22:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\MoyeaFLV2Video
[2008.10.10 22:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Mozilla
[2010.01.21 22:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\MySQL
[2008.02.02 00:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\PSpad
[2010.03.28 20:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Real
[2010.04.05 21:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Skype
[2008.11.16 18:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Sun
[2010.04.05 22:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\SUPERAntiSpyware.com
[2008.10.10 22:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Talkback
[2008.11.16 18:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\VitySoft
[2008.05.25 01:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2010.03.19 19:34:00 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\svast\Data aplikací\Real\Update\setup3.10\setup.exe
[2010.03.13 10:49:49 | 008,405,312 | ---- | M] () -- C:\Documents and Settings\svast\Data aplikací\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
[2010.03.13 10:49:25 | 010,309,448 | ---- | M] () -- C:\Documents and Settings\svast\Data aplikací\Real\Update\setup3.10\chr\ChromeInstaller.exe
[2010.03.13 10:49:28 | 000,149,000 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\svast\Data aplikací\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
[2010.03.20 19:04:25 | 020,850,160 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\svast\Data aplikací\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
[2010.03.13 10:48:55 | 000,079,368 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\svast\Data aplikací\Real\Update\setup3.10\RUP\vista.exe

< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.03.27 13:28:27 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.03.27 13:28:27 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.03.27 13:28:27 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.03.27 13:28:27 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.17 15:57:28 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\i386\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007.06.13 15:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2010.03.27 13:28:27 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2010.03.27 13:28:27 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\hal.dll
[2008.04.13 20:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.17 15:57:28 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2010.03.27 13:28:27 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2010.03.27 13:28:27 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\system32\drivers\changer.sys
[2004.08.17 15:57:28 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\$NtServicePackUninstall$\changer.sys

< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\SoftwareDistribution\Download\1d2803a1f84cfd41d61e509943d67213\sp2gdr\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\SoftwareDistribution\Download\1d2803a1f84cfd41d61e509943d67213\sp3gdr\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.04.06 18:24:18 | 000,804,864 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ceorbjti.sys
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2010.03.22 20:38:40 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.03.22 19:33:01 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010.03.22 20:38:40 | 027,525,120 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.03.22 20:38:40 | 004,194,304 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DF462FF6
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A9662AE0
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:9FA5EC55
< End of report >

nekrox · #3 Příspěvek od **nekrox** » 06 dub 2010 18:08

Soubor z RootkitRevealer

HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\Console 5. 4. 2010 22:49 0 bytes Security mismatch.
HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\console_combofixbackup 5. 4. 2010 22:49 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 10. 9. 2007 20:50 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 10. 9. 2007 20:50 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Swearware\backup\winsock2 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SYSTEM\ControlSet001\Services\ceorbjti 6. 4. 2010 18:29 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\Dhcp\Parameters\{5B929B58-BFB4-488E-A531-EFA469A6AC4C} 6. 4. 2010 18:38 96 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Epoch\Epoch 6. 4. 2010 18:38 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5B929B58-BFB4-488E-A531-EFA469A6AC4C}\LeaseObtainedTime 6. 4. 2010 18:38 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5B929B58-BFB4-488E-A531-EFA469A6AC4C}\T1 6. 4. 2010 18:38 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5B929B58-BFB4-488E-A531-EFA469A6AC4C}\T2 6. 4. 2010 18:38 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5B929B58-BFB4-488E-A531-EFA469A6AC4C}\LeaseTerminatesTime 6. 4. 2010 18:38 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\{5B929B58-BFB4-488E-A531-EFA469A6AC4C}\Parameters\Tcpip\LeaseObtainedTime 6. 4. 2010 18:38 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\{5B929B58-BFB4-488E-A531-EFA469A6AC4C}\Parameters\Tcpip\T1 6. 4. 2010 18:38 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\{5B929B58-BFB4-488E-A531-EFA469A6AC4C}\Parameters\Tcpip\T2 6. 4. 2010 18:38 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\{5B929B58-BFB4-488E-A531-EFA469A6AC4C}\Parameters\Tcpip\LeaseTerminatesTime 6. 4. 2010 18:38 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet002\Services\ceorbjti 6. 4. 2010 17:58 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet003\Services\ceorbjti 27. 3. 2010 12:09 0 bytes Hidden from Windows API.

nekrox · #4 Příspěvek od **nekrox** » 06 dub 2010 22:06

Zdravím, předem dík, ta hláška z Avastu se už neobjevuje, výpis z Avenger je níže. Za ten CF se omlouvám, netušil jsem že to může způsobit nějaké "problémy", log už nemám (chápu, že to nemá smysl komentovat...). Ještě pokud jde o ty dva soubory k otestování, výsledek ultra.INI je tady:

http://www.virustotal.com/cs/analisis/f ... 1270585995

ale k tomu souboru C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1035525444-1177238915-1008.job se nemůžu dostat. Zkoušel jsem VirusTotal i VirSCAN ale při procházení se doklikám jen k té složce (tedy C:\WINDOWS\Tasks) a nemůžu vybrat jednotlivé soubory z ní. Do toho okna mi nejde nic vložit ani ručně vepsat, takže jestli jsem někde udělal chybu...

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "ceorbjti" deleted successfully.
File "C:\WINDOWS\system32\drivers\ceorbjti.sys" deleted successfully.
File "C:\Documents and Settings\svast\Data aplikací\jasltw.dat" deleted successfully.
File "C:\Documents and Settings\svast\Local Settings\Data aplikací\fusioncache.dat" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

nekrox · #5 Příspěvek od **nekrox** » 07 dub 2010 20:28

Zdar, pokud myslíš ten soubor ultra.ini, tak by měl být přiložen. Ještě jsem zkoušel ten soubor
RealUpgradeLogonTaskS-1-5-21-1547161642-1035525444-1177238915-1008.job
vložit do jiné složky a výsledek je tady (jestli to má smysl):
http://www.virustotal.com/cs/analisis/c ... 1270668306
ty logy vložím zítra, vypadá to, že to bude chvilku trvat a dneska to nestihnu, zatím.

nekrox · #6 Příspěvek od **nekrox** » 09 dub 2010 17:33

Zdravím, takže vkládám RootkitReveal, RSIT, OTL a Extras, ale musím zase pryč, je to narychlo, ComboFix se pokusím vložit dneska v noci.

RootktReveal:

HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\Console 5. 4. 2010 22:49 0 bytes Security mismatch.
HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\console_combofixbackup 5. 4. 2010 22:49 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 10. 9. 2007 20:50 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 10. 9. 2007 20:50 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\SchedulingAgent\LastTaskRun 9. 4. 2010 17:42 16 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Swearware\backup\winsock2 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 3. 4. 2010 8:07 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 3. 4. 2010 8:07 0 bytes Security mismatch.

nekrox · #7 Příspěvek od **nekrox** » 09 dub 2010 17:35

OTL:

OTL logfile created on: 9.4.2010 18:06:34 - Run 6
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\svast\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 524,00 Mb Available Physical Memory | 51,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 3,91 Gb Free Space | 20,04% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 6,09 Gb Free Space | 10,39% Space Free | Partition Type: NTFS
Drive E: | 70,92 Gb Total Space | 17,15 Gb Free Space | 24,18% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 6,20 Gb Free Space | 2,08% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NEKROX
Current User Name: svast
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.06 18:05:38 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\svast\Plocha\OTL.exe
PRC - [2010.03.28 20:07:59 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009.11.25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009.09.06 20:14:34 | 002,811,392 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2008.10.31 07:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
PRC - [2008.10.31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2008.10.31 07:24:26 | 001,705,256 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.11.06 17:24:36 | 003,604,480 | ---- | M] () -- D:\tvorbastranek\ComplexWebServer\mysql\bin\mysqld-nt.exe
PRC - [2006.09.17 22:55:58 | 000,686,080 | ---- | M] (Jilm

) -- D:\tvorbastranek\ComplexWebServer\bin\ServiceDirect.exe
PRC - [2005.10.09 20:17:00 | 000,020,541 | ---- | M] (Apache Software Foundation) -- D:\tvorbastranek\ComplexWebServer\apache\bin\Apache.exe
PRC - [2003.02.27 08:29:26 | 000,047,104 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2001.03.03 04:26:26 | 000,007,680 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

========== Modules (SafeList) ==========

MOD - [2010.04.06 18:05:38 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\svast\Plocha\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008.10.31 07:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4)
SRV - [2008.10.31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2006.11.06 17:24:36 | 003,604,480 | ---- | M] () [Auto | Running] -- D:\tvorbastranek\ComplexWebServer\mysql\bin\mysqld-nt.exe -- (CWS_MySQL_3306)
SRV - [2005.10.09 20:17:00 | 000,020,541 | ---- | M] (Apache Software Foundation) [Auto | Running] -- D:\tvorbastranek\ComplexWebServer\apache\bin\apache.exe -- (CWS_Apache_80)

========== Driver Services (SafeList) ==========

DRV - [2009.11.25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.11.25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.10.18 12:51:09 | 000,000,169 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\ultra.INI -- (ultra)
DRV - [2008.10.31 07:09:06 | 000,270,888 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2008.06.21 04:54:54 | 000,066,600 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2008.06.21 04:54:54 | 000,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2008.04.13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2008.04.13 20:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2007.11.03 12:21:02 | 000,068,096 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2007.10.13 01:12:14 | 000,025,544 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.06.29 00:43:00 | 006,807,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004.04.21 17:11:06 | 000,729,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003.02.27 09:03:52 | 000,701,676 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2001.10.24 12:46:00 | 000,075,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimpae.sys -- (atirage3)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010.04.04 16:51:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll ()
O2 - BHO: (CHelper Class) - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - C:\Program Files\Eurotran 2003\e2003i.dll ()
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll ()
O3 - HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ComplexWebServer] D:\tvorbastranek\ComplexWebServer\bin\ServiceDirect.exe (Jilm

)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\Winampa.exe ()
O4 - HKU\S-1-5-21-1547161642-1035525444-1177238915-1008..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\Program Files\Eurotran 2003\e2003i.dll ()
O9 - Extra 'Tools' menuitem : Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\Program Files\Eurotran 2003\e2003i.dll ()
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll ()
O15 - HKU\S-1-5-21-1547161642-1035525444-1177238915-1008\..Trusted Domains: postovnisporitelna.cz ([maxibps] https in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region-Free\DVDShell.dll (Fengtao Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.09.10 17:02:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.03.22 19:59:14 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338281256517632)

========== Files/Folders - Created Within 7 Days ==========

[2010.04.09 17:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\svast\Plocha\n
[2010.04.09 17:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.09 17:42:10 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.06 22:25:05 | 000,000,000 | ---D | C] -- C:\Avenger
[2010.04.06 18:05:34 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\svast\Plocha\OTL.exe
[2010.04.05 22:50:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010.04.05 22:49:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.04.05 22:19:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.04.05 18:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\svast\Plocha\RootkitR
[2010.04.05 17:31:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\svast\Recent
[2010.04.05 09:49:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.04.03 08:09:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.04.03 08:07:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.04.03 08:07:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.04.03 08:07:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.04.03 08:07:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.04.03 08:07:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.03.27 13:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2007.09.10 17:06:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2007.09.10 17:06:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2007.09.10 17:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.04.09 18:07:00 | 000,000,468 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AA87C180-2987-45E3-8744-33CFC7034EC3}.job
[2010.04.09 17:57:29 | 000,003,087 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.04.09 17:32:16 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1035525444-1177238915-1008.job
[2010.04.09 17:31:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.09 17:31:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.09 17:31:51 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.09 00:01:07 | 000,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010.04.08 19:44:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.07 21:38:41 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\svast\NTUSER.DAT
[2010.04.07 21:38:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\svast\ntuser.ini
[2010.04.07 21:14:33 | 000,029,393 | ---- | M] () -- C:\Documents and Settings\svast\Plocha\excel.xlsx
[2010.04.06 23:55:12 | 000,011,932 | ---- | M] () -- C:\Documents and Settings\svast\Plocha\tma.docx
[2010.04.06 23:42:17 | 000,010,985 | ---- | M] () -- C:\Documents and Settings\svast\Plocha\visalja.docx
[2010.04.06 22:18:50 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\svast\Plocha\avenger.exe
[2010.04.06 18:05:38 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\svast\Plocha\OTL.exe
[2010.04.05 22:47:50 | 000,005,278 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2010.04.05 21:08:02 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1035525444-1177238915-1008.job
[2010.04.05 18:13:35 | 000,041,418 | -H-- | M] () -- C:\TREEINFO.WC
[2010.04.05 17:29:45 | 001,054,510 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.05 17:29:45 | 000,443,724 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.05 17:29:45 | 000,440,590 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.04.05 17:29:45 | 000,083,832 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.04.05 17:29:45 | 000,071,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.05 11:12:52 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.04 16:52:37 | 000,000,270 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.04 16:51:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.04.04 16:35:35 | 003,907,280 | R--- | M] () -- C:\Documents and Settings\svast\Plocha\ComboFix.exe
[2010.04.03 12:00:36 | 002,639,686 | -H-- | M] () -- C:\Documents and Settings\svast\Local Settings\Data aplikací\IconCache.db
[2010.04.03 11:59:48 | 000,219,136 | ---- | M] () -- C:\Documents and Settings\svast\Plocha\spne.xls
[2010.04.03 08:09:32 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.04.02 22:49:17 | 000,015,248 | ---- | M] () -- C:\Documents and Settings\svast\Plocha\Xiao hun yu (1979).docx
[2010.04.02 21:10:57 | 019,167,744 | ---- | M] () -- C:\Documents and Settings\svast\Plocha\šicht2010.xls
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.06 23:10:39 | 000,010,985 | ---- | C] () -- C:\Documents and Settings\svast\Plocha\visalja.docx
[2010.04.06 22:18:43 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\svast\Plocha\avenger.exe
[2010.04.04 19:06:25 | 000,011,932 | ---- | C] () -- C:\Documents and Settings\svast\Plocha\tma.docx
[2010.04.03 08:09:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.04.03 08:09:29 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.04.03 08:07:40 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.04.03 08:07:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.04.03 08:07:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.04.03 08:07:40 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.04.03 08:07:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.04.03 08:04:01 | 003,907,280 | R--- | C] () -- C:\Documents and Settings\svast\Plocha\ComboFix.exe
[2010.03.25 21:04:10 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010.03.25 20:34:14 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2010.03.21 18:41:20 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\jasltw.dat
[2010.03.21 18:41:13 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\svast\Data aplikací\avdrn.dat
[2010.03.03 20:45:03 | 000,027,939 | ---- | C] () -- C:\Documents and Settings\svast\Data aplikací\OFMissionEditorConfig.xml
[2010.02.27 10:53:43 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2010.01.26 18:02:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AutoVyuk.INI
[2009.12.27 02:24:40 | 000,166,912 | ---- | C] () -- C:\WINDOWS\System32\libmcrypt.dll
[2009.12.27 02:24:39 | 002,076,672 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll
[2009.10.18 12:53:55 | 000,000,103 | ---- | C] () -- C:\WINDOWS\pro.INI
[2009.10.18 12:51:09 | 000,000,169 | ---- | C] () -- C:\WINDOWS\ultra.INI
[2009.08.23 18:49:48 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS76.DLL
[2008.12.23 21:13:41 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008.12.18 20:25:34 | 000,000,271 | ---- | C] () -- C:\WINDOWS\game.ini
[2008.10.17 15:44:15 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\svast\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.05.01 20:37:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008.03.23 11:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.03.23 11:59:56 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.03.01 23:32:47 | 000,000,308 | ---- | C] () -- C:\WINDOWS\SSC.INI
[2008.02.28 21:47:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\svast\Data aplikací\AVSDVDPlayer.m3u
[2008.02.25 21:48:09 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SystemInfo32.sys
[2008.02.09 12:23:14 | 000,491,520 | ---- | C] () -- C:\WINDOWS\WebIE.dll
[2008.02.09 12:22:09 | 000,002,733 | ---- | C] () -- C:\WINDOWS\UN32P.INI
[2008.02.09 12:21:36 | 000,001,780 | ---- | C] () -- C:\WINDOWS\MAILTRAN.INI
[2008.02.09 12:21:35 | 000,002,863 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2008.02.09 12:21:27 | 000,005,278 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2008.02.09 12:21:27 | 000,004,991 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2008.01.27 20:40:43 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\svast\Data aplikací\PnkBstrK.sys
[2008.01.25 17:42:57 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\svast\ntuser.ini
[2008.01.25 17:42:55 | 009,699,328 | -H-- | C] () -- C:\Documents and Settings\svast\NTUSER.DAT
[2008.01.25 17:42:55 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\svast\NtUser.dat.LOG
[2007.12.25 13:38:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PV_TUNER.INI
[2007.12.22 11:32:36 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007.10.12 21:00:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.09.16 10:51:10 | 000,000,042 | ---- | C] () -- C:\WINDOWS\STXKBD.INI
[2007.09.16 10:51:10 | 000,000,035 | ---- | C] () -- C:\WINDOWS\WTRDCTM.INI
[2007.09.16 10:51:09 | 000,001,475 | ---- | C] () -- C:\WINDOWS\WINTRAN.INI
[2007.09.16 10:51:09 | 000,000,700 | ---- | C] () -- C:\WINDOWS\WTRDICT.INI
[2007.09.13 00:01:37 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.09.12 23:55:52 | 000,000,062 | ---- | C] () -- C:\WINDOWS\Bloodline.ini
[2007.09.10 22:53:03 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.09.10 22:28:53 | 000,000,202 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2007.09.10 22:07:53 | 000,003,087 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.09.10 17:19:26 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2007.06.29 00:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.06.29 00:43:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.06.29 00:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.06.29 00:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.06.29 00:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.11.01 14:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.11.01 14:52:38 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 12:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2004.10.27 00:39:04 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004.04.21 16:58:26 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2001.03.03 04:26:29 | 000,088,064 | ---- | C] () -- C:\WINDOWS\System32\AudioExCtl.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009.08.23 18:50:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2009.09.20 09:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.03.21 20:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Drivers HeadQuarters Inc
[2010.04.03 10:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SecTaskMan
[2009.09.06 20:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SpeedBit
[2010.04.09 17:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.05.09 10:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\BSplayer
[2010.02.13 21:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\flightgear.org
[2010.03.21 20:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\GetRightToGo
[2009.09.13 19:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\HYL
[2008.10.22 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\ICQ Toolbar
[2008.10.22 22:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\ICQLite
[2009.01.06 00:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Miranda
[2008.08.12 22:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\MoyeaFLV2Video
[2010.01.21 22:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\MySQL
[2008.11.16 18:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\VitySoft
[2010.04.09 18:07:00 | 000,000,468 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AA87C180-2987-45E3-8744-33CFC7034EC3}.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"NBJ" = "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" -- [2005.04.14 16:56:06 | 001,957,888 | ---- | M] (Ahead Software AG)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008.12.22 20:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Adobe
[2009.09.03 20:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Ahead
[2009.05.09 10:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\BSplayer
[2010.02.13 21:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\flightgear.org
[2010.03.21 20:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\GetRightToGo
[2009.11.28 10:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Google
[2008.04.02 19:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Help
[2009.09.13 19:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\HYL
[2008.10.22 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\ICQ Toolbar
[2008.10.22 22:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\ICQLite
[2008.01.25 17:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Identities
[2008.01.25 18:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Macromedia
[2008.03.23 12:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Media Player Classic
[2010.03.22 20:09:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\svast\Data aplikací\Microsoft
[2009.01.06 00:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Miranda
[2008.08.12 22:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\MoyeaFLV2Video
[2008.10.10 22:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Mozilla
[2010.01.21 22:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\MySQL
[2008.02.02 00:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\PSpad
[2010.03.28 20:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Real
[2010.04.05 21:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Skype
[2008.11.16 18:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Sun
[2010.04.05 22:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\SUPERAntiSpyware.com
[2008.10.10 22:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\Talkback
[2008.11.16 18:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\VitySoft
[2008.05.25 01:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\svast\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2010.03.19 19:34:00 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\svast\Data aplikací\Real\Update\setup3.10\setup.exe
[2010.03.13 10:49:49 | 008,405,312 | ---- | M] () -- C:\Documents and Settings\svast\Data aplikací\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
[2010.03.13 10:49:25 | 010,309,448 | ---- | M] () -- C:\Documents and Settings\svast\Data aplikací\Real\Update\setup3.10\chr\ChromeInstaller.exe
[2010.03.13 10:49:28 | 000,149,000 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\svast\Data aplikací\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
[2010.03.20 19:04:25 | 020,850,160 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\svast\Data aplikací\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
[2010.03.13 10:48:55 | 000,079,368 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\svast\Data aplikací\Real\Update\setup3.10\RUP\vista.exe

< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.03.27 13:28:27 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.03.27 13:28:27 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.03.27 13:28:27 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.03.27 13:28:27 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.17 15:57:28 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\i386\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007.06.13 15:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2010.03.27 13:28:27 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2010.03.27 13:28:27 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\hal.dll
[2008.04.13 20:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.17 15:57:28 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2010.03.27 13:28:27 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2010.03.27 13:28:27 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\system32\drivers\changer.sys
[2004.08.17 15:57:28 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\$NtServicePackUninstall$\changer.sys

< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2010.03.22 20:38:40 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.03.22 19:33:01 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010.03.22 20:38:40 | 027,525,120 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.03.22 20:38:40 | 004,194,304 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DF462FF6
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A9662AE0
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:9FA5EC55
< End of report >

nekrox · #8 Příspěvek od **nekrox** » 09 dub 2010 17:39

Tak ten RSIT a Extras v příloze

Jinak jsem si tam všiml něco s ICQ, dalo by se odstranit všechno co má něco s tímto programem společné? Díky

nekrox · #9 Příspěvek od **nekrox** » 10 dub 2010 00:15

Tak tady je konečně ten CF
Ještě k tomu soubotu ultra, měl jsem tu kdysi program Teleport Pro, ale už jsem ho odstranil, jestli tedy ten soubor ultra.ini na nic jiného není mohl bych ho teoreticky smazat?

ComboFix 10-04-08.06 - svast 10.04.2010 0:51.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.650 [GMT 2:00]
Spuštěný z: c:\documents and settings\svast\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100409-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\userinit.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-09 do 2010-04-09 )))))))))))))))))))))))))))))))
.

2010-04-09 15:42 . 2010-04-09 15:42 -------- d-----w- c:\program files\trend micro
2010-04-09 15:42 . 2010-04-09 16:36 -------- d-----w- C:\rsit
2010-03-28 18:09 . 2010-03-28 18:09 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-28 15:22 . 2010-03-28 15:22 -------- d-----w- c:\program files\Sophos
2010-03-27 11:43 . 2010-03-27 11:43 -------- d-----w- c:\windows\l2schemas
2010-03-27 11:43 . 2010-03-27 11:43 -------- d-----w- c:\windows\system32\cs
2010-03-27 11:43 . 2010-03-27 11:43 -------- d-----w- c:\windows\system32\bits
2010-03-27 10:27 . 2008-04-14 03:22 7680 ----a-w- c:\windows\system32\spdwnwxp.exe
2010-03-27 10:26 . 2008-04-14 03:19 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2010-03-26 19:17 . 2008-04-13 16:39 142592 ------w- c:\windows\system32\drivers\aec.sys
2010-03-26 18:10 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-03-26 18:10 . 2010-02-25 06:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-26 18:10 . 2010-02-25 06:18 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-26 18:10 . 2010-02-25 06:18 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-03-26 18:10 . 2010-02-25 06:18 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-26 18:10 . 2010-02-25 06:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-26 18:10 . 2010-02-25 09:48 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-03-26 18:09 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-03-26 18:08 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-03-26 18:06 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-03-26 18:03 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-03-26 18:01 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-03-26 18:01 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-03-25 18:58 . 2010-03-25 18:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-25 18:34 . 2003-01-16 04:45 5632 ----a-w- c:\windows\system32\InstFunc.dll
2010-03-25 18:34 . 2002-12-12 11:42 184320 ----a-w- c:\windows\system32\setuplib.dll
2010-03-25 18:34 . 2002-08-28 07:35 73728 ----a-w- c:\windows\system32\waitwnd.exe
2010-03-25 18:33 . 2010-03-25 18:33 -------- d-----w- c:\program files\S3
2010-03-25 18:31 . 2010-03-25 18:31 -------- d-----w- c:\windows\Drivers
2010-03-25 17:50 . 2010-03-25 17:50 -------- d-----w- c:\windows\system32\URTTEMP
2010-03-25 16:18 . 2010-04-03 08:13 -------- d-----w- c:\program files\SpeedFan
2010-03-23 20:28 . 2001-10-24 11:24 137216 -c--a-w- c:\windows\system32\dllcache\atidrae.dll
2010-03-23 20:28 . 2001-10-24 11:24 137216 ----a-w- c:\windows\system32\atidrae.dll
2010-03-23 20:28 . 2001-10-24 10:46 75136 -c--a-w- c:\windows\system32\dllcache\atimpae.sys
2010-03-23 20:28 . 2001-10-24 10:46 75136 ----a-w- c:\windows\system32\drivers\atimpae.sys
2010-03-23 18:22 . 2010-03-23 18:22 -------- d-----w- c:\program files\CleverTune Software
2010-03-22 20:21 . 2010-03-22 20:21 -------- d-----w- C:\ATI
2010-03-22 18:01 . 2001-10-25 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2010-03-22 18:00 . 2001-10-25 12:00 18944 -c--a-w- c:\windows\system32\dllcache\cprofile.exe
2010-03-22 17:41 . 2001-10-25 12:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2010-03-22 17:40 . 2001-10-25 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-03-22 17:40 . 2001-10-25 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-03-22 17:40 . 2001-10-25 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-03-22 17:40 . 2001-10-25 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-03-22 17:29 . 2008-04-14 03:22 15360 ------w- c:\windows\system32\ctfmon.exe
2010-03-22 17:28 . 2009-02-06 10:39 35328 -c--a-w- c:\windows\system32\dllcache\sc.exe
2010-03-22 17:27 . 2010-02-25 06:18 25600 -c--a-w- c:\windows\system32\dllcache\jsproxy.dll
2010-03-22 17:26 . 2009-07-17 18:57 58880 -c--a-w- c:\windows\system32\dllcache\atl.dll
2010-03-21 19:35 . 2010-03-22 19:04 -------- d-----w- c:\program files\Enigma Software Group
2010-03-18 17:03 . 2010-03-18 17:03 -------- d-----w- C:\a123
2010-03-18 17:02 . 2010-03-18 17:02 34 ---ha-w- c:\windows\system32\VideoConverter_sysquict.dat
2010-03-18 17:02 . 2010-03-21 17:12 -------- d-----w- c:\program files\A123 MOV Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 21:36 . 2007-09-12 21:27 -------- d-----w- c:\program files\FTP Commander
2010-04-05 20:19 . 2009-04-02 20:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-05 20:19 . 2009-10-10 10:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-05 16:50 . 2007-09-19 20:23 -------- d-----w- c:\program files\Eurotran 2003
2010-04-05 15:29 . 2001-10-25 12:00 83832 ----a-w- c:\windows\system32\perfc005.dat
2010-04-05 15:29 . 2001-10-25 12:00 440590 ----a-w- c:\windows\system32\perfh005.dat
2010-04-05 07:50 . 2007-11-20 18:25 -------- d-----w- c:\program files\Activision
2010-03-28 18:09 . 2009-06-04 19:57 -------- d-----w- c:\program files\Common Files\Real
2010-03-28 18:09 . 2009-06-04 19:57 -------- d-----w- c:\program files\Real
2010-03-27 11:47 . 2007-09-10 15:01 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-27 11:47 . 2007-09-10 15:01 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-25 18:31 . 2007-09-10 15:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-22 17:56 . 2007-09-10 14:58 22916 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-21 17:59 . 2007-09-24 19:02 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-03-21 17:58 . 2007-09-24 19:02 737280 ----a-w- c:\windows\iun6002.exe
2010-03-21 17:54 . 2009-05-05 15:20 -------- d-----w- c:\program files\The KMPlayer
2010-03-21 16:52 . 2010-03-21 16:52 0 ----a-w- c:\windows\system32\drivers\SET6A.tmp
2010-02-27 08:46 . 2010-02-27 08:46 -------- d-----w- c:\program files\Microsoft Works
2010-02-27 08:45 . 2010-02-27 08:45 -------- d-----w- c:\program files\Microsoft.NET
2010-02-25 06:18 . 2010-03-22 17:29 916480 ------w- c:\windows\system32\wininet.dll
2010-01-26 16:04 . 2008-03-17 19:48 286720 ----a-w- c:\windows\Setup1.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-14 1957888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\Winampa.exe" [2001-03-03 7680]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 335872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ComplexWebServer"="d:\tvorbastranek\ComplexWebServer\bin\ServiceDirect.exe" [2006-09-17 686080]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"SoundMan"="SOUNDMAN.EXE" [2003-02-27 47104]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-28 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-21 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2003-01-29 40960]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\StrongDC 2 03\\StrongDC.exe"=
"d:\\hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30.3.2008 17:30 114768]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [10.10.2009 9:41 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.3.2008 17:30 20560]
R2 CWS_Apache_80;CWS_Apache_80;d:\tvorbastranek\ComplexWebServer\apache\bin\Apache.exe [27.12.2009 2:20 20541]
R2 CWS_MySQL_3306;CWS_MySQL_3306;d:\tvorbastranek\ComplexWebServer\mysql\bin\mysqld-nt.exe --defaults-file=d:\tvorbastranek\ComplexWebServer\mysql\conf\mysqld.conf CWS_MySQL_3306 --> d:\tvorbastranek\ComplexWebServer\mysql\bin\mysqld-nt.exe --defaults-file=d:\tvorbastranek\ComplexWebServer\mysql\conf\mysqld.conf CWS_MySQL_3306 [?]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [10.10.2009 9:41 65576]
S2 THP878;THP878;\??\c:\windows\System32\Drivers\THP878.SYS --> c:\windows\System32\Drivers\THP878.SYS [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\28.tmp --> c:\windows\system32\28.tmp [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1035525444-1177238915-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-04-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1035525444-1177238915-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-04-09 c:\windows\Tasks\User_Feed_Synchronization-{AA87C180-2987-45E3-8744-33CFC7034EC3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - {DB7FBFE3-82CB-49E0-9C41-39C2A80B4966} - c:\progra~1\EUROTR~1\e2003i.dll
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Trusted Zone: postovnisporitelna.cz\maxibps
TCP: {FFF978F5-61C5-46AA-8F7A-BFC0BB0ACBA4} = 194.228.2.1,194.228.41.113
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 01:03
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\28.tmp"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1168)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3700)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
d:\tvorbastranek\ComplexWebServer\mysql\bin\mysqld-nt.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\system32\rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-04-10 01:10:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-09 23:09

Před spuštěním: 4 872 085 504
Po spuštění: 4 842 893 312

- - End Of File - - 900318DB4FB3539A23335E97F80C9303

nekrox · #10 Příspěvek od **nekrox** » 11 dub 2010 09:26

Zdravím, dík za Tvůj čas. Posílám odkazy na výsledky testu těch dvou souborů z Virustotal, jen jsem nepochopil co přesně jsi myslel tím "pravdepodobně teleport pro + i obsah či celý subor upni"
A co se týká toho OTL, tím Run Fix jsi myslel "Opravit", nebo "Vyčisti" ?

C:\WINDOWS\pro.INI
http://www.virustotal.com/cs/analisis/9 ... 1270970050
C:\WINDOWS\System32\SystemInfo32.sys
http://www.virustotal.com/cs/analisis/e ... 1270973303

nekrox · #11 Příspěvek od **nekrox** » 13 dub 2010 17:53

Čau, tak tady je konečně ten log z OTL:

========== OTL ==========
Service ultra stopped successfully!
Service ultra deleted successfully!
C:\WINDOWS\ultra.INI moved successfully.
Registry value HKEY_USERS\S-1-5-21-1547161642-1035525444-1177238915-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ deleted successfully.
========== SERVICES/DRIVERS ==========
Service MEMSWEEP2 stopped successfully!
Service MEMSWEEP2 deleted successfully!
Service SetupNTGLM7X stopped successfully!
Service SetupNTGLM7X deleted successfully!
========== FILES ==========
File\Folder C:\WINDOWS\system32\28.tmp not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.1.0 log created on 04132010_184056

a ten soubor pro.ini je tady:

[User]
Bytes=0
Explored=0
Retrieved=0
FreeSpace=0
LastProject=
UseTaskbar=0
IntegrateBrowser=0

nekrox · #12 Příspěvek od **nekrox** » 15 dub 2010 21:29

Zdravím, tak jsem se tu konečně dostal a vkládám tedy log z RSIT v příloze.

nekrox · #13 Příspěvek od **nekrox** » 18 dub 2010 08:36

Ahoj, všechno jsem udělal jak jsi psal, zatím to vypadá v pořádku, ještě jednou dík za Tvůj čas.

VIRY.CZ

Avast hlásí skrytý objekt ceorbjti.sys

Avast hlásí skrytý objekt ceorbjti.sys

Re: Avast hlásí skrytý objekt ceorbjti.sys

Re: Avast hlásí skrytý objekt ceorbjti.sys

Re: Avast hlásí skrytý objekt ceorbjti.sys

Re: Avast hlásí skrytý objekt ceorbjti.sys

Re: Avast hlásí skrytý objekt ceorbjti.sys

Re: Avast hlásí skrytý objekt ceorbjti.sys

Re: Avast hlásí skrytý objekt ceorbjti.sys

Re: Avast hlásí skrytý objekt ceorbjti.sys

Re: Avast hlásí skrytý objekt ceorbjti.sys

Re: Avast hlásí skrytý objekt ceorbjti.sys

Re: Avast hlásí skrytý objekt ceorbjti.sys

Re: Avast hlásí skrytý objekt ceorbjti.sys