Po úvodním logu problikla modrá obrazovka a restart

[O.H.]

Po úvodním logu problikla modrá obrazovka a PC hned restartovalo.
Bylo možno zavést jen nouzové režimy; ovšem při zavedení nouzového režimu s prací v síti se neustále dokola startoval a ukončoval falešny lsass.exe.

Pomocí Spybota a UPM jsem odhalil a odstranil spoustu havěti a podezřelých souborů a zápisů v registrech:
Crypt.ZPACK.Gen, Dldr.Delphi.Gen, Inject.ZN, Injector.T, Injector.T, Spy.229376.119, Spy.Gen, EmailWorm.Win32.Jolee.~J1.
Ale problém s restartem to nevyřešilo a W32.AutoRun.tmp stále někde vězel.

Pak jsem použil ComboFix a problém zmizel.
Musel jsem potom přeinstalovat ovladače síťových karet+Hamachi, Daemon Tools a všechnu antivirovou ochranu, kterým to narušilo konfiguraci.

Prosím o kontrolu logu z ComboFix a pro jistotu ještě logu z RSIT, který jsem po všem udělal.

Vůbec nechápu, proč to kompletně vymazalo Účto 2010.

ComboFix 10-08-02.03 - sheriff Číča 04.08.2010 14:16:46.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1675 [GMT 2:00]
Spuštěný z: c:\documents and settings\sheriff Číča\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db
C:\UCTO2010
c:\ucto2010\{DATA}\ABSENCE.004
c:\ucto2010\{DATA}\ABSENCE.X04
c:\ucto2010\{DATA}\ADRESY.000
c:\ucto2010\{DATA}\ADRESY.T00
c:\ucto2010\{DATA}\ADRESY.X00
c:\ucto2010\{DATA}\ARCHIVD.001
c:\ucto2010\{DATA}\ARCHIVD.T01
c:\ucto2010\{DATA}\ARCHIVM.004
c:\ucto2010\{DATA}\ARCHIVM.T04
c:\ucto2010\{DATA}\AUTA.005
c:\ucto2010\{DATA}\AUTA.T05
c:\ucto2010\{DATA}\BANKA1.008
c:\ucto2010\{DATA}\BANKA2.008
c:\ucto2010\{DATA}\CEST_VH.006
c:\ucto2010\{DATA}\CEST_VH.T06
c:\ucto2010\{DATA}\CISABS.004
c:\ucto2010\{DATA}\CISABS.X04
c:\ucto2010\{DATA}\CISCEST.005
c:\ucto2010\{DATA}\CISCEST.X05
c:\ucto2010\{DATA}\CISDOKL.001
c:\ucto2010\{DATA}\CISDRUH.001
c:\ucto2010\{DATA}\CISDRUH.X01
c:\ucto2010\{DATA}\CISPOH.001
c:\ucto2010\{DATA}\CISPOH.X01
c:\ucto2010\{DATA}\CISPOZN.000
c:\ucto2010\{DATA}\CISPOZN.T00
c:\ucto2010\{DATA}\CISPOZN.X00
c:\ucto2010\{DATA}\CIST.000
c:\ucto2010\{DATA}\CIST.X00
c:\ucto2010\{DATA}\CISTEXT.001
c:\ucto2010\{DATA}\CISTXT.006
c:\ucto2010\{DATA}\CISTXT.X06
c:\ucto2010\{DATA}\CISUCEL.005
c:\ucto2010\{DATA}\CISVYKON.001
c:\ucto2010\{DATA}\CISVYKON.X01
c:\ucto2010\{DATA}\DAP15.003
c:\ucto2010\{DATA}\DAP15.T03
c:\ucto2010\{DATA}\DAP16.003
c:\ucto2010\{DATA}\DAP16.T03
c:\ucto2010\{DATA}\DENIK.001
c:\ucto2010\{DATA}\DENIK.T01
c:\ucto2010\{DATA}\DETI15.003
c:\ucto2010\{DATA}\DETI15.X03
c:\ucto2010\{DATA}\DODL_AH.006
c:\ucto2010\{DATA}\DODL_AH.T06
c:\ucto2010\{DATA}\DODL_FH.006
c:\ucto2010\{DATA}\DODL_FH.T06
c:\ucto2010\{DATA}\DODL_FO.006
c:\ucto2010\{DATA}\DODL_FP.006
c:\ucto2010\{DATA}\DODL_FS.006
c:\ucto2010\{DATA}\DODL_VH.006
c:\ucto2010\{DATA}\DODL_VH.T06
c:\ucto2010\{DATA}\DODL_VO.006
c:\ucto2010\{DATA}\DODL_VP.006
c:\ucto2010\{DATA}\DODL_VS.006
c:\ucto2010\{DATA}\DOPISY.002
c:\ucto2010\{DATA}\DOPISY.T02
c:\ucto2010\{DATA}\DOVROK.004
c:\ucto2010\{DATA}\DROBMAJ.009
c:\ucto2010\{DATA}\DROBMAJ.T09
c:\ucto2010\{DATA}\EDIT.000
c:\ucto2010\{DATA}\EDIT.X00
c:\ucto2010\{DATA}\EDITPAR.000
c:\ucto2010\{DATA}\EDITPAR.X00
c:\ucto2010\{DATA}\EDITTAB.000
c:\ucto2010\{DATA}\EDITTAB.T00
c:\ucto2010\{DATA}\EDITTAB.X00
c:\ucto2010\{DATA}\ELDP.097
c:\ucto2010\{DATA}\ELDP.T97
c:\ucto2010\{DATA}\FAKT_AH.006
c:\ucto2010\{DATA}\FAKT_AH.T06
c:\ucto2010\{DATA}\FAKT_FH.006
c:\ucto2010\{DATA}\FAKT_FH.T06
c:\ucto2010\{DATA}\FAKT_FO.006
c:\ucto2010\{DATA}\FAKT_FP.006
c:\ucto2010\{DATA}\FAKT_FS.006
c:\ucto2010\{DATA}\FAKT_VH.006
c:\ucto2010\{DATA}\FAKT_VH.T06
c:\ucto2010\{DATA}\FAKT_VO.006
c:\ucto2010\{DATA}\FAKT_VP.006
c:\ucto2010\{DATA}\FAKT_VS.006
c:\ucto2010\{DATA}\FINANCE.001
c:\ucto2010\{DATA}\FINANCE.T01
c:\ucto2010\{DATA}\HOBAVYP.008
c:\ucto2010\{DATA}\JIZDY.005
c:\ucto2010\{DATA}\JIZDY.T05
c:\ucto2010\{DATA}\KATEG.004
c:\ucto2010\{DATA}\KATEG.X04
c:\ucto2010\{DATA}\OBJE_FH.006
c:\ucto2010\{DATA}\OBJE_FH.T06
c:\ucto2010\{DATA}\OBJE_VH.006
c:\ucto2010\{DATA}\OBJE_VH.T06
c:\ucto2010\{DATA}\OBJE_VP.006
c:\ucto2010\{DATA}\OBJE_VS.006
c:\ucto2010\{DATA}\ODBPRIJ.006
c:\ucto2010\{DATA}\ODPISY.009
c:\ucto2010\{DATA}\ODPISY.X09
c:\ucto2010\{DATA}\ODVODYM.004
c:\ucto2010\{DATA}\ODVODYMX.004
c:\ucto2010\{DATA}\OSSZ08.003
c:\ucto2010\{DATA}\OSSZ09.003
c:\ucto2010\{DATA}\OZNPOJ.004
c:\ucto2010\{DATA}\PAR01A2.001
c:\ucto2010\{DATA}\PAR01A4.001
c:\ucto2010\{DATA}\PAR02A2.002
c:\ucto2010\{DATA}\PAR02A4.002
c:\ucto2010\{DATA}\PAR03A4.003
c:\ucto2010\{DATA}\PAR04A2.004
c:\ucto2010\{DATA}\PAR04A2X.004
c:\ucto2010\{DATA}\PAR05A4.005
c:\ucto2010\{DATA}\PAR06A4.006
c:\ucto2010\{DATA}\PAR08A2.008
c:\ucto2010\{DATA}\PAR08A4.008
c:\ucto2010\{DATA}\PAR09A2.009
c:\ucto2010\{DATA}\PAR09A2.T09
c:\ucto2010\{DATA}\PAR09A4.009
c:\ucto2010\{DATA}\PAR97A2.097
c:\ucto2010\{DATA}\PARAM2.000
c:\ucto2010\{DATA}\PARAM2.T00
c:\ucto2010\{DATA}\PARAM4.000
c:\ucto2010\{DATA}\PARAM4.T00
c:\ucto2010\{DATA}\PARHB.008
c:\ucto2010\{DATA}\PARZAS.001
c:\ucto2010\{DATA}\PLATBY.001
c:\ucto2010\{DATA}\PLATBY.T01
c:\ucto2010\{DATA}\POCZAM.097
c:\ucto2010\{DATA}\POHLZAV.001
c:\ucto2010\{DATA}\POHLZAV.T01
c:\ucto2010\{DATA}\POJIST.004
c:\ucto2010\{DATA}\POJIST.X04
c:\ucto2010\{DATA}\PRACOV.004
c:\ucto2010\{DATA}\PRACOV.T04
c:\ucto2010\{DATA}\PRACOV.X04
c:\ucto2010\{DATA}\PRACSML.004
c:\ucto2010\{DATA}\PRACSML.T04
c:\ucto2010\{DATA}\PRAVJIZD.005
c:\ucto2010\{DATA}\PRAVJIZD.T05
c:\ucto2010\{DATA}\PRIHL.097
c:\ucto2010\{DATA}\PRIKH.008
c:\ucto2010\{DATA}\PRIKH.X08
c:\ucto2010\{DATA}\PRIKP.008
c:\ucto2010\{DATA}\PRIKP.X08
c:\ucto2010\{DATA}\SESTADR.002
c:\ucto2010\{DATA}\SHIFTF3.000
c:\ucto2010\{DATA}\SHIFTF3.X00
c:\ucto2010\{DATA}\SIL.005
c:\ucto2010\{DATA}\SIL.T05
c:\ucto2010\{DATA}\SILDAN.005
c:\ucto2010\{DATA}\SILDAN.X05
c:\ucto2010\{DATA}\SRAZKY.004
c:\ucto2010\{DATA}\SRAZKY.T04
c:\ucto2010\{DATA}\TECHZHOD.009
c:\ucto2010\{DATA}\TECHZHOD.X09
c:\ucto2010\{DATA}\TEXTY.002
c:\ucto2010\{DATA}\TEXTY.T02
c:\ucto2010\{DATA}\TRIDY.004
c:\ucto2010\{DATA}\TRIDY.X04
c:\ucto2010\{DATA}\TYPDOKL.001
c:\ucto2010\{DATA}\TYPDOKL.X01
c:\ucto2010\{DATA}\UCTY.000
c:\ucto2010\{DATA}\UKOLY.000
c:\ucto2010\{DATA}\UKOLY.T00
c:\ucto2010\{DATA}\UPR15.003
c:\ucto2010\{DATA}\UPR15.X03
c:\ucto2010\{DATA}\UZAV.001
c:\ucto2010\{DATA}\VRACBON.097
c:\ucto2010\{DATA}\VYBERADR.000
c:\ucto2010\{DATA}\VYBERADR.X00
c:\ucto2010\{DATA}\VYKMAZA.UUU
c:\ucto2010\{DATA}\VYRIZUJE.002
c:\ucto2010\{DATA}\VYRIZUJE.X02
c:\ucto2010\{DATA}\VYUCSRAZ.097
c:\ucto2010\{DATA}\VYUCZAL.097
c:\ucto2010\{DATA}\VZP08.003
c:\ucto2010\{DATA}\ZAOKFA.006
c:\ucto2010\{DATA}\ZAOKFA.X06
c:\ucto2010\{DATA}\ZP.009
c:\ucto2010\{DATA}\ZP.T09
c:\ucto2010\{DATA}\ZURNALD.001
c:\ucto2010\{GLOB}\ADRWEB.000
c:\ucto2010\{GLOB}\BANKY.000
c:\ucto2010\{GLOB}\BANKY.X00
c:\ucto2010\{GLOB}\BANKYHB.008
c:\ucto2010\{GLOB}\CISOKR.097
c:\ucto2010\{GLOB}\DATA.000
c:\ucto2010\{GLOB}\DATA.X00
c:\ucto2010\{GLOB}\EXPDEKLA.099
c:\ucto2010\{GLOB}\EXPDEKLA.T99
c:\ucto2010\{GLOB}\FAQ.000
c:\ucto2010\{GLOB}\FAQ.X00
c:\ucto2010\{GLOB}\FIRMY.000
c:\ucto2010\{GLOB}\FORMS.099
c:\ucto2010\{GLOB}\FORMS.T99
c:\ucto2010\{GLOB}\KODPOJ.004
c:\ucto2010\{GLOB}\MODULY.000
c:\ucto2010\{GLOB}\NAHRNEM.004
c:\ucto2010\{GLOB}\NAHRNEM.X04
c:\ucto2010\{GLOB}\NEZDAN.000
c:\ucto2010\{GLOB}\NEZDAN.X00
c:\ucto2010\{GLOB}\OKRESY.000
c:\ucto2010\{GLOB}\OKRESY.X00
c:\ucto2010\{GLOB}\PAR02A1.002
c:\ucto2010\{GLOB}\PARAM1.000
c:\ucto2010\{GLOB}\PLATIDLA.004
c:\ucto2010\{GLOB}\POSTY.000
c:\ucto2010\{GLOB}\POSTY.X00
c:\ucto2010\{GLOB}\REPORT.099
c:\ucto2010\{GLOB}\REPORT.T99
c:\ucto2010\{GLOB}\REPORT.X99
c:\ucto2010\{GLOB}\SAZDPH.000
c:\ucto2010\{GLOB}\SAZDPH.X00
c:\ucto2010\{GLOB}\SAZDZP.000
c:\ucto2010\{GLOB}\SAZDZP.X00
c:\ucto2010\{GLOB}\SAZDZPM.004
c:\ucto2010\{GLOB}\SAZDZPM.X04
c:\ucto2010\{GLOB}\SAZODP.009
c:\ucto2010\{GLOB}\SAZODP.X09
c:\ucto2010\{GLOB}\SLOVNIK.006
c:\ucto2010\{GLOB}\ZALDZP.004
c:\ucto2010\{GLOB}\ZALDZP.X04
c:\ucto2010\{GLOB}\ZDRSOC.004
c:\ucto2010\{GLOB}\ZDRSOC.X04
c:\ucto2010\{GLOB}\ZUJ.097
c:\ucto2010\{INFO}\ADRZPRAV.000
c:\ucto2010\{INFO}\ADRZPRAV.T00
c:\ucto2010\{INFO}\INFOAUTO.000
c:\ucto2010\{INFO}\INFOAUTO.X00
c:\ucto2010\{INFO}\INFOPROB.000
c:\ucto2010\{INFO}\INFOPROB.T00
c:\ucto2010\{INFO}\INFOTEMA.000
c:\ucto2010\{INFO}\KONFEREN.000
c:\ucto2010\{INFO}\KONFEREN.T00
c:\ucto2010\{INFO}\PGMKOD.000
c:\ucto2010\{INFO}\PROGRAMY.000
c:\ucto2010\{INFO}\PROGRAMY.T00
c:\ucto2010\{INFO}\SLUZKOD.000
c:\ucto2010\{MAIL}\60957328.00
c:\ucto2010\{NOVA}\ADRESY.000
c:\ucto2010\{NOVA}\ADRESY.T00
c:\ucto2010\{NOVA}\CISABS.004
c:\ucto2010\{NOVA}\CISDOKL.001
c:\ucto2010\{NOVA}\CISDRUH.001
c:\ucto2010\{NOVA}\CISPOH.001
c:\ucto2010\{NOVA}\CISPOZN.000
c:\ucto2010\{NOVA}\CISPOZN.T00
c:\ucto2010\{NOVA}\CIST.000
c:\ucto2010\{NOVA}\CISTXT.006
c:\ucto2010\{NOVA}\CISVYKON.001
c:\ucto2010\{NOVA}\KATEG.004
c:\ucto2010\{NOVA}\PARAM2.000
c:\ucto2010\{NOVA}\PARAM2.T00
c:\ucto2010\{NOVA}\PRACSML.004
c:\ucto2010\{NOVA}\PRACSML.T04
c:\ucto2010\{NOVA}\TRIDY.004
c:\ucto2010\{NOVA}\TYPDOKL.001
c:\ucto2010\{NOVA}\UKOLY.000
c:\ucto2010\{NOVA}\UKOLY.T00
c:\ucto2010\{NOVA}\UZAV.001
c:\ucto2010\{NOVA}\ZAOKFA.006
c:\ucto2010\{OBNV}.BAT
c:\ucto2010\{OBNV}\BANKYHB.008
c:\ucto2010\{OBNV}\KODPOJ.004
c:\ucto2010\{OBNV}\MODULY.000
c:\ucto2010\{OBNV}\NAHRNEM.004
c:\ucto2010\{OBNV}\NEZDAN.000
c:\ucto2010\{OBNV}\PLATIDLA.004
c:\ucto2010\{OBNV}\SAZDPH.000
c:\ucto2010\{OBNV}\SAZDZP.000
c:\ucto2010\{OBNV}\SAZDZPM.004
c:\ucto2010\{OBNV}\SAZODP.009
c:\ucto2010\{OBNV}\SLOVNIK.006
c:\ucto2010\{OBNV}\UCTO2010.CAT
c:\ucto2010\{OBNV}\UTISK04.EX
c:\ucto2010\{OBNV}\ZALDZP.004
c:\ucto2010\{OBNV}\ZDRSOC.004
c:\ucto2010\{PDF1}\DAVKYK2.PDF
c:\ucto2010\{PDF1}\DAVKYK3.PDF
c:\ucto2010\{PDF1}\DAVKYP2.PDF
c:\ucto2010\{PDF1}\DAVKYP3.PDF
c:\ucto2010\{PDF1}\DPH15.PDF
c:\ucto2010\{PDF1}\DPH15P.PDF
c:\ucto2010\{PDF1}\DPH16.PDF
c:\ucto2010\{PDF1}\DPH16P.PDF
c:\ucto2010\{PDF1}\DZP.PDF
c:\ucto2010\{PDF1}\DZP_1.PDF
c:\ucto2010\{PDF1}\DZP_2.PDF
c:\ucto2010\{PDF1}\DZP_3.PDF
c:\ucto2010\{PDF1}\DZP_7.PDF
c:\ucto2010\{PDF1}\DZPP.PDF
c:\ucto2010\{PDF1}\ELDP09B.PDF
c:\ucto2010\{PDF1}\ELDP09F.PDF
c:\ucto2010\{PDF1}\ELDP09K.PDF
c:\ucto2010\{PDF1}\ELDP09M.PDF
c:\ucto2010\{PDF1}\ELDP09P.PDF
c:\ucto2010\{PDF1}\ELDPF.PDF
c:\ucto2010\{PDF1}\ELDPK.PDF
c:\ucto2010\{PDF1}\ELDPM.PDF
c:\ucto2010\{PDF1}\ELDPP.PDF
c:\ucto2010\{PDF1}\HROMOZN.PDF
c:\ucto2010\{PDF1}\HROMOZNP.PDF
c:\ucto2010\{PDF1}\CHYBCAST.PDF
c:\ucto2010\{PDF1}\NEMOC.PDF
c:\ucto2010\{PDF1}\NEMOCP.PDF
c:\ucto2010\{PDF1}\ODCITPOL.PDF
c:\ucto2010\{PDF1}\ONZ.PDF
c:\ucto2010\{PDF1}\ONZK.PDF
c:\ucto2010\{PDF1}\ONZP.PDF
c:\ucto2010\{PDF1}\OSSZ.PDF
c:\ucto2010\{PDF1}\OSSZK.PDF
c:\ucto2010\{PDF1}\OSSZP.PDF
c:\ucto2010\{PDF1}\POCZAM.PDF
c:\ucto2010\{PDF1}\POJZAM.PDF
c:\ucto2010\{PDF1}\SILDAN.PDF
c:\ucto2010\{PDF1}\SILDANPO.PDF
c:\ucto2010\{PDF1}\SILDANPR.PDF
c:\ucto2010\{PDF1}\SOUHLAS.PDF
c:\ucto2010\{PDF1}\SOUHLASP.PDF
c:\ucto2010\{PDF1}\VYUCT.PDF
c:\ucto2010\{PDF1}\VYUCTP.PDF
c:\ucto2010\{PDF1}\VYUCTSRP.PDF
c:\ucto2010\{PDF1}\VYUCTSRZ.PDF
c:\ucto2010\{PDF1}\VZP.PDF
c:\ucto2010\{PDF1}\VZPP.PDF
c:\ucto2010\{PDF2}\DLBL.PDF
c:\ucto2010\{PDF2}\DLBL2.PDF
c:\ucto2010\{PDF2}\DLBW.PDF
c:\ucto2010\{PDF2}\DLBW2.PDF
c:\ucto2010\{PDF2}\DLGR.PDF
c:\ucto2010\{PDF2}\DLGR2.PDF
c:\ucto2010\{PDF2}\FABL.PDF
c:\ucto2010\{PDF2}\FABL2.PDF
c:\ucto2010\{PDF2}\FABW.PDF
c:\ucto2010\{PDF2}\FABW2.PDF
c:\ucto2010\{PDF2}\FAGR.PDF
c:\ucto2010\{PDF2}\FAGR2.PDF
c:\ucto2010\{PDF2}\OBBL.PDF
c:\ucto2010\{PDF2}\OBBL2.PDF
c:\ucto2010\{PDF2}\OBBW.PDF
c:\ucto2010\{PDF2}\OBBW2.PDF
c:\ucto2010\{PDF2}\OBGR.PDF
c:\ucto2010\{PDF2}\OBGR2.PDF
c:\ucto2010\{PDF3}\DAVKYK2X.DEF
c:\ucto2010\{PDF3}\DAVKYK2X.PDF
c:\ucto2010\{PDF3}\DAVKYK3X.DEF
c:\ucto2010\{PDF3}\DAVKYK3X.PDF
c:\ucto2010\{PDF3}\DPH15X.DEF
c:\ucto2010\{PDF3}\DPH15X.PDF
c:\ucto2010\{PDF3}\DPH16X.DEF
c:\ucto2010\{PDF3}\DPH16X.PDF
c:\ucto2010\{PDF3}\DZP_1X.DEF
c:\ucto2010\{PDF3}\DZP_1X.PDF
c:\ucto2010\{PDF3}\DZP_2X.DEF
c:\ucto2010\{PDF3}\DZP_2X.PDF
c:\ucto2010\{PDF3}\DZP_3X.DEF
c:\ucto2010\{PDF3}\DZP_3X.PDF
c:\ucto2010\{PDF3}\DZPX.DEF
c:\ucto2010\{PDF3}\DZPX.PDF
c:\ucto2010\{PDF3}\HROMOZNX.DEF
c:\ucto2010\{PDF3}\HROMOZNX.PDF
c:\ucto2010\{PDF3}\CHYBCASX.DEF
c:\ucto2010\{PDF3}\CHYBCASX.PDF
c:\ucto2010\{PDF3}\NEMOCX.DEF
c:\ucto2010\{PDF3}\NEMOCX.PDF
c:\ucto2010\{PDF3}\OSSZKX.DEF
c:\ucto2010\{PDF3}\OSSZKX.PDF
c:\ucto2010\{PDF3}\OSSZX.DEF
c:\ucto2010\{PDF3}\OSSZX.PDF
c:\ucto2010\{PDF3}\POCZAMX.DEF
c:\ucto2010\{PDF3}\POCZAMX.PDF
c:\ucto2010\{PDF3}\POJZAMX.DEF
c:\ucto2010\{PDF3}\POJZAMX.PDF
c:\ucto2010\{PDF3}\SILDANPX.DEF
c:\ucto2010\{PDF3}\SILDANPX.PDF
c:\ucto2010\{PDF3}\SILDANX.DEF
c:\ucto2010\{PDF3}\SILDANX.PDF
c:\ucto2010\{PDF3}\SOUHLASX.DEF
c:\ucto2010\{PDF3}\SOUHLASX.PDF
c:\ucto2010\{PDF3}\VYUCTSRX.DEF
c:\ucto2010\{PDF3}\VYUCTSRX.PDF
c:\ucto2010\{PDF3}\VYUCTX.DEF
c:\ucto2010\{PDF3}\VYUCTX.PDF
c:\ucto2010\{PDF3}\VZPX.DEF
c:\ucto2010\{PDF3}\VZPX.PDF
c:\ucto2010\{PRIK}\ABSENCE.004
c:\ucto2010\{PRIK}\ADRESY.000
c:\ucto2010\{PRIK}\ADRESY.T00
c:\ucto2010\{PRIK}\ADRSPEC.000
c:\ucto2010\{PRIK}\ADRSPEC.T00
c:\ucto2010\{PRIK}\ARCHIVM.004
c:\ucto2010\{PRIK}\ARCHIVM.T04
c:\ucto2010\{PRIK}\AUTA.005
c:\ucto2010\{PRIK}\AUTA.T05
c:\ucto2010\{PRIK}\BANKA1.008
c:\ucto2010\{PRIK}\CE_AUTA.006
c:\ucto2010\{PRIK}\CE_AUTA.T06
c:\ucto2010\{PRIK}\CE_TRASY.006
c:\ucto2010\{PRIK}\CEST_FH.006
c:\ucto2010\{PRIK}\CEST_FH.T06
c:\ucto2010\{PRIK}\CEST_FP.006
c:\ucto2010\{PRIK}\CEST_FS.006
c:\ucto2010\{PRIK}\CEST_VH.006
c:\ucto2010\{PRIK}\CEST_VH.T06
c:\ucto2010\{PRIK}\CEST_VP.006
c:\ucto2010\{PRIK}\CEST_VS.006
c:\ucto2010\{PRIK}\CISABS.004
c:\ucto2010\{PRIK}\CISCEST.005
c:\ucto2010\{PRIK}\CISDOKL.001
c:\ucto2010\{PRIK}\CISDRUH.001
c:\ucto2010\{PRIK}\CISPOH.001
c:\ucto2010\{PRIK}\CISPOL.006
c:\ucto2010\{PRIK}\CISPOZN.000
c:\ucto2010\{PRIK}\CISPOZN.T00
c:\ucto2010\{PRIK}\CIST.000
c:\ucto2010\{PRIK}\CISTEXT.001
c:\ucto2010\{PRIK}\CISTXT.006
c:\ucto2010\{PRIK}\CISUCEL.005
c:\ucto2010\{PRIK}\CISUKOL.004
c:\ucto2010\{PRIK}\CISVYKON.001
c:\ucto2010\{PRIK}\DAP15.003
c:\ucto2010\{PRIK}\DAP15.T03
c:\ucto2010\{PRIK}\DAP16.003
c:\ucto2010\{PRIK}\DAP16.T03
c:\ucto2010\{PRIK}\DENIK.001
c:\ucto2010\{PRIK}\DENIK.T01
c:\ucto2010\{PRIK}\DETI.004
c:\ucto2010\{PRIK}\DETI15.003
c:\ucto2010\{PRIK}\DETI16.003
c:\ucto2010\{PRIK}\DODL_AH.006
c:\ucto2010\{PRIK}\DODL_AH.T06
c:\ucto2010\{PRIK}\DODL_AP.006
c:\ucto2010\{PRIK}\DODL_AS.006
c:\ucto2010\{PRIK}\DODL_FH.006
c:\ucto2010\{PRIK}\DODL_FH.T06
c:\ucto2010\{PRIK}\DODL_FP.006
c:\ucto2010\{PRIK}\DODL_FS.006
c:\ucto2010\{PRIK}\DODL_VH.006
c:\ucto2010\{PRIK}\DODL_VH.T06
c:\ucto2010\{PRIK}\DODL_VP.006
c:\ucto2010\{PRIK}\DODL_VS.006
c:\ucto2010\{PRIK}\DOPISY.002
c:\ucto2010\{PRIK}\DOPISY.T02
c:\ucto2010\{PRIK}\DOPISYMM.002
c:\ucto2010\{PRIK}\DOPISYMM.T02
c:\ucto2010\{PRIK}\DOVROK.004
c:\ucto2010\{PRIK}\DROBMAJ.009
c:\ucto2010\{PRIK}\DROBMAJ.T09
c:\ucto2010\{PRIK}\EDIT.000
c:\ucto2010\{PRIK}\EDITPAR.000
c:\ucto2010\{PRIK}\EDITTAB.000
c:\ucto2010\{PRIK}\EDITTAB.T00
c:\ucto2010\{PRIK}\FAKT_AH.006
c:\ucto2010\{PRIK}\FAKT_AH.T06
c:\ucto2010\{PRIK}\FAKT_AP.006
c:\ucto2010\{PRIK}\FAKT_AS.006
c:\ucto2010\{PRIK}\FAKT_FH.006
c:\ucto2010\{PRIK}\FAKT_FH.T06
c:\ucto2010\{PRIK}\FAKT_FP.006
c:\ucto2010\{PRIK}\FAKT_FS.006
c:\ucto2010\{PRIK}\FAKT_VH.006
c:\ucto2010\{PRIK}\FAKT_VH.T06
c:\ucto2010\{PRIK}\FAKT_VP.006
c:\ucto2010\{PRIK}\FAKT_VS.006
c:\ucto2010\{PRIK}\FINANCE.001
c:\ucto2010\{PRIK}\FINANCE.T01
c:\ucto2010\{PRIK}\JIZDY.005
c:\ucto2010\{PRIK}\JIZDY.T05
c:\ucto2010\{PRIK}\KATEG.004
c:\ucto2010\{PRIK}\MAT_HP.007
c:\ucto2010\{PRIK}\MAT_PP.007
c:\ucto2010\{PRIK}\MATERIAL.001
c:\ucto2010\{PRIK}\MATERIAL.T01
c:\ucto2010\{PRIK}\MZDY.004
c:\ucto2010\{PRIK}\MZDY.T04
c:\ucto2010\{PRIK}\OBJE_FH.006
c:\ucto2010\{PRIK}\OBJE_FH.T06
c:\ucto2010\{PRIK}\OBJE_FP.006
c:\ucto2010\{PRIK}\OBJE_FS.006
c:\ucto2010\{PRIK}\OBJE_VH.006
c:\ucto2010\{PRIK}\OBJE_VH.T06
c:\ucto2010\{PRIK}\OBJE_VP.006
c:\ucto2010\{PRIK}\OBJE_VS.006
c:\ucto2010\{PRIK}\ODPISY.009
c:\ucto2010\{PRIK}\ODVODYM.004
c:\ucto2010\{PRIK}\OSSZ08.003
c:\ucto2010\{PRIK}\OST15.003
c:\ucto2010\{PRIK}\OST16.003
c:\ucto2010\{PRIK}\PARAM2.000
c:\ucto2010\{PRIK}\PARAM2.T00
c:\ucto2010\{PRIK}\PARHB.008
c:\ucto2010\{PRIK}\PARZAS.001
c:\ucto2010\{PRIK}\PHM.005
c:\ucto2010\{PRIK}\PLATBY.001
c:\ucto2010\{PRIK}\PLATBY.T01
c:\ucto2010\{PRIK}\POHLZAV.001
c:\ucto2010\{PRIK}\POHLZAV.T01
c:\ucto2010\{PRIK}\POHYBM.001
c:\ucto2010\{PRIK}\POHYBV.001
c:\ucto2010\{PRIK}\POHYBZ.001
c:\ucto2010\{PRIK}\POJIST.004
c:\ucto2010\{PRIK}\POSTA.002
c:\ucto2010\{PRIK}\POSTA.T02
c:\ucto2010\{PRIK}\PRACOV.004
c:\ucto2010\{PRIK}\PRACOV.T04
c:\ucto2010\{PRIK}\PRACSML.004
c:\ucto2010\{PRIK}\PRACSML.T04
c:\ucto2010\{PRIK}\PRAVJIZD.005
c:\ucto2010\{PRIK}\PRAVJIZD.T05
c:\ucto2010\{PRIK}\PRIKH.008
c:\ucto2010\{PRIK}\PRIKP.008
c:\ucto2010\{PRIK}\SCIT_H.099
c:\ucto2010\{PRIK}\SCIT_H.T99
c:\ucto2010\{PRIK}\SCIT_P.099
c:\ucto2010\{PRIK}\SHIFTF3.000
c:\ucto2010\{PRIK}\SIL.005
c:\ucto2010\{PRIK}\SIL.T05
c:\ucto2010\{PRIK}\SILDAN.005
c:\ucto2010\{PRIK}\SILVOZ.005
c:\ucto2010\{PRIK}\SRAZKY.004
c:\ucto2010\{PRIK}\SRAZKY.T04
c:\ucto2010\{PRIK}\STATY.000
c:\ucto2010\{PRIK}\STRAV.004
c:\ucto2010\{PRIK}\TECHZHOD.009
c:\ucto2010\{PRIK}\TEXTY.002
c:\ucto2010\{PRIK}\TEXTY.T02
c:\ucto2010\{PRIK}\TRIDY.004
c:\ucto2010\{PRIK}\TYPDOKL.001
c:\ucto2010\{PRIK}\UCTY.000
c:\ucto2010\{PRIK}\UKOL.004
c:\ucto2010\{PRIK}\UKOLY.000
c:\ucto2010\{PRIK}\UKOLY.T00
c:\ucto2010\{PRIK}\UPR15.003
c:\ucto2010\{PRIK}\UPR16.003
c:\ucto2010\{PRIK}\UZAV.001
c:\ucto2010\{PRIK}\VYKMAZA.UUU
c:\ucto2010\{PRIK}\VYR_HP.007
c:\ucto2010\{PRIK}\VYR_HV.007
c:\ucto2010\{PRIK}\VYR_PP.007
c:\ucto2010\{PRIK}\VYR_PV.007
c:\ucto2010\{PRIK}\VYRIZUJE.002
c:\ucto2010\{PRIK}\VYROBA.001
c:\ucto2010\{PRIK}\VYROBKY.001
c:\ucto2010\{PRIK}\VYROBKY.T01
c:\ucto2010\{PRIK}\VYUCSRAZ.097
c:\ucto2010\{PRIK}\VYUCZAL.097
c:\ucto2010\{PRIK}\VZP08.003
c:\ucto2010\{PRIK}\ZAL_H.099
c:\ucto2010\{PRIK}\ZAL_H.T99
c:\ucto2010\{PRIK}\ZAOKFA.006
c:\ucto2010\{PRIK}\ZBO_HP.007
c:\ucto2010\{PRIK}\ZBO_HV.007
c:\ucto2010\{PRIK}\ZBO_PP.007
c:\ucto2010\{PRIK}\ZBO_PV.007
c:\ucto2010\{PRIK}\ZBOZI.001
c:\ucto2010\{PRIK}\ZBOZI.T01
c:\ucto2010\{PRIK}\ZP.009
c:\ucto2010\{PRIK}\ZP.T09
c:\ucto2010\{SEST}\SEST00.PDF
c:\ucto2010\{SEST}\SEST00.TXT
c:\ucto2010\{SEST}\SEST01.PDF
c:\ucto2010\{SEST}\SEST01.TXT
c:\ucto2010\{SEST}\SEST02.PDF
c:\ucto2010\{SEST}\SEST02.TXT
c:\ucto2010\{SEST}\SEST03.PDF
c:\ucto2010\{SEST}\SEST03.TXT
c:\ucto2010\{SEST}\SEST04.PDF
c:\ucto2010\{SEST}\SEST04.TXT
c:\ucto2010\{SEST}\SEST05.PDF
c:\ucto2010\{SEST}\SEST05.TXT
c:\ucto2010\{SEST}\SEST06.PDF
c:\ucto2010\{SEST}\SEST06.TXT
c:\ucto2010\{SEST}\SEST07.PDF
c:\ucto2010\{SEST}\SEST07.TXT
c:\ucto2010\{SEST}\SEST08.PDF
c:\ucto2010\{SEST}\SEST08.TXT
c:\ucto2010\{SEST}\SEST09.PDF
c:\ucto2010\{SEST}\SEST09.TXT
c:\ucto2010\{SEST}\SEST10.PDF
c:\ucto2010\{SEST}\SEST10.TXT
c:\ucto2010\{SLOZ}\BALIK_O.HTM
c:\ucto2010\{SLOZ}\BALIK_O.JS
c:\ucto2010\{SLOZ}\BALIK_P.HTM
c:\ucto2010\{SLOZ}\BALIK_P.JS
c:\ucto2010\{SLOZ}\SLOZ_A.HTM
c:\ucto2010\{SLOZ}\SLOZ_A.JS
c:\ucto2010\{SLOZ}\SLOZ_C.HTM
c:\ucto2010\{SLOZ}\SLOZ_C.JS
c:\ucto2010\{STAN}\BACKUP.000
c:\ucto2010\{STAN}\BKPSTAT.000
c:\ucto2010\{STAN}\DANZAT.004
c:\ucto2010\{STAN}\HESLA.000
c:\ucto2010\{STAN}\HESLA.T00
c:\ucto2010\{STAN}\KALEXEK.099
c:\ucto2010\{STAN}\KALSZM06.099
c:\ucto2010\{STAN}\KASA.099
c:\ucto2010\{STAN}\LEAS.099
c:\ucto2010\{STAN}\LEAS.T99
c:\ucto2010\{STAN}\MESMZD.097
c:\ucto2010\{STAN}\PAR01A3.001
c:\ucto2010\{STAN}\PAR02A3.002
c:\ucto2010\{STAN}\PAR03A3.003
c:\ucto2010\{STAN}\PAR03A3.T03
c:\ucto2010\{STAN}\PAR04A3.004
c:\ucto2010\{STAN}\PAR04A3.T04
c:\ucto2010\{STAN}\PAR06A3.006
c:\ucto2010\{STAN}\PAR09A3.009
c:\ucto2010\{STAN}\PAR97A3.097
c:\ucto2010\{STAN}\PARAM3.000
c:\ucto2010\{STAN}\PARAM3.T00
c:\ucto2010\{STAN}\PATHS.000
c:\ucto2010\{STAN}\PATHS.X00
c:\ucto2010\{STAN}\PENIZE.009
c:\ucto2010\{STAN}\PENIZED.009
c:\ucto2010\{STAN}\PGM.000
c:\ucto2010\{STAN}\PRECISD.001
c:\ucto2010\{STAN}\PRZADAV.097
c:\ucto2010\{STAN}\SCITAC.099
c:\ucto2010\{STAN}\STAT.000
c:\ucto2010\{STAN}\TELSEZN.099
c:\ucto2010\{STAN}\VEDKALK.099
c:\ucto2010\{TISK}\CALLER.EXE
c:\ucto2010\{TISK}\CMDIALOG.VBX
c:\ucto2010\{TISK}\DISKSIZW.EXE
c:\ucto2010\{TISK}\DISKY.EXE
c:\ucto2010\{TISK}\ELPODPIS.EXE
c:\ucto2010\{TISK}\FAND2PDF.EXE
c:\ucto2010\{TISK}\FANDCLIP.EXE
c:\ucto2010\{TISK}\IEUCTO.EXE
c:\ucto2010\{TISK}\MSINET.OCX
c:\ucto2010\{TISK}\MSMAPI32.OCX
c:\ucto2010\{TISK}\MSVBVM60.DLL
c:\ucto2010\{TISK}\PDFTISK1.EXE
c:\ucto2010\{TISK}\PDFTISK2.EXE
c:\ucto2010\{TISK}\PDFTISK3.EXE
c:\ucto2010\{TISK}\REGISTER.EXE
c:\ucto2010\{TISK}\SETUPCP.EXE
c:\ucto2010\{TISK}\sifrcssz.cer
c:\ucto2010\{TISK}\UCTOFONT.FON
c:\ucto2010\{TISK}\UCTOFT98.EXE
c:\ucto2010\{TISK}\UCTOFTP.EXE
c:\ucto2010\{TISK}\UCTOGRAF.EXE
c:\ucto2010\{TISK}\UCTOGRAF.INI
c:\ucto2010\{TISK}\UCTOLNK.EXE
c:\ucto2010\{TISK}\UCTOLNK.UUU
c:\ucto2010\{TISK}\UCTOLNK.W7
c:\ucto2010\{TISK}\UCTOLNK.WV
c:\ucto2010\{TISK}\UCTOLNK.WXP
c:\ucto2010\{TISK}\UEMAIL.EXE
c:\ucto2010\{TISK}\UEMAIL06.EXE
c:\ucto2010\{TISK}\unins000.dat
c:\ucto2010\{TISK}\unins000.exe
c:\ucto2010\{TISK}\UTISK01.EXE
c:\ucto2010\{TISK}\UTISK04.EXE
c:\ucto2010\{TISK}\UTISK98.EXE
c:\ucto2010\{TISK}\UTISK98.INI
c:\ucto2010\{TISK}\VBRUN300.DLL
c:\ucto2010\{TISK}\WINVERZE.EXE
c:\ucto2010\{UDOC}\CENIK.TXT
c:\ucto2010\{UDOC}\D2008.PDF
c:\ucto2010\{UDOC}\FAKTURA.TXT
c:\ucto2010\{UDOC}\INFO.TXT
c:\ucto2010\{UDOC}\LICENCE.TXT
c:\ucto2010\{UDOC}\OBJ.TXT
c:\ucto2010\{UDOC}\OBJZPR.TXT
c:\ucto2010\{UDOC}\ONAS.TXT
c:\ucto2010\{UDOC}\POUPG.TXT
c:\ucto2010\{UDOC}\PRIRUCKA.TXT
c:\ucto2010\{UDOC}\PRPRDOK.TXT
c:\ucto2010\{UDOC}\R2010.PDF
c:\ucto2010\{UDOC}\U2010.PDF
c:\ucto2010\{UDOC}\ZPROSTRE.TXT
c:\ucto2010\{ZAL2}\{DATA}.J2B
c:\ucto2010\{ZAL2}\{DATA}.J2T
c:\ucto2010\{ZAL2}\{DATA}.J2Z
c:\ucto2010\{ZAL2}\FIRMA20.J2B
c:\ucto2010\{ZAL2}\FIRMA20.J2T
c:\ucto2010\{ZAL2}\FIRMA20.J2Z
c:\ucto2010\ÚČTO2010.W9X
c:\ucto2010\B&W.PAL
c:\ucto2010\BLUE.PAL
c:\ucto2010\BROWN.PAL
c:\ucto2010\CAT.BAT
c:\ucto2010\CISABS.UUU
c:\ucto2010\CISDRUH.UUU
c:\ucto2010\CISPOH.UUU
c:\ucto2010\CISSLOUP.000
c:\ucto2010\CISSLOUP.X00
c:\ucto2010\CONFIG.TXT
c:\ucto2010\CTIME.TXT
c:\ucto2010\DELFILE.EXE
c:\ucto2010\DISKSIZE.EXE
c:\ucto2010\DNY.000
c:\ucto2010\FAND.CFG
c:\ucto2010\FAND.RES
c:\ucto2010\FANDCFG.09
c:\ucto2010\FANDCFG.10
c:\ucto2010\FANDCFG.BAK
c:\ucto2010\FANDCLIP.UUU
c:\ucto2010\FANDHTML.EXE
c:\ucto2010\FANDINST.EXE
c:\ucto2010\FANDT602.EXE
c:\ucto2010\FILESIZE.EXE
c:\ucto2010\FIRMA20\ADRESY.000
c:\ucto2010\FIRMA20\ADRESY.T00
c:\ucto2010\FIRMA20\ADRESY.X00
c:\ucto2010\FIRMA20\BANKA1.008
c:\ucto2010\FIRMA20\CE_AUTA.006
c:\ucto2010\FIRMA20\CE_AUTA.T06
c:\ucto2010\FIRMA20\CISABS.004
c:\ucto2010\FIRMA20\CISABS.X04
c:\ucto2010\FIRMA20\CISDOKL.001
c:\ucto2010\FIRMA20\CISDRUH.001
c:\ucto2010\FIRMA20\CISDRUH.X01
c:\ucto2010\FIRMA20\CISPOH.001
c:\ucto2010\FIRMA20\CISPOH.X01
c:\ucto2010\FIRMA20\CISPOZN.000
c:\ucto2010\FIRMA20\CISPOZN.T00
c:\ucto2010\FIRMA20\CIST.000
c:\ucto2010\FIRMA20\CIST.X00
c:\ucto2010\FIRMA20\CISTEXT.001
c:\ucto2010\FIRMA20\CISTXT.006
c:\ucto2010\FIRMA20\CISTXT.X06
c:\ucto2010\FIRMA20\CISVYKON.001
c:\ucto2010\FIRMA20\CISVYKON.X01
c:\ucto2010\FIRMA20\DENIK.001
c:\ucto2010\FIRMA20\DENIK.T01
c:\ucto2010\FIRMA20\DOPISY.002
c:\ucto2010\FIRMA20\DOPISY.T02
c:\ucto2010\FIRMA20\EDIT.000
c:\ucto2010\FIRMA20\EDIT.X00
c:\ucto2010\FIRMA20\EDITTAB.000
c:\ucto2010\FIRMA20\EDITTAB.T00
c:\ucto2010\FIRMA20\EDITTAB.X00
c:\ucto2010\FIRMA20\FINANCE.001
c:\ucto2010\FIRMA20\FINANCE.T01
c:\ucto2010\FIRMA20\KATEG.004
c:\ucto2010\FIRMA20\KATEG.X04
c:\ucto2010\FIRMA20\OBJE_VH.006
c:\ucto2010\FIRMA20\OBJE_VH.T06
c:\ucto2010\FIRMA20\PAR01A2.001
c:\ucto2010\FIRMA20\PAR01A4.001
c:\ucto2010\FIRMA20\PAR02A2.002
c:\ucto2010\FIRMA20\PAR02A4.002
c:\ucto2010\FIRMA20\PAR04A2.004
c:\ucto2010\FIRMA20\PAR06A4.006
c:\ucto2010\FIRMA20\PAR08A4.008
c:\ucto2010\FIRMA20\PAR09A2.009
c:\ucto2010\FIRMA20\PAR09A2.T09
c:\ucto2010\FIRMA20\PAR09A4.009
c:\ucto2010\FIRMA20\PARAM2.000
c:\ucto2010\FIRMA20\PARAM2.T00
c:\ucto2010\FIRMA20\PARAM4.000
c:\ucto2010\FIRMA20\PARAM4.T00
c:\ucto2010\FIRMA20\PARZAS.001
c:\ucto2010\FIRMA20\PLATBY.001
c:\ucto2010\FIRMA20\PLATBY.T01
c:\ucto2010\FIRMA20\POHLZAV.001
c:\ucto2010\FIRMA20\POHLZAV.T01
c:\ucto2010\FIRMA20\POJIST.004
c:\ucto2010\FIRMA20\POJIST.X04
c:\ucto2010\FIRMA20\PRACSML.004
c:\ucto2010\FIRMA20\PRACSML.T04
c:\ucto2010\FIRMA20\PRIKH.008
c:\ucto2010\FIRMA20\PRIKH.X08
c:\ucto2010\FIRMA20\PRIKP.008
c:\ucto2010\FIRMA20\PRIKP.X08
c:\ucto2010\FIRMA20\SHIFTF3.000
c:\ucto2010\FIRMA20\SHIFTF3.X00
c:\ucto2010\FIRMA20\TEXTY.002
c:\ucto2010\FIRMA20\TEXTY.T02
c:\ucto2010\FIRMA20\TRIDY.004
c:\ucto2010\FIRMA20\TRIDY.X04
c:\ucto2010\FIRMA20\TYPDOKL.001
c:\ucto2010\FIRMA20\TYPDOKL.X01
c:\ucto2010\FIRMA20\UCTY.000
c:\ucto2010\FIRMA20\UKOLY.000
c:\ucto2010\FIRMA20\UKOLY.T00
c:\ucto2010\FIRMA20\UZAV.001
c:\ucto2010\FIRMA20\VYBERADR.000
c:\ucto2010\FIRMA20\VYBERADR.X00
c:\ucto2010\FIRMA20\VYRIZUJE.002
c:\ucto2010\FIRMA20\VYRIZUJE.X02
c:\ucto2010\FIRMA20\ZAOKFA.006
c:\ucto2010\FIRMA20\ZAOKFA.X06
c:\ucto2010\FIRMA20\ZURNALD.001
c:\ucto2010\FIRMA21\ADRESY.000
c:\ucto2010\FIRMA21\ADRESY.T00
c:\ucto2010\FIRMA21\ADRESY.X00
c:\ucto2010\FIRMA21\BANKA1.008
c:\ucto2010\FIRMA21\CISABS.004
c:\ucto2010\FIRMA21\CISABS.X04
c:\ucto2010\FIRMA21\CISDOKL.001
c:\ucto2010\FIRMA21\CISDRUH.001
c:\ucto2010\FIRMA21\CISDRUH.X01
c:\ucto2010\FIRMA21\CISPOH.001
c:\ucto2010\FIRMA21\CISPOZN.000
c:\ucto2010\FIRMA21\CISPOZN.T00
c:\ucto2010\FIRMA21\CIST.000
c:\ucto2010\FIRMA21\CISTXT.006
c:\ucto2010\FIRMA21\CISVYKON.001
c:\ucto2010\FIRMA21\EDIT.000
c:\ucto2010\FIRMA21\KATEG.004
c:\ucto2010\FIRMA21\PAR01A2.001
c:\ucto2010\FIRMA21\PAR01A4.001
c:\ucto2010\FIRMA21\PAR09A4.009
c:\ucto2010\FIRMA21\PARAM2.000
c:\ucto2010\FIRMA21\PARAM2.T00
c:\ucto2010\FIRMA21\PARAM4.000
c:\ucto2010\FIRMA21\PARAM4.T00
c:\ucto2010\FIRMA21\PARZAS.001
c:\ucto2010\FIRMA21\POHLZAV.001
c:\ucto2010\FIRMA21\POHLZAV.T01
c:\ucto2010\FIRMA21\PRACSML.004
c:\ucto2010\FIRMA21\PRACSML.T04
c:\ucto2010\FIRMA21\TRIDY.004
c:\ucto2010\FIRMA21\TYPDOKL.001
c:\ucto2010\FIRMA21\UKOLY.000
c:\ucto2010\FIRMA21\UKOLY.T00
c:\ucto2010\FIRMA21\UZAV.001
c:\ucto2010\FIRMA21\ZAOKFA.006
c:\ucto2010\FNDFILES.EXE
c:\ucto2010\HEAD602.UUU
c:\ucto2010\HELP.000
c:\ucto2010\HELP.T00
c:\ucto2010\HELP02.000
c:\ucto2010\HELP02.T00
c:\ucto2010\HELP03.000
c:\ucto2010\HELP03.T00
c:\ucto2010\HELP04.000
c:\ucto2010\HELP04.T00
c:\ucto2010\HELP05.000
c:\ucto2010\HELP05.T00
c:\ucto2010\HELP06.000
c:\ucto2010\HELP06.T00
c:\ucto2010\HELP08.000
c:\ucto2010\HELP08.T00
c:\ucto2010\HELP98.000
c:\ucto2010\HELP98.T00
c:\ucto2010\HELP99.000
c:\ucto2010\HELP99.T00
c:\ucto2010\IMPORT.PRO
c:\ucto2010\IMPORT.TRO
c:\ucto2010\INFOHLP.000
c:\ucto2010\INFOHLP.T00
c:\ucto2010\INSTAL.EXE
c:\ucto2010\INSTAL1.PAK
c:\ucto2010\INSTALL.MSG
c:\ucto2010\ISSHARE.EXE
c:\ucto2010\KALENDAR.000
c:\ucto2010\KALKDPH.000
c:\ucto2010\KALKPOJP.000
c:\ucto2010\KALKPOJZ.000
c:\ucto2010\KALKPRUM.000
c:\ucto2010\KALKPV08.000
c:\ucto2010\KALKTABD.000
c:\ucto2010\KATEG.UUU
c:\ucto2010\LASTAKT.TXT
c:\ucto2010\LCD1.PAL
c:\ucto2010\LCD2.PAL
c:\ucto2010\MAKEDIR.BAT
c:\ucto2010\MF5460-1.UUU
c:\ucto2010\MODUL01.PRO
c:\ucto2010\MODUL01.TRO
c:\ucto2010\MODUL02.PRO
c:\ucto2010\MODUL02.TRO
c:\ucto2010\MODUL03.PRO
c:\ucto2010\MODUL03.TRO
c:\ucto2010\MODUL04.PRO
c:\ucto2010\MODUL04.TRO
c:\ucto2010\MODUL05.PRO
c:\ucto2010\MODUL05.TRO
c:\ucto2010\MODUL06.PRO
c:\ucto2010\MODUL06.TRO
c:\ucto2010\MODUL07.PRO
c:\ucto2010\MODUL07.TRO
c:\ucto2010\MODUL08.PRO
c:\ucto2010\MODUL08.TRO
c:\ucto2010\MODUL09.PRO
c:\ucto2010\MODUL09.TRO
c:\ucto2010\MODUL97.PRO
c:\ucto2010\MODUL97.TRO
c:\ucto2010\MODUL98.PRO
c:\ucto2010\MODUL98.TRO
c:\ucto2010\MODUL99.PRO
c:\ucto2010\MODUL99.TRO
c:\ucto2010\MZDYPU.000
c:\ucto2010\NUMKB.EXE
c:\ucto2010\NUMKB3.EXE
c:\ucto2010\OPRAVY.UUU
c:\ucto2010\PGM.CAT
c:\ucto2010\PGM.RDB
c:\ucto2010\PGM.TTT
c:\ucto2010\PVS.UUU
c:\ucto2010\RADKY.TXT
c:\ucto2010\RENFILES.BAT
c:\ucto2010\RO.EXE
c:\ucto2010\SEARCHX.EXE
c:\ucto2010\SEST01.PRO
c:\ucto2010\SEST01.TRO
c:\ucto2010\SEST02.PRO
c:\ucto2010\SEST02.TRO
c:\ucto2010\SEST03.PRO
c:\ucto2010\SEST03.TRO
c:\ucto2010\SEST04.PRO
c:\ucto2010\SEST04.TRO
c:\ucto2010\SEST05.PRO
c:\ucto2010\SEST05.TRO
c:\ucto2010\SEST06.PRO
c:\ucto2010\SEST06.TRO
c:\ucto2010\SEST07.PRO
c:\ucto2010\SEST07.TRO
c:\ucto2010\SEST08.PRO
c:\ucto2010\SEST08.TRO
c:\ucto2010\SEST09.PRO
c:\ucto2010\SEST09.TRO
c:\ucto2010\SESTAVY.CAT
c:\ucto2010\SESTAVY.RDB
c:\ucto2010\SESTAVY.TTT
c:\ucto2010\SETDATE.EXE
c:\ucto2010\SETFILES.EXE
c:\ucto2010\SEZNTISK.000
c:\ucto2010\SEZNTISK.T00
c:\ucto2010\SLOVY.000
c:\ucto2010\SLOVY.X00
c:\ucto2010\SPEC01.PRO
c:\ucto2010\SPEC01.TRO
c:\ucto2010\SPEC02.PRO
c:\ucto2010\SPEC02.TRO
c:\ucto2010\SPEC03.PRO
c:\ucto2010\SPEC03.TRO
c:\ucto2010\SPEC04.PRO
c:\ucto2010\SPEC04.TRO
c:\ucto2010\SPEC05.PRO
c:\ucto2010\SPEC05.TRO
c:\ucto2010\SPEC06.PRO
c:\ucto2010\SPEC06.TRO
c:\ucto2010\SPEC07.PRO
c:\ucto2010\SPEC07.TRO
c:\ucto2010\SUBDIR.EXE
c:\ucto2010\SUDLICH.EXE
c:\ucto2010\TIPY.000
c:\ucto2010\TIPY.T00
c:\ucto2010\TIPY.X00
c:\ucto2010\TTT.CAT
c:\ucto2010\TTT.RDB
c:\ucto2010\TTT.TTT
c:\ucto2010\TTTNEW.UUU
c:\ucto2010\TXTNARTF.EXE
c:\ucto2010\U.BAT
c:\ucto2010\u10_cd.zip
c:\ucto2010\UCTO.000
c:\ucto2010\UCTO.PAL
c:\ucto2010\UCTO2010.CAT
c:\ucto2010\UCTO2010.ICO
c:\ucto2010\UCTO2010.RDB
c:\ucto2010\UCTO2010.TTT
c:\ucto2010\UCTOINFO.PRO
c:\ucto2010\UCTOINFO.TRO
c:\ucto2010\UCTOTXT.UUU
c:\ucto2010\UCTOTXT2.UUU
c:\ucto2010\UCTOTXT3.UUU
c:\ucto2010\UCTOTXT4.UUU
c:\ucto2010\UCTOTXT5.UUU
c:\ucto2010\UFAND.EXE
c:\ucto2010\UFAND.OVR
c:\ucto2010\UFANDHLP.000
c:\ucto2010\UFANDHLP.T00
c:\ucto2010\UK.BAT
c:\ucto2010\UPG.PRO
c:\ucto2010\UPG.TRO
c:\ucto2010\UPG01.PRO
c:\ucto2010\UPG01.TRO
c:\ucto2010\UPG02.PRO
c:\ucto2010\UPG02.TRO
c:\ucto2010\UPG03.PRO
c:\ucto2010\UPG03.TRO
c:\ucto2010\UPG04.PRO
c:\ucto2010\UPG04.TRO
c:\ucto2010\UPG05.PRO
c:\ucto2010\UPG05.TRO
c:\ucto2010\UPG06.PRO
c:\ucto2010\UPG06.TRO
c:\ucto2010\UPG07.PRO
c:\ucto2010\UPG07.TRO
c:\ucto2010\UPG08.PRO
c:\ucto2010\UPG08.TRO
c:\ucto2010\UPG09.PRO
c:\ucto2010\UPG09.TRO
c:\ucto2010\UPG97.PRO
c:\ucto2010\UPG97.TRO
c:\ucto2010\UPG99.PRO
c:\ucto2010\UPG99.TRO
c:\ucto2010\UPGPAR.000
c:\ucto2010\VEDLCIN.UUU
c:\ucto2010\VERZE.UUU
c:\ucto2010\VYBERTXT.EXE
c:\ucto2010\VZORTISK.000
c:\ucto2010\XONZ.XML
c:\ucto2010\XPVPOJ10.XML
c:\ucto2010\ZASTUPCE.CAT
c:\ucto2010\ZASTUPCE.INI
c:\ucto2010\ZASTUPCE.RDB
c:\ucto2010\ZASTUPCE.TTT
c:\ucto2010\ZETROZET.PAL
c:\ucto2010\ZZZ.BAT
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\drivers\srenum.sys
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\msrun.exe
c:\windows\system32\vbzlib1.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DARKNESS
-------\Legacy_MSUPDATE
-------\Legacy_SSHNAS
-------\Service_darkness
-------\Service_ndisrd
-------\Legacy_srenum
-------\Service_srenum


((((((((((((((((((((((((( Soubory vytvořené od 2010-07-04 do 2010-08-04 )))))))))))))))))))))))))))))))
.

2010-08-03 13:01 . 2010-08-03 13:01 -------- d-----w- C:\ProcAlyzer Dumps
2010-08-03 12:49 . 2010-08-03 13:07 -------- d-----w- c:\program files\Safer Networking
2010-08-03 11:32 . 2010-08-03 11:32 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-02 18:27 . 2010-08-02 18:27 -------- d-----w- c:\windows\ERUNT
2010-07-25 11:50 . 2010-07-25 11:50 -------- d--h--w- c:\windows\PIF
2010-07-22 12:22 . 2010-07-22 12:22 249856 ------w- c:\windows\Setup1.exe
2010-07-22 12:22 . 2010-07-22 12:22 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-07-18 09:28 . 2010-07-18 09:28 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-07-17 15:00 . 2001-10-25 16:00 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2010-07-17 15:00 . 2001-10-25 16:00 18944 ----a-w- c:\windows\system32\simptcp.dll
2010-07-12 14:36 . 2010-07-12 14:36 -------- d-----w- c:\program files\WinPcap
2010-07-12 12:42 . 2006-11-30 14:24 86016 ----a-w- c:\windows\system32\custmon32.dll
2010-07-12 11:45 . 2010-07-12 11:45 5339 ----a-w- c:\windows\unins000.dat
2010-07-12 11:45 . 2010-07-12 11:44 1188443 ----a-w- c:\windows\unins000.exe
2010-07-12 11:45 . 2009-10-23 10:00 4236288 ----a-w- c:\windows\system32\PDFCreatorPilot.dll
2010-07-07 15:49 . 2010-07-07 15:49 -------- d-----w- c:\program files\Google
2010-07-06 08:24 . 2010-07-06 08:24 -------- d-----w- c:\program files\Common Files\HP
2010-07-06 08:24 . 2010-07-06 08:24 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-06 08:24 . 2010-07-06 08:24 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-07-06 08:22 . 2008-01-24 21:23 271704 ----a-r- c:\windows\system32\hpzids01.dll
2010-07-06 08:22 . 2007-10-20 16:25 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2010-07-06 08:22 . 2007-10-20 16:21 278016 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll
2010-07-06 08:22 . 2008-04-13 20:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-07-06 08:22 . 2008-04-13 20:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-06 08:10 . 2010-07-06 08:29 -------- d-----w- c:\program files\HP
2010-07-06 08:06 . 2010-07-06 08:51 186408 ----a-w- c:\windows\hpoins28.dat
2010-07-06 08:06 . 2008-07-01 04:02 796 ------w- c:\windows\hpomdl28.dat
2010-07-06 08:04 . 2009-08-26 20:41 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-07-06 08:04 . 2009-08-26 20:41 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-07-06 08:04 . 2010-07-06 08:21 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-06 08:02 . 2008-04-13 20:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-07-06 08:02 . 2008-04-13 20:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-06 08:01 . 2008-01-24 21:22 729088 ----a-r- c:\windows\system32\hpowiax7.dll
2010-07-06 08:01 . 2008-01-24 21:22 303104 ----a-r- c:\windows\system32\hpovst15.dll
2010-07-06 08:01 . 2008-01-24 21:22 581632 ----a-r- c:\windows\system32\hpotscl6.dll
2010-07-06 08:01 . 2008-01-24 21:22 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-07-06 08:01 . 2008-01-24 21:22 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-07-05 13:54 . 2010-07-05 13:54 -------- d-----r- C:\SW

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 19:29 . 2010-06-22 14:06 210816 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-07-23 16:51 . 2010-06-24 08:33 -------- d-----w- c:\program files\MSECache
2010-07-23 08:58 . 2004-03-06 12:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-18 11:40 . 2010-06-27 18:13 139336 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-18 11:40 . 2010-06-27 18:12 214720 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-17 17:12 . 2010-01-26 17:51 77850 ----a-w- c:\windows\system32\perfc005.dat
2010-07-17 17:12 . 2010-01-26 17:51 428744 ----a-w- c:\windows\system32\perfh005.dat
2010-07-15 15:13 . 2009-10-05 18:42 17408 ----a-w- C:\psapi.dll
2010-07-12 12:39 . 2010-06-24 18:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-05 16:44 . 2010-06-27 18:12 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-07-05 16:44 . 2010-06-27 18:12 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-07-01 07:14 . 2010-07-01 07:14 -------- d-----w- c:\program files\Common Files\Corel
2010-07-01 07:13 . 2004-03-06 12:33 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-01 06:29 . 2010-06-24 18:26 -------- d-----w- c:\program files\Microsoft Works
2010-07-01 04:24 . 2010-07-01 04:24 -------- d-----w- c:\program files\MSXML 4.0
2010-06-27 08:17 . 2010-06-27 08:17 -------- d-----w- c:\program files\MSBuild
2010-06-27 08:16 . 2010-06-27 08:16 -------- d-----w- c:\program files\Reference Assemblies
2010-06-26 13:36 . 2010-06-26 13:36 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2010-06-25 16:20 . 2010-06-25 16:19 -------- d-----w- c:\program files\Common Files\soft602
2010-06-25 16:19 . 2010-06-25 16:19 -------- d-----w- c:\program files\Common Files\Freedom Scientific
2010-06-25 14:03 . 2010-01-26 19:29 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-06-25 14:03 . 2010-01-26 19:28 2426 ----a-w- c:\windows\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
2010-06-25 14:00 . 2010-01-26 19:29 8972 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cntstore.bin
2010-06-24 18:49 . 2010-06-24 18:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-24 18:44 . 2010-06-21 12:56 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-24 18:27 . 2010-06-24 18:27 -------- d-----w- c:\program files\Microsoft.NET
2010-06-24 18:26 . 2010-06-24 18:26 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-06-24 17:06 . 2010-06-24 17:06 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-24 15:57 . 2010-06-24 15:57 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-24 15:39 . 2010-06-24 15:39 -------- d-----w- c:\program files\Common Files\Skype
2010-06-24 13:26 . 2010-06-24 13:26 -------- d-----w- c:\program files\Common Files\Java
2010-06-24 13:25 . 2010-06-24 13:25 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-24 13:25 . 2010-06-24 13:25 -------- d-----w- c:\program files\Java
2010-06-23 17:55 . 2010-06-23 17:55 -------- d-----w- c:\program files\Spamihilator
2010-06-22 17:34 . 2010-06-22 17:33 -------- d--h--w- c:\program files\Zero G Registry
2010-06-22 14:23 . 2010-01-26 19:26 22916 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-22 14:22 . 2010-06-22 14:22 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-14 14:31 . 2010-01-26 19:27 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2004-03-06 12:24 . 2004-03-06 12:24 11253 ---ha-w- c:\program files\folder.htt
.

------- Sigcheck -------

[-] 2010-07-31 19:29 . !HASH: COULD NOT OPEN FILE !!!!! . 210816 . . [------] . . c:\windows\system32\drivers\ndis.sys
[-] 2010-07-31 19:28 . !HASH: COULD NOT OPEN FILE !!!!! . 210816 . . [------] . . c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-04 06:14 . !HASH: COULD NOT OPEN FILE !!!!! . 182912 . . [------] . . c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\ndis.sys

[-] 2008-04-27 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-17 . 5CA2E2BA624D6F2C7A581C91E70394CB . 1548288 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\sheriff ¬ˇźa\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Spamihilator.lnk.disabled [2010-8-3 619]
wwwqxk32.exe [2008-4-14 26624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\sheriff Číča\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
"VoipBuster"="d:\install\INTERNET\VoIP\VoipBuster\voipbuster.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"hpqSRMon"=d:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"NewView Registrator"=d:\program files\Ubi Soft\NewView\NewView_Registrator.exe
"Start WingMan Profiler"=c:\program files\Logitech\Gaming Software\LWEMon.exe /noui
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=d:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"CorelDRAW Graphics Suite 11b"=d:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071610 serial=dr12cnc-8301292-wbn lang=CZ

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\Spamihilator\\spamihilator.exe"=
"d:\\Program Files\\Spamihilator\\cdcc.exe"=
"d:\\Program Files\\Spamihilator\\dccproc.exe"=
"d:\\Program Files\\ICQ7.2\\ICQ.exe"=
"d:\\Program Files\\ICQ7.2\\aolload.exe"=
"d:\\Program Files\\VoipCheapCom\\voipcheapcom.exe"=
"d:\\Program Files\\Ubisoft\\IL-2 Sturmovik 1946\\il2fb.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\HRY\\USArmy\\America's Army 3\\Binaries\\AA3Game.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"d:\\Program Files\\teamspeak2_RC2\\server_windows.exe"=
"\\\\Notebook-cica\\OH USB\\INSTALL\\INTERNET\\VoIP\\VoipBuster\\voipbuster.exe"=
"d:\\INSTALL\\INTERNET\\VoIP\\VoipBuster\\voipbuster.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [26.1.2010 22:38 22360]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [26.1.2010 22:38 45416]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [25.6.2010 18:20 73728]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\program files\LogMeIn Hamachi\hamachi-2.exe [30.3.2010 11:16 1107336]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 18:33 50704]
R2 WARSVR;WARSVR;d:\program files\War-FTPd\war-ftpd.exe [31.10.2008 22:49 548864]
S0 cltvt;cltvt; [x]
S0 trjkzbgr;trjkzbgr; [x]
S3 JKTIULD;JKTIULD;c:\docume~1\ADMINI~1\LOCALS~1\Temp\JKTIULD.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\JKTIULD.exe [?]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\Avira\AntiVir Desktop\sched.exe [26.1.2010 22:38 108289]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.6.2010 19:06 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Obsah adresáře 'Naplánované úlohy'

2010-08-04 c:\windows\Tasks\RegCure Program Check.job
- d:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-08-04 c:\windows\Tasks\RegCure Startup.job
- d:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-08-04 c:\windows\Tasks\RegCure.job
- d:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-08-04 c:\windows\Tasks\User_Feed_Synchronization-{583C64C4-5956-420E-9943-C6B7263606D0}.job
- c:\windows\system32\msfeedssync.exe [2010-06-22 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: postsignum.cz\qca
Trusted Zone: postsignum.cz\www
DPF: {4ADC518E-B607-11D4-B395-0001020F4519} - hxxps://www.portalzp.cz/obj/Signer.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Instalace nového šifrovacího certifikátu pro ČSSZ_is1 - c:\ucto2010\{TISK}\unins000.exe
AddRemove-Misspelled Filter_is1 - d:\program files\Spamihilator\plugins\unins002.exe
AddRemove-Registrar Registry Manager 6.50 (Lite Edition) - d:\program files\Registrar Registry Manager\unwise.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-04 14:32
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\documents and settings\sheriff Číča\Nabídka Start\Programy\Po spuštění\wwwqxk32.exe 26624 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x89DD70E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f11852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-789336058-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\OLEG\FANDOM\R*]
"Order"=hex:08,00,00,00,02,00,00,00,bc,05,00,00,01,00,00,00,0f,00,00,00,64,00,
00,00,02,00,00,00,56,00,31,00,00,00,00,00,00,5b,56,96,10,00,45,55,52,4f,43,\

[HKEY_USERS\S-1-5-21-789336058-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\OLEG\FANDOM\R*\Eurocon-Parcon 2002]
"Order"=hex:08,00,00,00,02,00,00,00,b0,00,00,00,01,00,00,00,01,00,00,00,a4,00,
00,00,00,00,00,00,96,00,32,00,cd,00,00,00,00,16,7f,e6,20,00,4d,55,53,45,4f,\

[HKEY_USERS\S-1-5-21-789336058-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\OLEG\FANDOM\R*\foto]
"Order"=hex:08,00,00,00,02,00,00,00,7a,00,00,00,01,00,00,00,01,00,00,00,6e,00,
00,00,00,00,00,00,60,00,32,00,cd,00,00,00,00,58,c9,2b,20,00,32,30,30,34,2d,\

[HKEY_USERS\S-1-5-21-789336058-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\OLEG \FANDOM\R*]
"Order"=hex:08,00,00,00,02,00,00,00,bc,05,00,00,01,00,00,00,0f,00,00,00,64,00,
00,00,02,00,00,00,56,00,31,00,00,00,00,00,00,4d,9c,88,10,00,45,55,52,4f,43,\

[HKEY_USERS\S-1-5-21-789336058-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\OLEG \FANDOM\R*\Eurocon-Parcon 2002]
"Order"=hex:08,00,00,00,02,00,00,00,b0,00,00,00,01,00,00,00,01,00,00,00,a4,00,
00,00,00,00,00,00,96,00,32,00,cd,00,00,00,00,2a,b6,1d,20,00,4d,55,53,45,4f,\

[HKEY_USERS\S-1-5-21-789336058-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\OLEG \FANDOM\R*\foto]
"Order"=hex:08,00,00,00,02,00,00,00,7a,00,00,00,01,00,00,00,01,00,00,00,6e,00,
00,00,00,00,00,00,60,00,32,00,cd,00,00,00,00,20,29,cb,20,00,32,30,30,34,2d,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2508)
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-08-04 14:39:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-04 12:39

Před spuštěním: 355.812.864
Po spuštění: 650.783.232

- - End Of File - - 387D25626198F1822794F2F2AF5BD926
==========================================================================
Logfile of random's system information tool 1.08 (written by random/random)
Run by sheriff Číča at 2010-08-04 15:58:12
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 634 MB (6%) free of 10 GB
Total RAM: 2047 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:07:57, on 4.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\War-FTPd\war-ftpd.exe
D:\Program Files\Spamihilator\spamihilator.exe
C:\WINDOWS\System32\alg.exe
D:\Program Files\Opera\opera.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
D:\Program Files\TotalCmd\TOTALCMD.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\INSTALL\ANTIVIR\Avira\Avira AntiVir Personal\avira_antivir_personal_en_10.0.0.567.exe
D:\INSTALL\ANTIVIR.[LIBOR]\RSIT\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\sheriff Číča.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XmarksThumbnailsDLLBHO - {1BD0BEFE-F697-4eee-B7E1-76B849A5CB84} - D:\Program Files\Xmarks\Thumbnails for IE\xmarksthumbnails.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-21-789336058-1677128483-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Administrator')
O4 - HKUS\S-1-5-21-789336058-1677128483-839522115-500\..\Run: [Iconoid] "C:\Program Files\Iconoid\iconoid.exe" (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Spamihilator.lnk = D:\Program Files\Spamihilator\spamihilator.exe
O4 - Startup: wwwqxk32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {638F11AA-DF27-433b-BA2E-7281CE561D71} - D:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - {638F11AA-DF27-433b-BA2E-7281CE561D71} - D:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://www.portalzp.cz/obj/Signer.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://85.135.14.124/plugin/h263ctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Kocourkov.cz
O17 - HKLM\Software\..\Telephony: DomainName = Kocourkov.cz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Kocourkov.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Kocourkov.cz
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JKTIULD - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JKTIULD.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: WARSVR - Jgaa's Internet (http://www.jgaa.com) - D:\Program Files\War-FTPd\war-ftpd.exe

--
End of file - 7267 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure Startup.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{583C64C4-5956-420E-9943-C6B7263606D0}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-03-27 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1BD0BEFE-F697-4eee-B7E1-76B849A5CB84}]
ThumbnailsBHO Class - D:\Program Files\Xmarks\Thumbnails for IE\xmarksthumbnails.dll [2010-04-06 327680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-24 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-27 501056]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-07-20 7110656]

C:\Documents and Settings\sheriff Číča\Nabídka Start\Programy\Po spuštění
Spamihilator.lnk - D:\Program Files\Spamihilator\spamihilator.exe
wwwqxk32.exe

[O.H.]

(Musím to rozdělit kvůli délce.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-04-27 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\uTorrent\utorrent.exe"="D:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\Opera\opera.exe"="D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Program Files\Spamihilator\spamihilator.exe"="D:\Program Files\Spamihilator\spamihilator.exe:*:Enabled:Spamihilator"
"D:\Program Files\Spamihilator\cdcc.exe"="D:\Program Files\Spamihilator\cdcc.exe:*:Enabled:Spamihilator DCC Filter Configuration"
"D:\Program Files\Spamihilator\dccproc.exe"="D:\Program Files\Spamihilator\dccproc.exe:*:Enabled:Spamihilator DCC Filter"
"D:\Program Files\ICQ7.2\ICQ.exe"="D:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"D:\Program Files\ICQ7.2\aolload.exe"="D:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"D:\Program Files\VoipCheapCom\voipcheapcom.exe"="D:\Program Files\VoipCheapCom\voipcheapcom.exe:*:Enabled:VoipCheapCom"
"D:\Program Files\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe"="D:\Program Files\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe:*:Enabled:il2fb"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\HRY\USArmy\America's Army 3\Binaries\AA3Game.exe"="D:\HRY\USArmy\America's Army 3\Binaries\AA3Game.exe:*:Enabled:AA3Game"
"D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="D:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="D:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"D:\Program Files\teamspeak2_RC2\server_windows.exe"="D:\Program Files\teamspeak2_RC2\server_windows.exe:*:Enabled:Server"
"\\Notebook-cica\OH USB\INSTALL\INTERNET\VoIP\VoipBuster\voipbuster.exe"="\\Notebook-cica\OH USB\INSTALL\INTERNET\VoIP\VoipBuster\voipbuster.exe:*:Enabled:VoipBuster"
"D:\INSTALL\INTERNET\VoIP\VoipBuster\voipbuster.exe"="D:\INSTALL\INTERNET\VoIP\VoipBuster\voipbuster.exe:*:Enabled:VoipBuster"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\ICQ7.2\ICQ.exe"="D:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"D:\Program Files\ICQ7.2\aolload.exe"="D:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="D:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="D:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"


======List of files/folders created in the last 1 months======

2010-08-04 15:58:16 ----D---- C:\Program Files\trend micro
2010-08-04 15:58:12 ----D---- C:\rsit
2010-08-04 14:57:20 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2010-08-04 14:57:18 ----A---- C:\WINDOWS\system32\drivers\jfxuao.sys
2010-08-04 14:57:03 ----A---- C:\WINDOWS\system32\drivers\kxhfcu.sys
2010-08-04 14:39:24 ----D---- C:\WINDOWS\temp
2010-08-04 14:39:22 ----A---- C:\ComboFix.txt
2010-08-04 13:33:35 ----A---- C:\WINDOWS\zip.exe
2010-08-04 13:33:35 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-04 13:33:35 ----A---- C:\WINDOWS\SWSC.exe
2010-08-04 13:33:35 ----A---- C:\WINDOWS\SWREG.exe
2010-08-04 13:33:35 ----A---- C:\WINDOWS\sed.exe
2010-08-04 13:33:35 ----A---- C:\WINDOWS\PEV.exe
2010-08-04 13:33:35 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-04 13:33:35 ----A---- C:\WINDOWS\MBR.exe
2010-08-04 13:33:35 ----A---- C:\WINDOWS\grep.exe
2010-08-04 13:33:21 ----D---- C:\WINDOWS\ERDNT
2010-08-04 11:13:34 ----D---- C:\Qoobox
2010-08-03 15:13:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\RegCure
2010-08-03 15:01:38 ----D---- C:\ProcAlyzer Dumps
2010-08-03 14:49:57 ----D---- C:\Program Files\Safer Networking
2010-08-03 07:12:32 ----A---- C:\AdminCheck2.txt
2010-08-02 20:27:29 ----D---- C:\WINDOWS\ERUNT
2010-08-01 23:19:10 ----A---- C:\WINDOWS\system32\setie.txt
2010-08-01 23:00:21 ----SHD---- C:\WINDOWS\CSC
2010-07-31 21:37:22 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-25 13:50:21 ----HD---- C:\WINDOWS\PIF
2010-07-24 12:18:28 ----D---- C:\Documents and Settings\sheriff Číča\Data aplikací\Any Video Converter Professional
2010-07-23 11:02:02 ----D---- C:\Documents and Settings\sheriff Číča\Data aplikací\Xfire
2010-07-23 10:56:59 ----D---- C:\Documents and Settings\sheriff Číča\Data aplikací\InstallShield
2010-07-22 16:02:25 ----D---- C:\Documents and Settings\sheriff Číča\Data aplikací\AccurateRip
2010-07-22 14:22:22 ----N---- C:\WINDOWS\Setup1.exe
2010-07-22 14:22:21 ----A---- C:\WINDOWS\ST6UNST.EXE
2010-07-22 11:33:12 ----A---- C:\boot.ini.bak
2010-07-18 11:28:06 ----D---- C:\Documents and Settings\sheriff Číča\Data aplikací\Uniblue
2010-07-17 21:56:36 ----D---- C:\Documents and Settings\sheriff Číča\Data aplikací\Opera
2010-07-17 17:00:49 ----A---- C:\WINDOWS\system32\simptcp.dll
2010-07-15 15:11:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-14 19:47:21 ----D---- C:\Documents and Settings\sheriff Číča\Data aplikací\Help
2010-07-12 16:36:05 ----D---- C:\Program Files\WinPcap
2010-07-12 14:42:04 ----A---- C:\WINDOWS\system32\custmon32.dll
2010-07-12 13:45:02 ----A---- C:\WINDOWS\unins000.exe
2010-07-12 13:45:02 ----A---- C:\WINDOWS\system32\PDFCreatorPilot.dll
2010-07-07 17:51:27 ----D---- C:\Documents and Settings\sheriff Číča\Data aplikací\Google
2010-07-07 17:49:53 ----D---- C:\Program Files\Google
2010-07-07 14:00:58 ----D---- C:\Documents and Settings\sheriff Číča\Data aplikací\Bradsoft.com
2010-07-07 10:04:59 ----D---- C:\Documents and Settings\sheriff Číča\Data aplikací\teamspeak2
2010-07-07 09:57:28 ----D---- C:\Documents and Settings\sheriff Číča\Data aplikací\Zoner
2010-07-07 06:15:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960763$
2010-07-06 11:31:55 ----D---- C:\Documents and Settings\sheriff Číča\Data aplikací\ElevatedDiagnostics
2010-07-06 11:28:44 ----D---- C:\WINDOWS\system32\windowspowershell
2010-07-06 11:28:28 ----HDC---- C:\WINDOWS\$NtUninstallKB926139-v2$
2010-07-06 10:56:17 ----D---- C:\Documents and Settings\sheriff Číča\Data aplikací\HP
2010-07-06 10:55:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\WEBREG
2010-07-06 10:25:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP
2010-07-06 10:25:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP Product Assistant
2010-07-06 10:24:35 ----D---- C:\Program Files\Common Files\HP
2010-07-06 10:24:31 ----D---- C:\Program Files\Hewlett-Packard
2010-07-06 10:24:21 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2010-07-06 10:23:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Hewlett-Packard
2010-07-06 10:22:36 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2010-07-06 10:22:34 ----A---- C:\WINDOWS\system32\hpz3l5mu.dll
2010-07-06 10:22:07 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2010-07-06 10:19:03 ----D---- C:\Config.Msi
2010-07-06 10:10:00 ----D---- C:\Program Files\HP
2010-07-06 10:04:58 ----A---- C:\WINDOWS\system32\drivers\HPZipr12.sys
2010-07-06 10:04:58 ----A---- C:\WINDOWS\system32\drivers\HPZid412.sys
2010-07-06 10:04:53 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-06 10:02:30 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2010-07-06 10:01:11 ----RA---- C:\WINDOWS\system32\hppldcoi.dll
2010-07-06 10:01:11 ----RA---- C:\WINDOWS\system32\hpowiax7.dll
2010-07-06 10:01:11 ----RA---- C:\WINDOWS\system32\hpovst15.dll
2010-07-06 10:01:11 ----RA---- C:\WINDOWS\system32\hpotscl6.dll
2010-07-06 10:01:11 ----RA---- C:\WINDOWS\system32\difxapi.dll
2010-07-05 18:44:14 ----D---- C:\Documents and Settings\sheriff Číča\Data aplikací\id Software
2010-07-05 18:44:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\id Software
2010-07-05 15:54:07 ----RD---- C:\SW
2010-07-05 12:53:19 ----D---- C:\Documents and Settings\sheriff Číča\Data aplikací\XnView

======List of files/folders modified in the last 1 months======

2010-08-04 15:58:16 ----RD---- C:\Program Files
2010-08-04 15:12:50 ----D---- C:\Documents and Settings\sheriff Číča\Data aplikací\Spamihilator
2010-08-04 15:05:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-04 14:57:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-04 14:57:20 ----D---- C:\WINDOWS\system32
2010-08-04 14:57:19 ----D---- C:\WINDOWS\system32\drivers
2010-08-04 14:54:09 ----HD---- C:\WINDOWS\inf
2010-08-04 14:39:24 ----RD---- C:\WINDOWS
2010-08-04 14:37:09 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-04 14:32:26 ----A---- C:\WINDOWS\system.ini
2010-08-04 14:32:02 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-04 14:28:02 ----D---- C:\WINDOWS\system32\config
2010-08-04 14:21:36 ----D---- C:\WINDOWS\AppPatch
2010-08-04 14:21:35 ----RD---- C:\Program Files\Common Files
2010-08-03 21:12:17 ----D---- C:\WINDOWS\system
2010-08-03 17:05:03 ----ASH---- C:\boot.ini
2010-08-03 16:17:57 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-08-03 15:13:47 ----SD---- C:\WINDOWS\Tasks
2010-08-03 15:08:08 ----RD---- C:\WORK
2010-08-03 14:56:08 ----RD---- C:\TEMP
2010-08-03 13:31:59 ----D---- C:\Documents and Settings
2010-07-31 21:31:12 ----D---- C:\Documents and Settings\sheriff Číča\Data aplikací\Skype
2010-07-31 16:01:21 ----D---- C:\LOGISTIS
2010-07-31 15:45:22 ----D---- C:\Documents and Settings\sheriff Číča\Data aplikací\skypePM
2010-07-30 12:19:39 ----D---- C:\Documents and Settings\sheriff Číča\Data aplikací\ICQ
2010-07-24 12:20:19 ----SHD---- C:\WINDOWS\Installer
2010-07-23 22:44:15 ----D---- C:\Documents and Settings\sheriff Číča\Data aplikací\HyperLobby
2010-07-23 18:54:37 ----SD---- C:\Documents and Settings\sheriff Číča\Data aplikací\Microsoft
2010-07-23 18:51:46 ----D---- C:\Program Files\MSECache
2010-07-23 10:59:37 ----D---- C:\WINDOWS\WinSxS
2010-07-23 10:58:50 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-18 13:40:13 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-07-18 12:25:24 ----D---- C:\Downloads
2010-07-17 19:12:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-17 17:01:51 ----A---- C:\WINDOWS\imsins.BAK
2010-07-17 17:00:51 ----D---- C:\WINDOWS\security
2010-07-15 17:13:53 ----A---- C:\psapi.dll
2010-07-15 16:03:05 ----RSD---- C:\WINDOWS\Fonts
2010-07-15 15:11:18 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-14 14:41:14 ----D---- C:\WINDOWS\Prefetch
2010-07-12 14:39:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-07-07 14:21:33 ----D---- C:\Documents and Settings\sheriff Číča\Data aplikací\VoipCheapCom
2010-07-06 14:44:49 ----RSD---- C:\WINDOWS\assembly
2010-07-06 14:44:49 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-06 11:29:23 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-06 10:48:01 ----A---- C:\WINDOWS\win.ini
2010-07-06 10:24:38 ----D---- C:\WINDOWS\twain_32
2010-07-05 18:44:11 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2010-07-05 18:44:10 ----A---- C:\WINDOWS\system32\pbsvc.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 avgntmgr;avgntmgr; C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys [2009-02-13 22360]
R0 giveio;giveio; C:\WINDOWS\System32\giveio.sys [1996-04-03 5248]
R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [2003-10-29 21120]
R0 nvatabus;nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [2004-06-03 79360]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-27 61696]
R0 speedfan;speedfan; C:\WINDOWS\System32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-06-24 691696]
R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2009-02-13 45416]
R1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-27 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-11-16 50704]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-12-04 4025984]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-27 60800]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-27 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2008-04-27 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-27 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-07-20 3198368]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-27 12288]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-27 32128]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2009-01-13 19336]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2009-01-13 29192]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2009-01-13 49160]
S0 cltvt;cltvt; C:\WINDOWS\system32\drivers\cltvt.sys []
S0 trjkzbgr;trjkzbgr; C:\WINDOWS\system32\drivers\trjkzbgr.sys []
S3 ar8iawkg;ar8iawkg; C:\WINDOWS\system32\drivers\ar8iawkg.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2009-08-26 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2009-08-26 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2009-08-26 21568]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-27 26368]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2009-01-13 14728]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-04-27 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-04-27 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; D:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-06-24 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2005-07-20 127043]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-07-05 75064]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-25 19456]
R2 WARSVR;WARSVR; D:\Program Files\War-FTPd\war-ftpd.exe [2007-03-10 548864]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 JKTIULD;JKTIULD; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JKTIULD.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Síť rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Protokol PNRP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 AntiVirService;Avira AntiVir Guard; D:\Program Files\Avira\AntiVir Desktop\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler; D:\Program Files\Avira\AntiVir Desktop\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
==========================================================================
info.txt logfile of random's system information tool 1.08 2010-08-04 16:08:36

======Uninstall list======

-->D:\Program Files\WinPdf Writer\uninstpw.exe D:\Program Files\WinPdf Writer
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"D:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
602XML Filler-->MsiExec.exe /X{892994D3-5963-4877-A8DB-629607E8E928}
7-Zip 9.10 beta-->"D:\Program Files\7-Zip\Uninstall.exe"
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 9.3.3 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A93000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Aktualizace systému Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Aktualizace systému Windows Internet Explorer 8 (KB982632)-->"C:\WINDOWS\ie8updates\KB982632-IE8\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB960763)-->"C:\WINDOWS\$NtUninstallKB960763$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Any Video Converter Professional 2.7.3-->"D:\Any Video Converter Professional\unins000.exe"
Atomic Clock Sync-->D:\PROGRA~1\ATOMIC~1\UNWISE.EXE D:\PROGRA~1\ATOMIC~1\INSTALL.LOG
aTube Catcher-->D:\Program Files\DsNET Corp\aTube Catcher 2.0\uninstall.exe
Audacity 1.3.12 (Unicode)-->"D:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->D:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bombsight Table 2-->D:\Program Files\Ubi Soft\Bombsight Table 2\Uninstal Bombsight Table 2.exe
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
CCleaner-->"D:\Program Files\CCleaner\uninst.exe"
CorelDRAW Graphics Suite 12-->MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
Defraggler-->"D:\Program Files\Defraggler\uninst.exe"
Doplněk pro vytváření PDF dokumentů z Účta-->"C:\WINDOWS\unins000.exe"
DVD Shrink 3.2-->"D:\Program Files\DVD Shrink\unins000.exe"
Exact Audio Copy 0.99pb5-->D:\Program Files\Exact Audio Copy\uninst.exe
Exact Audio Copy PSP Edition 1.0-->D:\Program Files\Exact Audio Copy PSP Edition\uninst.exe
FileAlyzer 2-->"C:\Program Files\Safer Networking\FileAlyzer 2\unins000.exe"
FM Screen Capture Codec (Remove Only)-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\fmcodec.inf
Foreign Language Filter-->"D:\Program Files\Spamihilator\plugins\unins000.exe"
Gamestudio A7-->"D:\HRY\GStudio7\uninstall.exe"
GnuWin32: Grep-2.5.4-->"D:\Program Files\GnuWin32\uninstall\unins000.exe"
Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466}
Gothic III-->C:\Program Files\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe -runfromtemp -l0x0005 -removeonly
GPL Ghostscript 8.61-->D:\Program Files\GS\uninstgs.exe "D:\Program Files\GS\gs8.61\uninstal.txt"
GPL Ghostscript Fonts-->D:\Program Files\GS\uninstgs.exe "D:\Program Files\GS\fonts\uninstal.txt"
GSview 4.9-->D:\Program Files\Ghostgum\gsview\uninstgs.exe "D:\Program Files\Ghostgum\gsview\uninstal.txt"
HardBall's Aircraft Viewer 4_06+-->C:\WINDOWS\st6unst.exe -n "D:\Program Files\Ubi Soft\HardBall's Aircraft Viewer\ST6UNST.000"
Hercule Filter-->"D:\Program Files\Spamihilator\plugins\unins001.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 11.0-->D:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3-->D:\Program Files\HP\Digital Imaging\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\hpzscr01.exe -datfile hposcr28.dat -onestop
HP Imaging Device Functions 11.0-->D:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 3.0-->D:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat -forcereboot
HP Smart Web Printing-->D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 11.0-->D:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}
HyperLobby client-->MsiExec.exe /I{ED707F85-E1A7-4810-A619-555B732C191B}
Iconoid Version 3.8.5-->"C:\Program Files\Iconoid\unins000.exe"
ICQ7.2-->"C:\Program Files\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
IL-2 Sturmovik 1946-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{79438F1E-DEC3-443D-9DCD-FECE2D68C605} /l1033
IrfanView (remove only)-->D:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Logitech Gaming Software 5.04-->MsiExec.exe /X{768F22DC-2D20-4F52-A9A1-5E231FB7F752}
LogMeIn Hamachi-->C:\WINDOWS\system32\\msiexec.exe /i {8A74DEFD-A224-49CC-AB80-4E88BC730125} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{8A74DEFD-A224-49CC-AB80-4E88BC730125}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY-->MsiExec.exe /I{A2C9CD1B-2551-3AED-B244-6698FB929FA6}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY-->MsiExec.exe /I{546C143E-68DC-314D-97BC-1E454E3BA429}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Excel Viewer-->MsiExec.exe /I{95120000-003F-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (Czech)-->MsiExec.exe /X{95120000-00AF-0405-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110405-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850405-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MSM2MSI_gstudio-->MsiExec.exe /I{765E50AF-5550-4F7E-84F4-524D1BF2C49D}
MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OCR Software by I.R.I.S. 11.0-->D:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Opera 10.60-->MsiExec.exe /X{1D2C96C3-A3F3-49E7-B839-95279DED837F}
Oprava Hotfix systému Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
PC Alert 4-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\PC Alert 4\Uninst.isu"
PostSignumToolPlus-->"D:\Program Files\PostSignumTool\UninstallerData\Uninstall PostSignumToolPlus.exe"
PowerISO-->"D:\Program Files\PowerISO\uninstall.exe"
PSPad editor-->"D:\Program Files\PSPad editor\Uninst\unins000.exe"
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Quake Live Internet Explorer Plugin-->MsiExec.exe /I{D55D7EE6-3013-47AC-BE71-51AA35A221AB}
Realtek AC'97 Audio-->Alcrmv.exe -r -m
RegAlyzer-->"D:\Program Files\Safer Networking\RegAlyzer\unins000.exe"
RegCure-->D:\Program Files\RegCure\uninst.exe
Registrar Registry Manager 6.50-->"D:\Program Files\Registrar Registry Manager\unins000.exe"
RunAlyzer-->"C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
Sada Compatibility Pack pro systém Office 2007-->MsiExec.exe /X{90120000-0020-0405-0000-0000000FF1CE}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shop for HP Supplies-->D:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Signer 3.9-->MsiExec.exe /I{0AFA3D07-FBD4-45E3-94F7-B8B5324DB4B0}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spamihilator 0.9.9.53 (32 bit)-->MsiExec.exe /I{6D14916C-EC29-40FC-8FFB-08A66576BE78}
SpamiOL 1.02-->D:\Program Files\SpamiOL\uninstall.exe
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy-->"D:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.2-->"D:\Program Files\SpywareBlaster\unins000.exe"
TeamSpeak 2 RC2-->"D:\Program Files\Teamspeak2_RC2\unins002.exe"
TeamSpeak 2 Server RC2-->"D:\Program Files\Teamspeak2_RC2\unins001.exe"
TeamSpeak 3 Client-->"D:\Program Files\TeamSpeak 3 Client\uninstall.exe"
TopStyle 4-->"D:\Program Files\TopStyle 4\unins000.exe"
Total Commander (Remove or Repair)-->D:\Program Files\TotalCmd\tcuninst.exe
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Uniblue DriverScanner-->"D:\Program Files\Uniblue\DriverScanner\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Ward180-->D:\Program Files\War-FTPd\Uninstall.exe "D:\Program Files\War-FTPd\.UnInst.inf"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows PowerShell(TM) 1.0-->"C:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe"
WinMerge 2.12.4-->"D:\Program Files\WinMerge\unins000.exe"
WinPcap 4.1.1-->"C:\Program Files\WinPcap\uninstall.exe"
WinPDF Writer-->MsiExec.exe /I{16E72583-459E-428C-B4E7-C2CC4538FFED}
WMIinfo-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\WMIinfo\Uninst.isu"
Xfire (remove only)-->"D:\Program Files\Xfire\uninst.exe"
Xmarks for IE-->MsiExec.exe /X{E590A51C-4303-4A28-99DB-799FE1E25E0D}
Xmarks Thumbnails for IE-->MsiExec.exe /X{84513125-0BC7-46F8-BE1E-309263B79AE2}
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XnView 1.97.6-->"D:\Program Files\XnView\unins000.exe"
Zoner Photo Studio 12-->"D:\Program Files\Zoner\Photo Studio 12\unins000.exe" /SILENT

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: LIBOR
Event Code: 7036
Message: Stav služby hpqcxs08 byl změněn na: Spuštěno

Record Number: 2868
Source Name: Service Control Manager
Time Written: 20100711131425.000000+120
Event Type: Informace
User:

Computer Name: LIBOR
Event Code: 7036
Message: Stav služby Služba modelu COM pro zápis na disk CD (IMAPI) byl změněn na: Spuštěno

Record Number: 2867
Source Name: Service Control Manager
Time Written: 20100711131424.000000+120
Event Type: Informace
User:

Computer Name: LIBOR
Event Code: 7036
Message: Stav služby Sledování umístění v síti (NLA) byl změněn na: Spuštěno

Record Number: 2866
Source Name: Service Control Manager
Time Written: 20100711131424.000000+120
Event Type: Informace
User:

Computer Name: LIBOR
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Sledování umístění v síti (NLA) úspěšně odeslán.

Record Number: 2865
Source Name: Service Control Manager
Time Written: 20100711131424.000000+120
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: LIBOR
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě hpqcxs08 úspěšně odeslán.

Record Number: 2864
Source Name: Service Control Manager
Time Written: 20100711131424.000000+120
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: LIBOR
Event Code: 1000
Message: Čítače výkonu pro službu ASP.NET (ASP.NET) byly úspěšně načteny.
Data záznamu obsahují nové indexové hodnoty přiřazené
této službě.

Record Number: 517
Source Name: LoadPerf
Time Written: 20100701063005.000000+120
Event Type: Informace
User:

Computer Name: LIBOR
Event Code: 1001
Message: Čítače výkonu pro službu ASP.NET (ASP.NET) byly úspěšně odstraněny.
Data záznamu obsahují nové hodnoty položek Last Counter a
Last Help systémového registru.

Record Number: 516
Source Name: LoadPerf
Time Written: 20100701063004.000000+120
Event Type: Informace
User:

Computer Name: LIBOR
Event Code: 1000
Message: Čítače výkonu pro službu ASP.NET_2.0.50727 (ASP.NET_2.0.50727) byly úspěšně načteny.
Data záznamu obsahují nové indexové hodnoty přiřazené
této službě.

Record Number: 515
Source Name: LoadPerf
Time Written: 20100701063004.000000+120
Event Type: Informace
User:

Computer Name: LIBOR
Event Code: 1000
Message: Čítače výkonu pro službu aspnet_state (Stavová služba ASP.NET) byly úspěšně načteny.
Data záznamu obsahují nové indexové hodnoty přiřazené
této službě.

Record Number: 514
Source Name: LoadPerf
Time Written: 20100701063004.000000+120
Event Type: Informace
User:

Computer Name: LIBOR
Event Code: 1001
Message: Čítače výkonu pro službu aspnet_state (Stavová služba ASP.NET) byly úspěšně odstraněny.
Data záznamu obsahují nové hodnoty položek Last Counter a
Last Help systémového registru.

Record Number: 513
Source Name: LoadPerf
Time Written: 20100701063003.000000+120
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"DOS_SW"=C:\SW
"FP_NO_HOST_CHECK"=NO
"MOZ_NO_REMOTE"=1
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\WINDOWS\system32\WindowsPowerShell\v1.0
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 28 Stepping 0, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=1c00
"TEMP"=D:\TEMP
"TMP"=D:\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------

[motji]

Dobrý večer
To Učto asi budete chtít obnovit, že?
Bohužel combofix ho maže, i proto se nedoporučuje ho používat bez dozoru rádce.

Jinak máte hodně infikovaný počítač , nevíte kde jste k tomu přišel? Nějaké ruské stránky?
Bude to chtít trošku trpělivosti, máte infikované systémové soubory a bohužel někdy se nákaza těžce odstranuje.

Tuto složku znáte?
C:\SW


Otestujte na http://www.virustotal.com

C:\psapi.dll

-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.