Objevuje se chyba - Systém nemůže nalézt (null).

[BOnioo1775]

OS: Windows XP SP3

Dobrý den,

při spuštění průzkumníka (Win+E) se mi otevře průzkumník, ale také s ním chybová zpráva - Systém nemůže nalézt null. Přesvědčte se, zda je název zadán správně, a akci opakujte. Pro hledání souboru klepněte na tlačítko Start a pak na položku Hledat. Stejná chyba se mi zobrazuje:

1. při kliknutí ikony sítě v oznamovací oblasti
2. při pokusu o spuštění IE8 přes příkazový řádek (iexplorer.exe)
3. při otevírání složky přes webový prohlížeč, kde se nacházejí Stažené soubory (Pravým na stažený soubor>zobrazit vesložce)
4. při otevření složky přes vyhledávač souborů - (Everything,neosearch)

Další problém je, že mi nejde spustit Crystaldiskinfo ani portable verze ani nainstalovaná. U portable verze se objeví chybová zpráva - Přístup k prostředku Main.html byl odepřen a u nainstalované verze se zobrazí Diskinfo.exe v Taskmanageru, ale neukáže se.

[Rudy]

Zkuste obnovu systému k datu, kdy korkektně fungoval. Pokud se stav nezmění, dejte log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 .

[BOnioo1775]

Bod obnovení bohužel nemám, to mě napadllo jako první ..Problém se začal objevovat mezi 29.6 a 4.7. ..


Logfile of random's system information tool 1.09 (written by random/random)
Run by Martin MTA at 2011-07-17 12:49:23
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 36 GB (36%) free of 100 GB
Total RAM: 1022 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:49:52, on 17.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\AntiLogger\AntiLogger.exe
C:\Program Files\Coode Software\Shortcutor\Shortcutor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\KeyScrambler\KeyScrambler.exe
C:\Documents and Settings\Martin MTA\Dokumenty\DiskInfo.exe
C:\Program Files\Valve\hl.exe
C:\Documents and Settings\Martin MTA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin MTA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin MTA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin MTA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin MTA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin MTA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin MTA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin MTA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin MTA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin MTA\Plocha\RSIT.exe
C:\Program Files\trend micro\Martin MTA.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [AntiLogger] "C:\Program Files\AntiLogger\AntiLogger.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Shortcutor] "C:\Program Files\Coode Software\Shortcutor\Shortcutor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SlimDrivers] "C:\Program Files\SlimDrivers\SlimDrivers.exe" -boot
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{67248C3A-8940-4F83-AD35-C623096EEF54}: NameServer = 10.0.82.65,62.240.184.2
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 5129 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Martin MTA\Data aplikací\Mozilla\Firefox\Profiles\be9q4e4g.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.google.cz"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0]
"Description"=DivX OVS Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]
"Description"=Yahoo Messenger State Plugin
"Path"=C:\Program Files\Yahoo!\Shared\npYState.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
wikipedia.xml
yahoo.xml

C:\Documents and Settings\Martin MTA\Data aplikací\Mozilla\Firefox\Profiles\be9q4e4g.default\extensions\
firefox-support@vworldc.com
support@lastpass.com
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]
"AntiLogger"=C:\Program Files\AntiLogger\AntiLogger.exe [2011-07-02 2856392]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Shortcutor"=C:\Program Files\Coode Software\Shortcutor\Shortcutor.exe [2011-01-18 3975168]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SlimDrivers"=C:\Program Files\SlimDrivers\SlimDrivers.exe [2011-06-08 26441568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3
"cmdAgent"=2
"StarWindServiceAE"=2
"SolutoService"=2
"Cleaner_Validator"=3
"ASO3DiskOptimizer"=2
"ose"=3
"JavaQuickStarterService"=2
"Ati HotKey Poller"=2
"Spooler"=2
"ABBYY.Licensing.FineReader.Corporate.10.0"=2
"WPFFontCache_v0400"=3
"WMPNetworkSvc"=3
"Steam Client Service"=3
"SCUG"=3
"PSGenUn"=3
"PCToolsSSDMonitorSvc"=2
"Microsoft Office Groove Audit Service"=3
"idsvc"=3
"IDriverT"=3
"DfSdkS"=2
"Bonjour Service"=2
"Apple Mobile Device"=2
"AdvancedSystemCareService"=2
"UxTuneUp"=2

C:\Documents and Settings\Martin MTA\Nabídka Start\Po spuštění
Stickies.lnk - C:\Program Files\Stickies\stickies.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-09-11 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2010-06-23 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll [2010-06-22 202088]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PFNet]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SMR162]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoChangeKeyboardNavigationIndicators"=0
"NoChangeAnimation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=151
"NoDriveAutoRun"=67108863
"MaxRecentDocs"=15
"DisableMyMusicDirChange"=0
"DisableMyPicturesDirChange"=0
"NoCommonGroups"=0
"NoFavoritesMenu"=0
"NoSMMyPictures"=0
"NoStartMenuMyMusic"=0
"NoRecentDocsNetHood"=1
"NoUserNameInStartMenu"=0
"NoStartMenuPinnedList"=0
"ForceStartMenuLogoff"=0
"NoSharedDocuments"=1
"NoDrives"=0
"NoAddPrinter"=0
"NoDeletePrinter"=0
"NoChangeKeyboardNavigationIndicators"=0
"NoChangeAnimation"=0
"NoDFSTab"=0
"NoFileUrl"=1
"MemCheckBoxInRunDlg"=1
"NoDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=151
"NoDrives"=0
"NoFavoritesMenu"=0
"NoSMMyPictures"=0
"NoStartMenuMyMusic"=0
"NoRecentDocsNetHood"=0
"NoResolveSearch"=1
"NoCommonGroups"=0
"HideClock"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\QIP 2010\qip.exe"="C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\1AVCenter\1AVCenter.exe"="C:\Program Files\1AVCenter\1AVCenter.exe:*:Enabled:1AVCenter "
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Foxreal\YouTube FLV Downloader Pro\Foxreal YouTube FLV Downloader Pro.exe"="C:\Program Files\Foxreal\YouTube FLV Downloader Pro\Foxreal YouTube FLV Downloader Pro.exe:*:Enabled:Foxreal YouTube FLV Downloader Pro"
"C:\Program Files\Opera 11.00 beta\opera.exe"="C:\Program Files\Opera 11.00 beta\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Microsoft Games\Rise of Nations\rise.exe"="C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\Microsoft Games\Rise of Nations\nations.exe"="C:\Program Files\Microsoft Games\Rise of Nations\nations.exe:*:Enabled:Rise of Nations"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\steamapps\cleverboy\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\cleverboy\counter-strike\hl.exe:*:Enabled:Counter-Strike"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"vidc.iv41"=ir41_32.ax
"vidc.iv50"=ir50_32.dll
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-07-17 10:50:56 ----A---- C:\WINDOWS\system32\drivers\SET72.tmp
2011-07-17 10:49:54 ----A---- C:\WINDOWS\system32\OLD2A.tmp
2011-07-17 10:49:53 ----A---- C:\WINDOWS\system32\OLD26.tmp
2011-07-17 10:45:31 ----D---- C:\WINDOWS\LastGood
2011-07-17 10:45:31 ----A---- C:\WINDOWS\system32\OLD23.tmp
2011-07-16 12:57:19 ----A---- C:\WINDOWS\IE4 Error Log.txt
2011-07-16 12:51:17 ----A---- C:\Documents and Settings\Martin MTA\Data aplikací\SMRResults200.dat
2011-07-15 10:49:00 ----D---- C:\Program Files\CrystalDiskInfo
2011-07-14 13:52:35 ----D---- C:\WINDOWS\IIS Temporary Compressed Files
2011-07-14 13:52:02 ----D---- C:\WINDOWS\system32\Cache
2011-07-14 13:47:35 ----A---- C:\WINDOWS\system32\snprfdll.dll
2011-07-14 13:47:35 ----A---- C:\WINDOWS\system32\smtpctrs.ini
2011-07-14 13:47:35 ----A---- C:\WINDOWS\system32\smtpctrs.dll
2011-07-14 13:47:34 ----A---- C:\WINDOWS\system32\regtrace.exe
2011-07-14 13:47:34 ----A---- C:\WINDOWS\system32\ntfsdrct.ini
2011-07-14 13:47:34 ----A---- C:\WINDOWS\system32\fcachdll.dll
2011-07-14 13:47:33 ----A---- C:\WINDOWS\system32\adsiisex.dll
2011-07-14 13:44:29 ----A---- C:\WINDOWS\system32\w3ctrs.ini
2011-07-14 13:44:27 ----A---- C:\WINDOWS\system32\w3svapi.dll
2011-07-14 13:44:27 ----A---- C:\WINDOWS\system32\w3ctrs.dll
2011-07-14 13:44:27 ----A---- C:\WINDOWS\system32\axperf.ini
2011-07-14 13:44:26 ----A---- C:\WINDOWS\system32\aspperf.dll
2011-07-14 13:44:24 ----A---- C:\WINDOWS\system32\iisrstap.dll
2011-07-14 13:44:24 ----A---- C:\WINDOWS\system32\iisreset.exe
2011-07-14 13:44:24 ----A---- C:\WINDOWS\system32\ftpsapi2.dll
2011-07-14 13:44:22 ----A---- C:\WINDOWS\system32\wamregps.dll
2011-07-14 13:44:21 ----A---- C:\WINDOWS\system32\inetsloc.dll
2011-07-14 13:44:21 ----A---- C:\WINDOWS\system32\iismui.dll
2011-07-14 13:44:20 ----A---- C:\WINDOWS\system32\infoctrs.ini
2011-07-14 13:44:19 ----A---- C:\WINDOWS\system32\infoctrs.dll
2011-07-14 13:44:19 ----A---- C:\WINDOWS\system32\convlog.exe
2011-07-14 13:44:19 ----A---- C:\WINDOWS\system32\admxprox.dll
2011-07-14 13:44:03 ----A---- C:\WINDOWS\system32\simptcp.dll
2011-07-14 13:44:00 ----D---- C:\temp
2011-07-14 13:43:45 ----A---- C:\WINDOWS\system32\smtpapi.dll
2011-07-14 13:43:44 ----A---- C:\WINDOWS\system32\rwnh.dll
2011-07-14 13:43:43 ----A---- C:\WINDOWS\system32\iisext.dll
2011-07-14 13:43:42 ----A---- C:\WINDOWS\system32\infoadmn.dll
2011-07-14 13:43:42 ----A---- C:\WINDOWS\system32\iismap.dll
2011-07-14 13:43:42 ----A---- C:\WINDOWS\system32\exstrace.dll
2011-07-14 13:43:42 ----A---- C:\WINDOWS\system32\adsiis.dll
2011-07-14 13:43:41 ----A---- C:\WINDOWS\system32\iisRtl.dll
2011-07-14 13:43:41 ----A---- C:\WINDOWS\system32\admwprox.dll
2011-07-14 13:43:37 ----A---- C:\WINDOWS\system32\staxmem.dll
2011-07-14 13:43:37 ----A---- C:\WINDOWS\system32\iprip.dll
2011-07-14 13:43:34 ----A---- C:\WINDOWS\system32\snmptrap.exe
2011-07-14 13:43:34 ----A---- C:\WINDOWS\system32\snmp.exe
2011-07-14 13:43:34 ----A---- C:\WINDOWS\system32\evntwin.exe
2011-07-14 13:43:34 ----A---- C:\WINDOWS\system32\evntcmd.exe
2011-07-14 13:43:34 ----A---- C:\WINDOWS\system32\evntagnt.dll
2011-07-14 13:43:33 ----A---- C:\WINDOWS\system32\snmpmib.dll
2011-07-14 13:43:33 ----A---- C:\WINDOWS\system32\hostmib.dll
2011-07-14 13:43:31 ----A---- C:\WINDOWS\system32\lmmib2.dll
2011-07-14 13:43:24 ----D---- C:\Inetpub
2011-07-14 10:58:45 ----D---- C:\Program Files\SpeedFan
2011-07-13 20:43:17 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-13 20:32:29 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-13 15:44:35 ----D---- C:\Program Files\Free Window Registry Repair
2011-07-13 10:21:23 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\KoshyJohn.com
2011-07-12 10:35:00 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\JPEGsnoop
2011-07-11 19:32:51 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\ATI
2011-07-11 13:19:21 ----A---- C:\WINDOWS\system32\ISkeyObject.dll
2011-07-11 13:19:20 ----D---- C:\Program Files\Octatec
2011-07-11 11:06:05 ----D---- C:\Program Files\Secunia
2011-07-10 19:37:42 ----SHD---- C:\RECYCLER
2011-07-10 12:38:14 ----D---- C:\Program Files\FileHippo.com
2011-07-10 12:08:09 ----A---- C:\WINDOWS\syscall.dat
2011-07-10 12:07:59 ----D---- C:\Program Files\AntiLogger
2011-07-09 16:57:39 ----D---- C:\Program Files\AutoIt3
2011-07-08 19:09:08 ----A---- C:\WINDOWS\system32\drivers\fetnd5.sys
2011-07-08 16:21:24 ----D---- C:\Program Files\Glarysoft
2011-07-07 22:05:05 ----D---- C:\Program Files\JDownloader
2011-07-07 16:47:06 ----D---- C:\rsit
2011-07-07 16:06:24 ----A---- C:\SRStatus.txt
2011-07-07 15:57:28 ----D---- C:\WINDOWS\temp
2011-07-07 13:21:12 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-07-07 13:21:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-07 13:21:04 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-07-07 13:19:03 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\Malwarebytes
2011-07-06 21:16:08 ----D---- C:\WINDOWS\6.7.2011
2011-07-06 21:15:41 ----SH---- C:\Program Files\Desktop.ini
2011-07-06 13:39:32 ----D---- C:\symbols
2011-07-05 21:02:58 ----ASH---- C:\pagefile.sys
2011-07-05 17:38:28 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{7BD01092-3B6F-4E1D-BFBD-ABDDA8096C67}
2011-07-05 11:26:09 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\Windows Search
2011-07-04 23:20:17 ----D---- C:\Program Files\Everything
2011-07-04 22:34:49 ----A---- C:\WINDOWS\system32\hidserv.dll
2011-07-04 13:16:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2011-07-04 13:08:28 ----D---- C:\Program Files\ATI Technologies
2011-07-04 13:08:25 ----D---- C:\Program Files\ATI
2011-07-04 13:07:29 ----D---- C:\ATI
2011-07-04 12:39:23 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2011-07-04 00:01:02 ----D---- C:\WINDOWS\Prefetch
2011-07-04 00:01:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-03 23:43:33 ----A---- C:\WINDOWS\system32\atrace.dll
2011-07-03 23:14:58 ----A---- C:\WINDOWS\system32\irclass.dll
2011-07-03 23:14:57 ----A---- C:\WINDOWS\system32\spxcoins.dll
2011-07-03 22:38:06 ----A---- C:\WINDOWS\system32\atiicdxx.dat
2011-07-03 21:28:06 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-03 21:28:06 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-03 21:28:04 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-03 21:28:04 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-03 21:28:03 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-03 21:28:02 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-03 21:28:02 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-03 21:27:58 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-03 21:27:44 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-03 21:27:24 ----D---- C:\Program Files\AVAST Software
2011-07-03 21:27:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-07-03 17:46:01 ----D---- C:\WINDOWS\system32\3com_dmi
2011-07-03 17:46:01 ----D---- C:\WINDOWS\system32\1025
2011-07-03 17:46:01 ----D---- C:\WINDOWS\addins
2011-07-03 17:46:00 ----D---- C:\WINDOWS\system32\3076
2011-07-03 17:46:00 ----D---- C:\WINDOWS\system32\2052
2011-07-03 17:46:00 ----D---- C:\WINDOWS\system32\1054
2011-07-03 17:46:00 ----D---- C:\WINDOWS\system32\1042
2011-07-03 17:46:00 ----D---- C:\WINDOWS\system32\1041
2011-07-03 17:46:00 ----D---- C:\WINDOWS\system32\1037
2011-07-03 17:46:00 ----D---- C:\WINDOWS\system32\1031
2011-07-03 17:46:00 ----D---- C:\WINDOWS\system32\1028
2011-07-03 17:45:59 ----D---- C:\WINDOWS\system32\bits
2011-07-03 17:17:32 ----D---- C:\WINDOWS\system32\CatRoot
2011-07-03 17:17:01 ----D---- C:\WINDOWS\system32\com
2011-07-03 17:17:01 ----D---- C:\WINDOWS\system32\1033
2011-07-03 17:17:01 ----D---- C:\WINDOWS\system32\1029
2011-07-03 17:17:01 ----D---- C:\WINDOWS\system
2011-07-02 21:50:45 ----D---- C:\Program Files\GetData
2011-07-02 19:14:35 ----D---- C:\Program Files\OO Software
2011-07-02 13:52:46 ----A---- C:\WINDOWS\system32\acctres.dll
2011-07-02 13:31:41 ----D---- C:\Program Files\Messenger
2011-07-02 13:31:03 ----A---- C:\WINDOWS\system32\accwiz.exe
2011-07-02 13:30:59 ----A---- C:\WINDOWS\system32\aaclient.dll
2011-07-02 09:32:58 ----D---- C:\WINDOWS\system32\RTCOM
2011-07-02 09:32:58 ----D---- C:\Program Files\Realtek
2011-07-01 22:37:43 ----D---- C:\WINDOWS\Minidump
2011-06-30 09:57:58 ----D---- C:\Program Files\Greatis
2011-06-29 21:25:00 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\QFX Software
2011-06-29 21:25:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\QFX Software
2011-06-29 08:41:27 ----A---- C:\WINDOWS\system32\drivers\ati2erec.dll
2011-06-29 08:41:27 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2011-06-28 22:14:58 ----A---- C:\WINDOWS\system32\vusetup.dll
2011-06-28 22:14:58 ----A---- C:\WINDOWS\system32\drivers\vulfntr.sys
2011-06-28 22:14:58 ----A---- C:\WINDOWS\system32\drivers\vulfnth.sys
2011-06-28 22:10:15 ----SHD---- C:\System Volume Information
2011-06-28 22:05:50 ----D---- C:\WINDOWS\OPTIONS
2011-06-28 22:05:50 ----A---- C:\WINDOWS\system32\drivers\RTL8139.sys
2011-06-27 12:59:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\BitDefender
2011-06-27 12:58:01 ----D---- C:\Program Files\Common Files\BitDefender
2011-06-26 22:53:34 ----A---- C:\WINDOWS\system32\drivers\DrvAgent32.sys
2011-06-26 14:05:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-06-24 16:23:47 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\QuickScan
2011-06-21 22:31:48 ----A---- C:\WINDOWS\system32\pncrt.dll
2011-06-20 19:48:47 ----D---- C:\Program Files\Wise Disk Cleaner
2011-06-20 19:02:33 ----D---- C:\Program Files\Mozilla Firefox
2011-06-19 10:07:24 ----D---- C:\Program Files\Belkin
2011-06-19 09:59:28 ----A---- C:\WINDOWS\system32\drivers\xfilt.sys
2011-06-19 09:59:22 ----A---- C:\WINDOWS\system32\drivers\videX32.sys
2011-06-19 09:57:42 ----D---- C:\Program Files\VIA
2011-06-19 09:55:00 ----A---- C:\WINDOWS\system32\drivers\SWDUMon.sys
2011-06-19 09:54:19 ----D---- C:\Program Files\SlimDrivers
2011-06-19 09:31:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Innovative Solutions
2011-06-18 15:17:10 ----A---- C:\WINDOWS\system32\EasyHook32.dll
2011-06-18 10:39:48 ----A---- C:\Documents and Settings\Martin MTA\Data aplikací\SMRBackup200.dat

======List of files/folders modified in the last 1 month======

2011-07-17 12:49:31 ----D---- C:\Program Files\trend micro
2011-07-17 11:01:28 ----D---- C:\WINDOWS\Microsoft.NET
2011-07-17 10:50:56 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-07-17 10:50:56 ----D---- C:\WINDOWS\system32\drivers
2011-07-17 10:50:53 ----AD---- C:\WINDOWS\system32
2011-07-17 10:49:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-17 10:45:31 ----AD---- C:\WINDOWS
2011-07-17 10:31:35 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\stickies
2011-07-17 10:31:22 ----D---- C:\WINDOWS\system32\inetsrv
2011-07-16 23:34:15 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-07-16 23:33:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-16 23:24:55 ----D---- C:\Program Files\Microsoft Bootvis
2011-07-16 23:18:49 ----D---- C:\Program Files\Registry Mechanic
2011-07-16 22:54:26 ----AD---- C:\Program Files\The KMPlayer
2011-07-16 21:39:36 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\NeoDownloader
2011-07-16 21:20:55 ----D---- C:\WINDOWS\security
2011-07-16 21:15:57 ----RD---- C:\Program Files
2011-07-16 21:11:41 ----D---- C:\Program Files\AnVir Task Manager Free
2011-07-16 20:30:11 ----SHD---- C:\WINDOWS\Installer
2011-07-16 20:29:58 ----D---- C:\Config.Msi
2011-07-16 20:29:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-07-16 20:08:31 ----D---- C:\Program Files\Steam
2011-07-16 20:08:30 ----AD---- C:\Program Files\Valve
2011-07-16 15:34:34 ----RSD---- C:\WINDOWS\assembly
2011-07-16 13:25:11 ----D---- C:\WINDOWS\WinSxS
2011-07-16 13:20:33 ----D---- C:\WINDOWS\system32\en-US
2011-07-16 13:16:57 ----D---- C:\Program Files\MSECACHE
2011-07-16 12:50:10 ----D---- C:\WINDOWS\system32\config
2011-07-16 12:33:15 ----AD---- C:\Documents and Settings\Martin MTA\Data aplikací\Skype
2011-07-16 09:55:16 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-15 20:04:34 ----HD---- C:\WINDOWS\inf
2011-07-14 17:02:06 ----AD---- C:\Documents and Settings\Martin MTA\Data aplikací\AIMP
2011-07-14 16:54:45 ----D---- C:\WINDOWS\Help
2011-07-14 14:48:40 ----D---- C:\WINDOWS\system32\LogFiles
2011-07-14 14:25:08 ----R---- C:\boot.ini
2011-07-14 14:25:08 ----A---- C:\WINDOWS\win.ini
2011-07-14 14:25:08 ----A---- C:\WINDOWS\system.ini
2011-07-14 13:52:53 ----D---- C:\WINDOWS\Registration
2011-07-14 13:51:55 ----A---- C:\WINDOWS\system32\results.txt
2011-07-14 13:44:02 ----AD---- C:\WINDOWS\system32\wbem
2011-07-14 11:41:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2011-07-14 11:16:25 ----D---- C:\WINDOWS\Debug
2011-07-13 23:04:25 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-13 14:01:21 ----D---- C:\Program Files\Microsoft Silverlight
2011-07-13 10:09:10 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-07-11 17:52:31 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\Systweak
2011-07-11 14:24:48 ----D---- C:\Program Files\Microsoft Office
2011-07-11 14:13:45 ----ASD---- C:\Documents and Settings\Martin MTA\Data aplikací\Microsoft
2011-07-10 12:32:10 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\Aston2
2011-07-09 16:57:44 ----HD---- C:\WINDOWS\ShellNew
2011-07-08 19:12:07 ----AD---- C:\Program Files\QIP 2010
2011-07-07 23:02:31 ----AD---- C:\Documents and Settings\Martin MTA\Data aplikací\ICQ
2011-07-07 22:51:03 ----D---- C:\Program Files\ICQ7.5
2011-07-07 17:03:57 ----AD---- C:\Documents and Settings\Martin MTA\Data aplikací\Mozilla
2011-07-07 16:59:33 ----D---- C:\WINDOWS\system32\Restore
2011-07-07 16:59:04 ----D---- C:\Program Files\Everythomg
2011-07-07 15:46:51 ----D---- C:\WINDOWS\AppPatch
2011-07-07 15:46:47 ----D---- C:\Program Files\Common Files
2011-07-07 15:26:50 ----D---- C:\Program Files\Unlocker
2011-07-07 13:37:20 ----D---- C:\Program Files\Ocster Backup
2011-07-07 13:37:02 ----AD---- C:\Documents and Settings
2011-07-07 00:21:58 ----D---- C:\Program Files\Windows Desktop Search
2011-07-06 23:57:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\explauncher
2011-07-06 23:57:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\launcher
2011-07-06 23:51:20 ----AD---- C:\Program Files\AIMP2
2011-07-06 23:44:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2011-07-06 23:43:24 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-07-06 22:03:30 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\CaptureSaver
2011-07-06 20:02:54 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\Registry Mechanic
2011-07-06 15:01:06 ----RD---- C:\WINDOWS\Web
2011-07-06 14:58:47 ----A---- C:\WINDOWS\ODBCINST.INI
2011-07-06 14:55:01 ----D---- C:\WINDOWS\system32\ias
2011-07-06 14:54:47 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2011-07-06 13:18:04 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\Windows Desktop Search
2011-07-06 11:21:46 ----AD---- C:\Documents and Settings\Martin MTA\Data aplikací\Adobe
2011-07-05 17:46:55 ----D---- C:\WINDOWS\system32\NtmsData
2011-07-05 17:41:11 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\TweakNow PowerPack 2011
2011-07-05 16:17:22 ----A---- C:\WINDOWS\system32\oeminfo.ini
2011-07-05 15:03:23 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\JAM Software
2011-07-05 15:03:19 ----D---- C:\Program Files\JAM Software
2011-07-05 13:07:59 ----D---- C:\Program Files\SUPERAntiSpyware
2011-07-05 12:41:59 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\Auslogics
2011-07-05 11:17:18 ----AD---- C:\Documents and Settings\Martin MTA\Data aplikací\Macromedia
2011-07-04 23:17:03 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\Zoner
2011-07-04 23:17:03 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\WinPatrol
2011-07-04 23:17:03 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\Ventrilo
2011-07-04 23:17:03 ----AD---- C:\Documents and Settings\Martin MTA\Data aplikací\uTorrent
2011-07-04 23:17:02 ----AD---- C:\Documents and Settings\Martin MTA\Data aplikací\Trillian
2011-07-04 23:16:56 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\PotPlayerMini
2011-07-04 23:16:54 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\IObit
2011-07-04 23:16:53 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\DivX
2011-07-04 23:16:53 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\Dexpot
2011-07-04 23:16:53 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\Audacity
2011-07-04 23:16:53 ----AD---- C:\Documents and Settings\Martin MTA\Data aplikací\Apple Computer
2011-07-04 16:41:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\SystemExplorer
2011-07-04 16:41:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\LogCollector
2011-07-04 16:41:31 ----D---- C:\WINDOWS\repair
2011-07-04 15:17:26 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\vlc
2011-07-04 14:27:22 ----D---- C:\Shoty
2011-07-04 14:27:22 ----D---- C:\Program Files\1AVCenter
2011-07-04 13:06:51 ----D---- C:\Program Files\Driver Cleaner
2011-07-04 12:45:48 ----D---- C:\Program Files\Outlook Express
2011-07-04 12:44:02 ----D---- C:\Program Files\Movie Maker
2011-07-04 01:08:43 ----D---- C:\WINDOWS\l2schemas
2011-07-04 01:08:41 ----SD---- C:\WINDOWS\Offline Web Pages
2011-07-04 01:08:41 ----D---- C:\WINDOWS\system32\usmt
2011-07-04 01:08:38 ----D---- C:\WINDOWS\Media
2011-07-04 01:08:32 ----D---- C:\WINDOWS\WBEM
2011-07-04 01:08:14 ----D---- C:\WINDOWS\network diagnostic
2011-07-04 01:07:58 ----D---- C:\WINDOWS\peernet
2011-07-04 01:07:58 ----D---- C:\WINDOWS\ime
2011-07-04 01:07:33 ----D---- C:\WINDOWS\system32\npp
2011-07-04 01:07:24 ----D---- C:\WINDOWS\msagent
2011-07-04 01:07:16 ----D---- C:\WINDOWS\system32\cs
2011-07-04 01:06:46 ----D---- C:\WINDOWS\EHome
2011-07-04 01:06:08 ----D---- C:\WINDOWS\twain_32
2011-07-04 01:05:55 ----D---- C:\WINDOWS\system32\icsxml
2011-07-04 01:04:42 ----D---- C:\WINDOWS\Driver Cache
2011-07-04 00:20:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-07-03 23:44:47 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2011-07-03 23:44:12 ----D---- C:\Program Files\Windows Media Connect 2
2011-07-03 23:44:07 ----D---- C:\Program Files\Windows Media Player
2011-07-03 23:44:03 ----D---- C:\WINDOWS\srchasst
2011-07-03 23:43:13 ----D---- C:\Program Files\NetMeeting
2011-07-03 23:43:10 ----D---- C:\Program Files\Common Files\Services
2011-07-03 23:43:02 ----SD---- C:\WINDOWS\Tasks
2011-07-03 23:42:56 ----D---- C:\Program Files\Internet Explorer
2011-07-03 23:41:56 ----D---- C:\WINDOWS\system32\oobe
2011-07-03 23:41:33 ----D---- C:\Program Files\Common Files\System
2011-07-03 23:38:36 ----D---- C:\WINDOWS\system32\Setup
2011-07-03 23:32:18 ----D---- C:\WINDOWS\system32\XPSViewer
2011-07-03 23:31:55 ----RSD---- C:\WINDOWS\Fonts
2011-07-03 23:29:39 ----D---- C:\WINDOWS\BitLockerDiscoveryVolumeContents
2011-07-03 23:29:28 ----D---- C:\WINDOWS\system32\drivers\UMDF
2011-07-03 23:29:27 ----D---- C:\WINDOWS\system32\cs-cz
2011-07-03 23:28:58 ----D---- C:\Program Files\MSXML 4.0
2011-07-03 23:26:29 ----D---- C:\WINDOWS\Cursors
2011-07-03 23:26:19 ----D---- C:\Program Files\Windows NT
2011-07-03 23:14:43 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2011-07-02 09:55:59 ----D---- C:\Program Files\Boxoft Screen OCR
2011-06-29 21:25:28 ----A---- C:\WINDOWS\Sandboxie.ini
2011-06-29 21:24:50 ----D---- C:\Program Files\KeyScrambler
2011-06-28 22:05:50 ----HD---- C:\Program Files\InstallShield Installation Information
2011-06-28 21:01:03 ----D---- C:\Program Files\Opera 11.00 beta
2011-06-28 20:59:22 ----D---- C:\Program Files\CCleaner
2011-06-26 23:49:39 ----D---- C:\Program Files\Dexpot
2011-06-26 20:36:29 ----D---- C:\Program Files\WinRAR
2011-06-26 14:42:51 ----D---- C:\Program Files\System Explorer
2011-06-26 11:06:10 ----D---- C:\Program Files\Flow
2011-06-24 17:19:25 ----D---- C:\WINDOWS\CtDrvInstall
2011-06-23 07:00:26 ----D---- C:\WINDOWS\SoftwareDistribution
2011-06-22 20:40:38 ----HD---- C:\Documents and Settings\All Users\Data aplikací\sysnfxo
2011-06-22 20:40:37 ----RD---- C:\Program Files\Aston2
2011-06-22 20:40:37 ----D---- C:\totalcmd
2011-06-22 20:40:37 ----D---- C:\Program Files\XnView
2011-06-22 20:40:37 ----D---- C:\Program Files\PS Tray Factory
2011-06-22 20:40:37 ----D---- C:\Program Files\Maple Professional
2011-06-22 20:40:37 ----D---- C:\Program Files\Kryptel
2011-06-22 20:40:37 ----D---- C:\Program Files\ConduitEngine
2011-06-22 20:40:37 ----D---- C:\Program Files\Audio Recorder
2011-06-22 20:05:06 ----D---- C:\Program Files\OpenOffice.org 3
2011-06-22 19:45:44 ----D---- C:\tmp
2011-06-20 19:51:43 ----D---- C:\Program Files\Mgutil
2011-06-19 09:49:59 ----A---- C:\WINDOWS\system32\pgdfgsvc.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 hotcore3;hc3ServiceName; C:\WINDOWS\system32\DRIVERS\hotcore3.sys [2010-09-15 40560]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2011-03-18 25240]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 ViBus;ViBus; C:\WINDOWS\system32\DRIVERS\ViBus.sys [2000-01-01 16896]
R0 videX32;videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [2000-01-01 9216]
R0 ViPrt;VIA SATA IDE Device Driver; C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2000-01-01 52224]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2010-06-23 77568]
R0 xfilt;VIA SATA IDE Hot-plug Driver; C:\WINDOWS\System32\DRIVERS\xfilt.sys [2000-01-01 22168]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
R1 AntiLog32;AntiLog32; \??\C:\Program Files\AntiLogger\AntiLog32.sys []
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-12-18 26024]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-06-23 226880]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2010-12-19 231248]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936]
R2 rspndr;Odpovídající zařízení zjišťování topologie linkové vrstvy; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2010-06-23 62848]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-09-11 5417472]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2010-11-17 101904]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-06-12 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-04-06 6388328]
R3 KeyScrambler;KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [2011-04-25 225856]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2010-06-23 12160]
R3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2000-01-01 25434]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys []
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2010-06-23 12288]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2010-06-23 32384]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 DumpDrv;Crash Dump Driver; C:\WINDOWS\system32\drivers\DumpDrv.sys [2010-06-23 9472]
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-10-31 93184]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2009-06-16 46592]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]
S3 SWDUMon;SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [2011-07-17 12984]
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2010-11-09 26112]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2010-06-23 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2010-06-23 82944]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2010-06-23 133632]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2010-06-23 14848]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 Iprip;Naslouchání RIP; C:\WINDOWS\System32\svchost.exe [2010-06-23 14848]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2011-06-17 72464]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2008-04-14 19456]
R2 SMTPSVC;Simple Mail Transport Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
R2 W3SVC;Publikování na webu; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2010-06-23 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2010-06-23 14848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2010-06-23 14848]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2010-06-23 14848]
S3 p2psvc;Síť rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2010-06-23 14848]
S3 PNRPSvc;Protokol PNRP; C:\WINDOWS\system32\svchost.exe [2010-06-23 14848]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo HDD Control\Dfsdks.exe [2009-08-24 406016]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
S4 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S4 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2010-06-23 14848]
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

[Rudy]

Ještě poprosím o log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[BOnioo1775]

Combofix se nepodařilo spustit ani po 3 pokusech, pak Combofix oznámil, že byl detekován rootkit a Combofix musí být přerušen.
Sken jsem proto udělal v nouzovém režimu. Zde je věc:


ComboFix 11-07-17.03 - Martin MTA 17.07.2011 19:29:27.19.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.652 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martin MTA\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Martin MTA\Dokumenty\cc_20110713_134554.reg
c:\windows\system32\Cache
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-17 do 2011-07-17 )))))))))))))))))))))))))))))))
.
.
2011-07-17 08:45 . 2011-07-17 11:37 -------- d-----w- c:\windows\LastGood
2011-07-15 08:49 . 2011-07-15 08:49 -------- d-----w- c:\program files\CrystalDiskInfo
2011-07-14 11:52 . 2011-07-14 11:52 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2011-07-14 11:44 . 2011-07-14 11:44 -------- d-----w- C:\temp
2011-07-14 11:43 . 2011-07-14 11:54 -------- d-----w- C:\Inetpub
2011-07-14 08:58 . 2011-07-14 08:59 -------- d-----w- c:\program files\SpeedFan
2011-07-13 18:32 . 2011-07-15 08:39 -------- d--h--w- c:\windows\$hf_mig$
2011-07-13 13:44 . 2011-07-14 09:45 -------- d-----w- c:\program files\Free Window Registry Repair
2011-07-13 08:21 . 2011-07-13 08:21 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\KoshyJohn.com
2011-07-12 08:35 . 2011-07-12 08:35 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\JPEGsnoop
2011-07-11 17:32 . 2011-07-11 17:32 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\ATI
2011-07-11 11:19 . 2011-07-11 11:19 -------- d-----w- c:\program files\Octatec
2011-07-11 09:06 . 2011-07-11 09:06 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\Secunia PSI
2011-07-11 09:06 . 2011-07-11 09:06 -------- d-----w- c:\program files\Secunia
2011-07-10 10:38 . 2011-07-10 10:38 -------- d-----w- c:\program files\FileHippo.com
2011-07-10 10:07 . 2011-07-10 10:08 -------- d-----w- c:\program files\AntiLogger
2011-07-09 14:57 . 2011-07-09 14:57 -------- d-----w- c:\program files\AutoIt3
2011-07-08 14:21 . 2011-07-08 14:21 -------- d-----w- c:\program files\Glarysoft
2011-07-07 20:05 . 2011-07-14 09:45 -------- d-----w- c:\program files\JDownloader
2011-07-07 14:47 . 2011-07-17 10:49 -------- d-----w- C:\rsit
2011-07-07 13:34 . 2011-07-07 13:34 -------- d--h--w- c:\documents and settings\Martin MTA\Okolní tiskárny
2011-07-07 11:37 . 2011-07-14 15:02 -------- d-----w- c:\documents and settings\_ocster_backup_.BUTTERFL-3JCAIC
2011-07-07 11:21 . 2011-07-16 13:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-07 11:19 . 2011-07-07 11:19 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Malwarebytes
2011-07-06 19:16 . 2011-07-06 19:16 -------- d-----w- c:\windows\6.7.2011
2011-07-06 11:39 . 2011-07-06 11:39 -------- d-----w- C:\symbols
2011-07-06 10:15 . 2011-07-06 10:15 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\Microsoft Help
2011-07-06 09:21 . 2011-07-06 09:21 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\Temp
2011-07-05 15:38 . 2011-07-10 10:08 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\{7BD01092-3B6F-4E1D-BFBD-ABDDA8096C67}
2011-07-05 09:26 . 2011-07-05 09:26 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Windows Search
2011-07-04 21:20 . 2011-07-14 13:47 -------- d-----w- c:\program files\Everything
2011-07-04 19:04 . 2011-07-04 19:04 -------- d-----w- c:\documents and settings\MTA 2\Data aplikací\Malwarebytes
2011-07-04 11:16 . 2011-07-04 11:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-07-04 11:16 . 2011-07-04 11:16 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\ATI
2011-07-04 11:08 . 2011-07-04 11:09 -------- d-----w- c:\program files\ATI Technologies
2011-07-04 11:08 . 2011-07-04 11:10 -------- d-----w- c:\program files\ATI
2011-07-04 11:07 . 2011-07-04 11:07 -------- d-----w- C:\ATI
2011-07-03 21:43 . 2008-04-14 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-07-03 21:41 . 2008-04-14 12:00 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
2011-07-03 21:41 . 2008-04-14 12:00 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
2011-07-03 21:41 . 2008-04-14 12:00 215552 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2011-07-03 21:41 . 2008-04-14 12:00 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
2011-07-03 19:27 . 2011-07-03 19:27 -------- d-----w- c:\program files\AVAST Software
2011-07-03 19:27 . 2011-07-03 19:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-07-03 15:46 . 2011-07-03 15:46 -------- d-----w- c:\windows\addins
2011-07-03 15:17 . 2011-07-03 21:14 -------- d-----w- c:\windows\system
2011-07-02 19:50 . 2011-07-02 19:50 -------- d-----w- c:\program files\GetData
2011-07-02 17:14 . 2011-07-02 17:14 -------- d-----w- c:\program files\OO Software
2011-07-02 13:01 . 2011-07-07 13:36 -------- d--h--w- c:\documents and settings\Default User.WINDOWSH
2011-07-02 13:01 . 2011-07-02 11:56 -------- d-----w- c:\documents and settings\All Users.WINDOWSH
2011-07-02 12:08 . 2011-07-17 17:27 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2011-07-02 11:48 . 2011-07-17 17:28 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2011-07-02 07:32 . 2011-07-02 07:32 -------- d-----w- c:\program files\Realtek
2011-06-30 22:06 . 2011-07-17 17:28 -------- d-s---w- c:\documents and settings\TEMP.BUTTERFL-3JCAIC
2011-06-30 15:33 . 2011-06-30 15:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Help
2011-06-30 10:46 . 2011-06-30 21:44 -------- d-----w- c:\documents and settings\Martin MTA\Impostazioni locali
2011-06-30 07:57 . 2011-06-30 07:57 -------- d-----w- c:\program files\Greatis
2011-06-29 19:25 . 2011-06-29 19:25 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\QFX Software
2011-06-29 19:25 . 2011-06-29 19:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\QFX Software
2011-06-29 06:41 . 2011-06-29 06:41 0 ----a-w- c:\windows\ativpsrm.bin
2011-06-28 20:05 . 2011-06-28 20:05 -------- d-----w- c:\windows\OPTIONS
2011-06-27 10:59 . 2011-06-27 11:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BitDefender
2011-06-27 10:58 . 2011-06-27 11:01 -------- d-----w- c:\program files\Common Files\BitDefender
2011-06-26 12:05 . 2011-06-26 12:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-06-24 14:23 . 2011-06-25 10:34 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\QuickScan
2011-06-20 17:48 . 2011-07-14 15:02 -------- d-----w- c:\program files\Wise Disk Cleaner
2011-06-19 08:07 . 2011-06-19 08:07 -------- d-----w- c:\program files\Belkin
2011-06-19 07:57 . 2011-06-19 07:57 -------- d-----w- c:\program files\VIA
2011-06-19 07:54 . 2011-06-19 07:54 -------- d-----w- c:\program files\SlimDrivers
2011-06-19 07:31 . 2011-06-19 07:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Innovative Solutions
2011-06-17 20:02 . 2011-06-17 20:02 -------- d-----w- c:\documents and settings\MTA 2\Data aplikací\NeoDownloader
2011-06-17 19:59 . 2011-06-17 19:59 -------- d-----w- c:\documents and settings\MTA 2\Data aplikací\IObit
2011-06-17 19:51 . 2011-06-17 19:51 -------- d-----w- c:\documents and settings\MTA 2\Local Settings\Data aplikací\RoboTask
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2010-11-17 19:21 40112 ----a-w- c:\windows\avastSS.scr
2011-06-20 17:08 . 2011-06-11 08:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-19 07:49 . 2011-04-22 19:53 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-06-06 11:36 . 2010-06-23 21:34 1867904 ----a-w- c:\windows\system32\win32k.sys
2011-06-02 17:32 . 2011-06-02 17:32 591 ----a-w- c:\windows\uninstallstickies.bat
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-15 12:14 . 2010-12-03 18:00 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2011-05-04 02:52 . 2010-11-17 19:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2011-04-23 17:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 18:36 . 2011-05-02 18:36 284744 ----a-w- c:\windows\system32\guard32.dll
2011-05-02 15:30 . 2010-11-17 14:44 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-01 19:43 . 2011-05-01 19:43 9216 ----a-w- c:\windows\system32\drivers\SE_Filter.sys
2011-04-29 17:23 . 2010-06-23 21:34 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:47 . 2010-06-23 21:33 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:02 . 2010-06-23 21:34 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:02 . 2010-06-23 21:32 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:04 . 2010-06-23 21:34 919552 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:04 . 2010-06-23 21:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:04 . 2010-06-23 21:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 11:36 . 2010-06-23 21:32 385024 ----a-w- c:\windows\system32\html.iec
2011-04-24 22:14 . 2011-03-26 09:50 225856 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2011-04-21 13:52 . 2010-06-23 21:33 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-06-16 04:17 . 2011-06-20 17:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0064\DriverFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0065\DriverFiles\i386\atapi.sys
.
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 1B6162FE7F66B1A71A4B70F941C4AA9B . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-04-14 . ED0A176354487CEED65B80A7148AB739 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
.
[-] 2008-04-14 . 72E1E9E2977BE08BDEEDB6D8FD9D4D40 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
.
[-] 2008-04-14 12:00 . E7B375DFFB68A16659CA66474A280C47 . 806912 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-04-14 07:51 . E7B375DFFB68A16659CA66474A280C47 . 806912 . . [2001.12.4414.700] . . c:\windows\system32\anyue\comres.dll
.
[-] 2010-06-23 . 4F40D16B2D5ED9E48A193CE468912FED . 111104 . . [5.1.2600.5922] . . c:\windows\system32\services.exe
.
[-] 2008-04-14 . F3AB0933CBD166D271992F411C27CCAF . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
.
[-] 2008-04-14 . 6C60CA8AC7470AC01CFD3D24C7283CD1 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
.
[-] 2008-04-14 . 7FDE9FC15765E02B23E1756930165AD1 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
.
[-] 2008-04-14 . C66BA7BD13C8FB8BEC4863B88641C763 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
.
[-] 2008-04-14 . 9FA69781CAA7A1DA981A24F240A61A60 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
.
[-] 2008-04-14 . 830CE8951C71F361D7D2F38416CC8BC1 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
.
[-] 2008-04-14 . 5EE949255BABC0B17C09DDB2E59E3878 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
.
[-] 2008-04-14 . 7DC1830F22E7D275B438127B68030239 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . 7DC1830F22E7D275B438127B68030239 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\anyue\userinit.exe
.
[-] 2008-04-14 . 951D473917C51F21496D914CF6E5DDD1 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
.
[-] 2008-04-14 . 859F7735F199C90403340183A3DDFB78 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
.
[-] 2008-04-14 . FDEB1D02CAE38665CBF114F44E6B997E . 147968 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2010-07-16 . C85BE0CF9C91EB64CECA1D639D71D4CC . 1288704 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
.
[-] 2010-04-16 . A0C90E01D288A618AE6B99E92B7E0115 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
.
[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
.
[-] 2008-04-14 . 278A14BEDEF58687EAF8BEC056A78D8B . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
.
[-] 2008-04-14 . EAA4BB9EDB3FB10CF8979FE65E63658F . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
.
[-] 2008-04-14 . 2EE99F67C930931EB404DADCE57E976E . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
.
[-] 2010-06-23 . 8F41FD1CC693054347C6FB7B0E618B07 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\anyue\ctfmon.exe
.
[-] 2010-06-23 . 54A6BF743E0517528A5064CEAEB40EA7 . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
.
[-] 2008-04-14 . 8F31505484A190D5B22274708799F4EC . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
.
[-] 2008-04-14 . 3FF232A7731621B8902D81D42418C93C . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
.
[-] 2008-04-14 . BECD5271DC4E3B7C3D035F790FCBC1E5 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
.
[-] 2010-06-23 . 0E43A7CF302D85273FC86F5FCA9A1909 . 297472 . . [5.1.2600.5815] . . c:\windows\system32\termsrv.dll
.
[-] 2008-04-14 . 6B8E7A90E576D4FE308F97C69060A171 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
.
[-] 2008-04-14 . AFDFF022A01F0B11C776F0860C3B282F . 11776 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2010-06-23 21:46 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2008-04-14 . 77BC45F0DC276D8CA1FE3F7E6A9E4735 . 35840 . . [5.1.2600.5512] . . c:\windows\system32\iprip.dll
.
[-] 2008-04-14 . 221CD1C815B8A6B79389C3F5D1018DE8 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
.
[-] 2010-06-23 21:33 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
.
[-] 2008-04-14 12:00 . 023DD70573D644F3D9C8B1258A7BFD08 . 435712 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
.
[-] 2008-04-14 . 651BD90DCEE5B7BDC74A2EB7C9266F9E . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
.
[-] 2008-04-14 . 8E009E7AC012823845D5F39A77F4A27F . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-07-09 02:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
.
[-] 2008-04-14 . EDAD701F01FFD9B5799B8FCF1CF6BDA7 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-07-09 02:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
.
[-] 2008-04-14 12:00 . 16C195EBC0A3EC35C48D0C2D9A346BAB . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
.
[-] 2008-04-14 . 1682285F7C0934C764A0EBBC568153CA . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
.
[-] 2008-04-14 . 614F8186BDAB926E3B1D8927A4161B54 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
.
[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
.
[-] 2008-04-14 . C1CDD9275F6A115BB0AE1D55D8D27BA6 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
.
[-] 2008-04-14 . 160A1500DDBE42F8793E3AD341E4BEC4 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
.
[-] 2008-04-14 . B26098F3DC08D841DE3D79C38ACCB807 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shortcutor"="c:\program files\Coode Software\Shortcutor\Shortcutor.exe" [2011-01-18 3975168]
"SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2011-06-08 26441568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2011-07-02 2856392]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
c:\documents and settings\Martin MTA\Nabˇdka Start\Po spuçtŘnˇ\
Stickies.lnk - c:\program files\Stickies\stickies.exe [2011-6-2 1122304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoChangeAnimation"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 15 (0xf)
"DisableMyMusicDirChange"= 0 (0x0)
"DisableMyPicturesDirChange"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 1 (0x1)
"NoChangeAnimation"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoFileUrl"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3 (0x3)
"cmdAgent"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"SolutoService"=2 (0x2)
"Cleaner_Validator"=3 (0x3)
"ASO3DiskOptimizer"=2 (0x2)
"ose"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Spooler"=2 (0x2)
"ABBYY.Licensing.FineReader.Corporate.10.0"=2 (0x2)
"WPFFontCache_v0400"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"Steam Client Service"=3 (0x3)
"SCUG"=3 (0x3)
"PSGenUn"=3 (0x3)
"PCToolsSSDMonitorSvc"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"DfSdkS"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AdvancedSystemCareService"=2 (0x2)
"UxTuneUp"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\1AVCenter\\1AVCenter.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Foxreal\\YouTube FLV Downloader Pro\\Foxreal YouTube FLV Downloader Pro.exe"=
"c:\\Program Files\\Opera 11.00 beta\\opera.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\cleverboy\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [5.1.2011 21:50 40560]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [9.4.2011 10:34 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [9.4.2011 10:34 52224]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [26.3.2011 11:50 225856]
S1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [2.7.2011 9:00 121560]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3.7.2011 21:28 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.7.2011 21:28 309848]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [23.1.2011 16:32 13696]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [23.6.2010 23:37 9472]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.7.2011 21:28 19544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 Iprip;Naslouchání RIP;c:\windows\System32\svchost.exe -k netsvcs [23.6.2010 23:34 14848]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [28.12.2010 23:14 101904]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1.9.2010 10:30 15544]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [19.6.2011 9:55 12984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [26.5.2011 19:01 353168]
S4 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [28.4.2011 19:22 406016]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [21.4.2011 12:22 632792]
S4 PSGenUn;Panda Security Generic Uninstaller; [x]
S4 SCUG;SCUG; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
netsvcs_Untrusted_BZ REG_MULTI_SZ BITS_Untrusted_BZ netman_Untrusted_BZ wuauserv_Untrusted_BZ " winmgmt_Untrusted_BZ
WINRM REG_MULTI_SZ WINRM
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
TCP: Interfaces\{67248C3A-8940-4F83-AD35-C623096EEF54}: NameServer = 10.0.82.65,62.240.184.2
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Martin MTA\Data aplikací\Mozilla\Firefox\Profiles\be9q4e4g.default\
FF - prefs.js: browser.startup.homepage - http://www.google.cz
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-17 19:37
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-1060284298-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}]
@Denied: (Full) (Administrators)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InProcServer32]
@="c:\\Program Files\\Internet Explorer\\ieproxy.dll"
"ThreadingModel"="Both"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1364)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2011-07-17 19:41:43
ComboFix-quarantined-files.txt 2011-07-17 17:41
.
Před spuštěním: Volných bajtů: 37 518 942 208
Po spuštění: Volných bajtů: 37 463 822 336
.
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5,10,11,12,13,14,15,16,17,18
- - End Of File - - BD5C5D8D98B32DEB78C354826AD4DCCA

[Rudy]

Ještě dočistíme. Otevřte poznámkový bloka zkopírujte do něj:

Dirver::
PSGenUn
SCUG

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[BOnioo1775]

Pardon, jen dotaz nemá to být Driver?

[Mc_Murphy]

Pardon, jen dotaz nemá to být Driver?

Omlouvám se Rudymu za vstup.

Ano, samozřejmě, ve scriptu má být Driver:: .
Aplikujte jej a dále postupujte podle dalších rad Rudyho.

[Rudy]

Omlouvám se za překlep.

[BOnioo1775]

ComboFix 11-07-17.03 - Martin MTA 17.07.2011 22:49:02.21.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.546 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martin MTA\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Martin MTA\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PSGENUN
-------\Legacy_SCUG
-------\Service_PSGenUn
-------\Service_SCUG
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-17 do 2011-07-17 )))))))))))))))))))))))))))))))
.
.
2011-07-17 19:40 . 2011-07-17 19:40 -------- d-----w- c:\windows\LastGood
2011-07-17 19:23 . 2011-07-17 19:23 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Yahoo!
2011-07-15 08:49 . 2011-07-15 08:49 -------- d-----w- c:\program files\CrystalDiskInfo
2011-07-14 11:52 . 2011-07-14 11:52 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2011-07-14 11:44 . 2011-07-14 11:44 -------- d-----w- C:\temp
2011-07-14 11:43 . 2011-07-14 11:54 -------- d-----w- C:\Inetpub
2011-07-14 08:58 . 2011-07-14 08:59 -------- d-----w- c:\program files\SpeedFan
2011-07-13 18:32 . 2011-07-15 08:39 -------- d--h--w- c:\windows\$hf_mig$
2011-07-13 13:44 . 2011-07-14 09:45 -------- d-----w- c:\program files\Free Window Registry Repair
2011-07-13 08:21 . 2011-07-13 08:21 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\KoshyJohn.com
2011-07-12 08:35 . 2011-07-12 08:35 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\JPEGsnoop
2011-07-11 17:32 . 2011-07-11 17:32 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\ATI
2011-07-11 11:19 . 2011-07-11 11:19 -------- d-----w- c:\program files\Octatec
2011-07-11 09:06 . 2011-07-11 09:06 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\Secunia PSI
2011-07-11 09:06 . 2011-07-11 09:06 -------- d-----w- c:\program files\Secunia
2011-07-10 10:38 . 2011-07-10 10:38 -------- d-----w- c:\program files\FileHippo.com
2011-07-10 10:07 . 2011-07-10 10:08 -------- d-----w- c:\program files\AntiLogger
2011-07-09 14:57 . 2011-07-09 14:57 -------- d-----w- c:\program files\AutoIt3
2011-07-08 14:21 . 2011-07-08 14:21 -------- d-----w- c:\program files\Glarysoft
2011-07-07 20:05 . 2011-07-14 09:45 -------- d-----w- c:\program files\JDownloader
2011-07-07 14:47 . 2011-07-17 10:49 -------- d-----w- C:\rsit
2011-07-07 13:34 . 2011-07-07 13:34 -------- d--h--w- c:\documents and settings\Martin MTA\Okolní tiskárny
2011-07-07 11:37 . 2011-07-14 15:02 -------- d-----w- c:\documents and settings\_ocster_backup_.BUTTERFL-3JCAIC
2011-07-07 11:21 . 2011-07-16 13:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-07 11:19 . 2011-07-07 11:19 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Malwarebytes
2011-07-06 19:16 . 2011-07-06 19:16 -------- d-----w- c:\windows\6.7.2011
2011-07-06 11:39 . 2011-07-06 11:39 -------- d-----w- C:\symbols
2011-07-06 10:15 . 2011-07-06 10:15 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\Microsoft Help
2011-07-06 09:21 . 2011-07-06 09:21 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\Temp
2011-07-05 15:38 . 2011-07-10 10:08 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\{7BD01092-3B6F-4E1D-BFBD-ABDDA8096C67}
2011-07-05 09:26 . 2011-07-05 09:26 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Windows Search
2011-07-04 21:20 . 2011-07-14 13:47 -------- d-----w- c:\program files\Everything
2011-07-04 19:04 . 2011-07-04 19:04 -------- d-----w- c:\documents and settings\MTA 2\Data aplikací\Malwarebytes
2011-07-04 11:16 . 2011-07-04 11:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-07-04 11:16 . 2011-07-04 11:16 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\ATI
2011-07-04 11:08 . 2011-07-04 11:09 -------- d-----w- c:\program files\ATI Technologies
2011-07-04 11:08 . 2011-07-04 11:10 -------- d-----w- c:\program files\ATI
2011-07-04 11:07 . 2011-07-04 11:07 -------- d-----w- C:\ATI
2011-07-03 21:43 . 2008-04-14 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-07-03 21:41 . 2008-04-14 12:00 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
2011-07-03 21:41 . 2008-04-14 12:00 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
2011-07-03 21:41 . 2008-04-14 12:00 215552 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2011-07-03 21:41 . 2008-04-14 12:00 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
2011-07-03 19:27 . 2011-07-03 19:27 -------- d-----w- c:\program files\AVAST Software
2011-07-03 19:27 . 2011-07-03 19:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-07-03 15:46 . 2011-07-03 15:46 -------- d-----w- c:\windows\addins
2011-07-03 15:17 . 2011-07-03 21:14 -------- d-----w- c:\windows\system
2011-07-02 19:50 . 2011-07-02 19:50 -------- d-----w- c:\program files\GetData
2011-07-02 17:14 . 2011-07-02 17:14 -------- d-----w- c:\program files\OO Software
2011-07-02 13:01 . 2011-07-07 13:36 -------- d--h--w- c:\documents and settings\Default User.WINDOWSH
2011-07-02 13:01 . 2011-07-02 11:56 -------- d-----w- c:\documents and settings\All Users.WINDOWSH
2011-07-02 12:08 . 2011-07-17 17:27 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2011-07-02 11:48 . 2011-07-17 17:28 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2011-07-02 07:32 . 2011-07-02 07:32 -------- d-----w- c:\program files\Realtek
2011-06-30 22:06 . 2011-07-17 17:28 -------- d-s---w- c:\documents and settings\TEMP.BUTTERFL-3JCAIC
2011-06-30 15:33 . 2011-06-30 15:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Help
2011-06-30 10:46 . 2011-06-30 21:44 -------- d-----w- c:\documents and settings\Martin MTA\Impostazioni locali
2011-06-30 07:57 . 2011-06-30 07:57 -------- d-----w- c:\program files\Greatis
2011-06-29 19:25 . 2011-06-29 19:25 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\QFX Software
2011-06-29 19:25 . 2011-06-29 19:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\QFX Software
2011-06-29 06:41 . 2011-06-29 06:41 0 ----a-w- c:\windows\ativpsrm.bin
2011-06-28 20:05 . 2011-06-28 20:05 -------- d-----w- c:\windows\OPTIONS
2011-06-27 10:59 . 2011-06-27 11:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BitDefender
2011-06-27 10:58 . 2011-06-27 11:01 -------- d-----w- c:\program files\Common Files\BitDefender
2011-06-26 12:05 . 2011-06-26 12:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-06-24 14:23 . 2011-06-25 10:34 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\QuickScan
2011-06-20 17:48 . 2011-07-14 15:02 -------- d-----w- c:\program files\Wise Disk Cleaner
2011-06-19 08:07 . 2011-06-19 08:07 -------- d-----w- c:\program files\Belkin
2011-06-19 07:57 . 2011-06-19 07:57 -------- d-----w- c:\program files\VIA
2011-06-19 07:54 . 2011-06-19 07:54 -------- d-----w- c:\program files\SlimDrivers
2011-06-19 07:31 . 2011-06-19 07:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Innovative Solutions
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2010-11-17 19:21 40112 ----a-w- c:\windows\avastSS.scr
2011-06-20 17:08 . 2011-06-11 08:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-19 07:49 . 2011-04-22 19:53 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-06-06 11:36 . 2010-06-23 21:34 1867904 ----a-w- c:\windows\system32\win32k.sys
2011-06-02 17:32 . 2011-06-02 17:32 591 ----a-w- c:\windows\uninstallstickies.bat
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-15 12:14 . 2010-12-03 18:00 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2011-05-04 02:52 . 2010-11-17 19:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2011-04-23 17:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 18:36 . 2011-05-02 18:36 284744 ----a-w- c:\windows\system32\guard32.dll
2011-05-02 15:30 . 2010-11-17 14:44 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-01 19:43 . 2011-05-01 19:43 9216 ----a-w- c:\windows\system32\drivers\SE_Filter.sys
2011-04-29 17:23 . 2010-06-23 21:34 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:47 . 2010-06-23 21:33 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:02 . 2010-06-23 21:34 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:02 . 2010-06-23 21:32 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:04 . 2010-06-23 21:34 919552 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:04 . 2010-06-23 21:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:04 . 2010-06-23 21:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 11:36 . 2010-06-23 21:32 385024 ----a-w- c:\windows\system32\html.iec
2011-04-24 22:14 . 2011-03-26 09:50 225856 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2011-04-21 13:52 . 2010-06-23 21:33 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-06-16 04:17 . 2011-06-20 17:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0064\DriverFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0065\DriverFiles\i386\atapi.sys
.
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 1B6162FE7F66B1A71A4B70F941C4AA9B . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-04-14 . ED0A176354487CEED65B80A7148AB739 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
.
[-] 2008-04-14 . 72E1E9E2977BE08BDEEDB6D8FD9D4D40 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
.
[-] 2008-04-14 12:00 . E7B375DFFB68A16659CA66474A280C47 . 806912 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-04-14 07:51 . E7B375DFFB68A16659CA66474A280C47 . 806912 . . [2001.12.4414.700] . . c:\windows\system32\anyue\comres.dll
.
[-] 2010-06-23 . 4F40D16B2D5ED9E48A193CE468912FED . 111104 . . [5.1.2600.5922] . . c:\windows\system32\services.exe
.
[-] 2008-04-14 . F3AB0933CBD166D271992F411C27CCAF . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
.
[-] 2008-04-14 . 6C60CA8AC7470AC01CFD3D24C7283CD1 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
.
[-] 2008-04-14 . 7FDE9FC15765E02B23E1756930165AD1 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
.
[-] 2008-04-14 . C66BA7BD13C8FB8BEC4863B88641C763 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
.
[-] 2008-04-14 . 9FA69781CAA7A1DA981A24F240A61A60 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
.
[-] 2008-04-14 . 830CE8951C71F361D7D2F38416CC8BC1 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
.
[-] 2008-04-14 . 5EE949255BABC0B17C09DDB2E59E3878 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
.
[-] 2008-04-14 . 7DC1830F22E7D275B438127B68030239 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . 7DC1830F22E7D275B438127B68030239 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\anyue\userinit.exe
.
[-] 2008-04-14 . 951D473917C51F21496D914CF6E5DDD1 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
.
[-] 2008-04-14 . 859F7735F199C90403340183A3DDFB78 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
.
[-] 2008-04-14 . FDEB1D02CAE38665CBF114F44E6B997E . 147968 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2010-07-16 . C85BE0CF9C91EB64CECA1D639D71D4CC . 1288704 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
.
[-] 2010-04-16 . A0C90E01D288A618AE6B99E92B7E0115 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
.
[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
.
[-] 2008-04-14 . 278A14BEDEF58687EAF8BEC056A78D8B . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
.
[-] 2008-04-14 . EAA4BB9EDB3FB10CF8979FE65E63658F . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
.
[-] 2008-04-14 . 2EE99F67C930931EB404DADCE57E976E . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
.
[-] 2010-06-23 . 8F41FD1CC693054347C6FB7B0E618B07 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\anyue\ctfmon.exe
.
[-] 2010-06-23 . 54A6BF743E0517528A5064CEAEB40EA7 . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
.
[-] 2008-04-14 . 8F31505484A190D5B22274708799F4EC . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
.
[-] 2008-04-14 . 3FF232A7731621B8902D81D42418C93C . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
.
[-] 2008-04-14 . BECD5271DC4E3B7C3D035F790FCBC1E5 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
.
[-] 2010-06-23 . 0E43A7CF302D85273FC86F5FCA9A1909 . 297472 . . [5.1.2600.5815] . . c:\windows\system32\termsrv.dll
.
[-] 2008-04-14 . 6B8E7A90E576D4FE308F97C69060A171 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
.
[-] 2008-04-14 . AFDFF022A01F0B11C776F0860C3B282F . 11776 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2010-06-23 21:46 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2008-04-14 . 77BC45F0DC276D8CA1FE3F7E6A9E4735 . 35840 . . [5.1.2600.5512] . . c:\windows\system32\iprip.dll
.
[-] 2008-04-14 . 221CD1C815B8A6B79389C3F5D1018DE8 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
.
[-] 2010-06-23 21:33 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
.
[-] 2008-04-14 12:00 . 023DD70573D644F3D9C8B1258A7BFD08 . 435712 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
.
[-] 2008-04-14 . 651BD90DCEE5B7BDC74A2EB7C9266F9E . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
.
[-] 2008-04-14 . 8E009E7AC012823845D5F39A77F4A27F . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-07-09 02:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
.
[-] 2008-04-14 . EDAD701F01FFD9B5799B8FCF1CF6BDA7 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-07-09 02:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
.
[-] 2008-04-14 12:00 . 16C195EBC0A3EC35C48D0C2D9A346BAB . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
.
[-] 2008-04-14 . 1682285F7C0934C764A0EBBC568153CA . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
.
[-] 2008-04-14 . 614F8186BDAB926E3B1D8927A4161B54 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
.
[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
.
[-] 2008-04-14 . C1CDD9275F6A115BB0AE1D55D8D27BA6 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
.
[-] 2008-04-14 . 160A1500DDBE42F8793E3AD341E4BEC4 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
.
[-] 2008-04-14 . B26098F3DC08D841DE3D79C38ACCB807 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-07-17_17.37.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-17 20:43 . 2011-07-17 20:43 16384 c:\windows\temp\usgthrsvc\Perflib_Perfdata_6c4.dat
+ 2011-07-17 19:40 . 2011-07-17 19:27 12984 c:\windows\LastGood\system32\DRIVERS\SWDUMon.sys
- 2011-07-17 11:34 . 2011-07-17 08:42 12984 c:\windows\LastGood\system32\DRIVERS\SWDUMon.sys
+ 2011-07-14 11:52 . 2011-07-17 20:47 225975 c:\windows\system32\inetsrv\MetaBase.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shortcutor"="c:\program files\Coode Software\Shortcutor\Shortcutor.exe" [2011-01-18 3975168]
"SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2011-06-08 26441568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2011-07-02 2856392]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
c:\documents and settings\Martin MTA\Nabˇdka Start\Po spuçtŘnˇ\
Stickies.lnk - c:\program files\Stickies\stickies.exe [2011-6-2 1122304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoChangeAnimation"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 15 (0xf)
"DisableMyMusicDirChange"= 0 (0x0)
"DisableMyPicturesDirChange"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 1 (0x1)
"NoChangeAnimation"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoFileUrl"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3 (0x3)
"cmdAgent"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"SolutoService"=2 (0x2)
"Cleaner_Validator"=3 (0x3)
"ASO3DiskOptimizer"=2 (0x2)
"ose"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Spooler"=2 (0x2)
"ABBYY.Licensing.FineReader.Corporate.10.0"=2 (0x2)
"WPFFontCache_v0400"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"Steam Client Service"=3 (0x3)
"SCUG"=3 (0x3)
"PSGenUn"=3 (0x3)
"PCToolsSSDMonitorSvc"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"DfSdkS"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AdvancedSystemCareService"=2 (0x2)
"UxTuneUp"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\1AVCenter\\1AVCenter.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Foxreal\\YouTube FLV Downloader Pro\\Foxreal YouTube FLV Downloader Pro.exe"=
"c:\\Program Files\\Opera 11.00 beta\\opera.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\cleverboy\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [5.1.2011 21:50 40560]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [9.4.2011 10:34 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [9.4.2011 10:34 52224]
R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [2.7.2011 9:00 121560]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3.7.2011 21:28 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.7.2011 21:28 309848]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [23.1.2011 16:32 13696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.7.2011 21:28 19544]
R2 Iprip;Naslouchání RIP;c:\windows\System32\svchost.exe -k netsvcs [23.6.2010 23:34 14848]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [28.12.2010 23:14 101904]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [26.3.2011 11:50 225856]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [23.6.2010 23:37 9472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1.9.2010 10:30 15544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [26.5.2011 19:01 353168]
S4 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [28.4.2011 19:22 406016]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [21.4.2011 12:22 632792]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - P2PIMSVC
*NewlyCreated* - PNRPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
netsvcs_Untrusted_BZ REG_MULTI_SZ BITS_Untrusted_BZ netman_Untrusted_BZ wuauserv_Untrusted_BZ " winmgmt_Untrusted_BZ
WINRM REG_MULTI_SZ WINRM
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
TCP: Interfaces\{67248C3A-8940-4F83-AD35-C623096EEF54}: NameServer = 10.0.82.65,62.240.184.2
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Martin MTA\Data aplikací\Mozilla\Firefox\Profiles\be9q4e4g.default\
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-17 23:05
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-1060284298-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}]
@Denied: (Full) (Administrators)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InProcServer32]
@="c:\\Program Files\\Internet Explorer\\ieproxy.dll"
"ThreadingModel"="Both"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1708)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(7860)
c:\windows\system32\msi.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Celkový čas: 2011-07-17 23:14:55
ComboFix-quarantined-files.txt 2011-07-17 21:14
ComboFix2.txt 2011-07-17 17:41
.
Před spuštěním: Volných bajtů: 37 583 659 008
Po spuštění: Volných bajtů: 37 562 572 800
.
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5,10,11,12,13,14,15,16,17,18
- - End Of File - - 1539BD11098783B8B4AFA40F2E9299BA

[Rudy]

Smazáno, log již vypadá čistý. Nastala nějaká změna?

[BOnioo1775]

Bohužel nenastala

[Rudy]

Pak budete muset zkusit opravu systému z instal. média.

[BOnioo1775]

Opravu systému jsem provedl, a nepomohla - viz RSIT log, popř OTL log mohu dodat, ale nechám to být.

Zkusím se obrátit na technickou podporu Microsoftu a řešit na vlastní pěst. I tak Vám děkuji za Vaši pomoc.

[Rudy]

Vypadá to na poškozený systém. Pokud vám u MS neporadí nějaký konkrétní trik, nezbude vám, než ta oprava systému. Virový problém to patrně nebude.