Win32/Rustock v paměti

[Lanys]

Ahoj,
comp mi hlásí Win32/Rustock v operační paměti.
Děkuji za pomoc

Logfile of random's system information tool 1.06 (written by random/random)
Run by Luboš at 2010-03-05 14:08:58
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (3%) free of 60 GB
Total RAM: 1023 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:16, on 5.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Luboš\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Luboš.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [reset] regedit /s reset.reg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NodEnabler] C:\Program Files\ESET\ESET Smart Security\NodEnabler.exe /s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Aktualizovat ESET licenci.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2eaf5bb1-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {e59eb121-f339-4851-a3ba-fe49c35617c2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {e59eb121-f339-4851-a3ba-fe49c35617c2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7786870125
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2842529968
O23 - Service: Avira AntiVir Scheduler (antivirschedulerservice) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ICQ Service (icq service) - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SbPF.Launcher (sbpf.launcher) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (spf4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 9238 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-07-16 61440]
"reset"=regedit /s reset.reg []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"NodEnabler"=C:\Program Files\ESET\ESET Smart Security\NodEnabler.exe /s []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-01-17 486856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Aktualizovat ESET licenci.lnk - C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-08-01 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pevsystemstart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\pevsystemstart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe"="C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"C:\WINDOWS\system32\wscntfy.exe"="C:\WINDOWS\system32\wscntfy.exe:*:Enabled:ENABLE"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe:*:Enabled:ENABLE"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe"

======List of files/folders created in the last 1 months======

2010-03-05 13:15:56 ----D---- C:\Program Files\Sunbelt Software
2010-03-05 13:03:54 ----D---- C:\Program Files\Avira
2010-03-05 13:03:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2010-03-05 13:02:43 ----SHD---- C:\Config.Msi
2010-03-05 12:22:51 ----D---- C:\Program Files\trend micro
2010-03-05 12:22:50 ----D---- C:\rsit
2010-03-05 12:14:53 ----D---- C:\WINDOWS\Temp
2010-02-22 17:00:36 ----D---- C:\Program Files\SwissManagerUniCode

======List of files/folders modified in the last 1 months======

2010-03-05 14:06:33 ----D---- C:\WINDOWS\Prefetch
2010-03-05 14:03:20 ----D---- C:\Program Files\Mozilla Firefox
2010-03-05 13:37:47 ----D---- C:\Program Files\AdVantage
2010-03-05 13:37:24 ----AD---- C:\WINDOWS
2010-03-05 13:34:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-05 13:16:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-05 13:16:08 ----SHD---- C:\WINDOWS\Installer
2010-03-05 13:16:03 ----HD---- C:\WINDOWS\inf
2010-03-05 13:16:01 ----D---- C:\WINDOWS\system32\drivers
2010-03-05 13:16:01 ----D---- C:\WINDOWS\system32
2010-03-05 13:15:56 ----RD---- C:\Program Files
2010-03-05 13:03:09 ----D---- C:\WINDOWS\WinSxS
2010-03-05 12:15:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-05 12:15:03 ----D---- C:\WINDOWS\Help
2010-03-05 12:13:07 ----D---- C:\WINDOWS\system32\config
2010-03-05 12:13:07 ----D---- C:\WINDOWS\Minidump
2010-03-05 12:13:07 ----D---- C:\Documents and Settings\Luboš\Data aplikací\uTorrent
2010-03-05 12:01:23 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-04 23:25:16 ----D---- C:\Program Files\VirtualNetwork
2010-03-04 22:46:04 ----D---- C:\Program Files\ESET
2010-03-02 12:45:59 ----A---- C:\WINDOWS\ChssBase.ini
2010-02-27 17:00:55 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-27 16:30:48 ----D---- C:\Documents and Settings\Luboš\Data aplikací\ICQ
2010-02-26 06:36:02 ----D---- C:\WINDOWS\system32\oodag
2010-02-17 17:11:06 ----D---- C:\Program Files\Microsoft ActiveSync

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 elbycdio;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 sbfw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-07-29 278984]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-06-17 25416]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-01 3266560]
R3 elbycdfl;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sbfwimcl;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S1 6f6acb6e;6f6acb6e; C:\WINDOWS\System32\drivers\6f6acb6e.sys []
S1 c6b17381;c6b17381; C:\WINDOWS\System32\drivers\c6b17381.sys []
S2 acpi32;acpi32; \??\C:\WINDOWS\system32\drivers\acpi32.sys []
S2 ati64si;ati64si; \??\C:\WINDOWS\system32\drivers\ati64si.sys []
S2 i386si;i386si; \??\C:\WINDOWS\system32\drivers\i386si.sys []
S2 port135sik;port135sik; \??\C:\WINDOWS\system32\drivers\port135sik.sys []
S2 ws2_32sik;ws2_32sik; \??\C:\WINDOWS\system32\drivers\ws2_32sik.sys []
S3 aeq0upb0;aeq0upb0; C:\WINDOWS\system32\drivers\aeq0upb0.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-02-17 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-02-17 24616]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 antivirservice;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 antivirschedulerservice;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-01 573440]
R2 icq service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2005-05-11 225280]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-10-15 243056]
R2 sbpf.launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 spf4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-07-31 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-06-02 504104]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]

-----------------EOF-----------------

[Caroprd111]

Zdravím

Na logu se pracuje, prosím o strpení.

[Caroprd111]

Stáhněte na plochu CKScanner http://downloads.malwareremoval.com/CKScanner.exe

• Spusťte a klikněte na "Search For Files", po dokončení skenu klikněte na "Save List to File" -> "OK"
• Log s názvem ckfiles.txt bude uložený na ploše, obsah tohoto souboru sem vložte.

[Lanys]

Antivir a firewall už jsem instaloval předtím (Avira+Sunbelt Kerio)

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\luboš\dokumenty\tt7\crack\meta.txt
c:\documents and settings\luboš\dokumenty\tt7\crack\tt8_kg.xex.exe
scanner sequence 3.AA.11
----- EOF -----

[Caroprd111]

Otevřete si Poznámkový blok a zkopírujte do něj text (z bílého políčka):

Kód: Vybrat vše

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pevsystemstart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\pevsystemstart]

Nyní uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek, klik na uložit, pak na soubor standardně 2X kliknete a potvrďte dialogové okno.




Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Během skenování může být počítač restartován.

[Lanys]

ComboFix 10-03-04.05 - Luboš 05.03.2010 15:37:56.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.663 [GMT 1:00]
Spuštěný z: c:\documents and settings\Luboš\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\test.txt
c:\windows\wiaservim.log

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_i386si
-------\Legacy_port135sik
-------\Legacy_WS2_32SIK
-------\Service_acpi32
-------\Service_ati64si
-------\Service_i386si
-------\Service_port135sik
-------\Service_ws2_32sik


((((((((((((((((((((((((( Soubory vytvořené od 2010-02-05 do 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-03-05 14:50 . 2010-03-05 14:50 -------- d-----w- c:\windows\LastGood
2010-03-05 12:16 . 2008-10-31 06:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2010-03-05 12:16 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2010-03-05 12:15 . 2010-03-05 12:15 -------- d-----w- c:\program files\Sunbelt Software
2010-03-05 12:03 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-05 12:03 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-05 12:03 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-05 12:03 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-05 12:03 . 2010-03-05 12:03 -------- d-----w- c:\program files\Avira
2010-03-05 11:22 . 2010-03-05 13:30 -------- d-----w- c:\program files\trend micro
2010-03-05 11:22 . 2010-03-05 11:23 -------- d-----w- C:\rsit
2010-02-22 16:00 . 2010-02-25 15:36 -------- d-----w- c:\program files\SwissManagerUniCode
2010-02-04 09:58 . 2010-02-04 09:58 -------- d-sh--w- c:\windows\ftpcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 13:27 . 2009-09-09 14:42 -------- d-----w- c:\program files\ESET
2010-03-05 12:37 . 2008-08-10 09:54 -------- d-----w- c:\program files\AdVantage
2010-03-05 12:32 . 2009-06-17 13:56 0 ----a-w- c:\windows\system32\drivers\c6b17381.sys
2010-03-04 22:25 . 2008-06-12 11:25 -------- d-----w- c:\program files\VirtualNetwork
2010-02-17 16:11 . 2010-01-05 18:31 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-30 08:33 . 2008-04-04 22:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-13 15:57 . 2010-01-13 15:51 -------- d-----w- c:\program files\ICQ6.5
2010-01-13 15:51 . 2010-01-13 15:51 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-06 17:08 . 2001-10-25 12:00 76246 ----a-w- c:\windows\system32\perfc005.dat
2010-01-06 17:08 . 2001-10-25 12:00 407124 ----a-w- c:\windows\system32\perfh005.dat
2010-01-05 19:24 . 2008-03-15 14:53 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-01-05 19:24 . 2008-03-15 14:53 -------- d-----w- c:\program files\Sony Ericsson
2010-01-05 18:30 . 2010-01-05 18:30 -------- d-----w- c:\program files\Windows Mobile Device Handbook
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reset"="regedit" [X]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.2.2008 20:19 716272]
R1 sbfw;SbFw;c:\windows\system32\drivers\SbFw.sys [5.3.2010 13:16 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 antivirschedulerservice;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5.3.2010 13:03 108289]
R2 icq service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.1.2010 16:51 222968]
R2 sbpf.launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 spf4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 sbfwimcl;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [5.3.2010 13:16 65576]
S1 6f6acb6e;6f6acb6e;c:\windows\system32\drivers\6f6acb6e.sys [4.4.2009 13:50 0]
S1 c6b17381;c6b17381;c:\windows\system32\drivers\c6b17381.sys [17.6.2009 14:56 0]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [17.2.2009 21:08 13224]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [4.4.2008 12:25 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [4.4.2008 12:25 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [4.4.2008 12:25 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [4.4.2008 12:25 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [4.4.2008 12:25 98568]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [26.10.2009 18:50 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [26.10.2009 18:50 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [26.10.2009 18:50 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [26.10.2009 19:07 99112]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [26.10.2009 18:51 97320]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Luboš\Data aplikací\Mozilla\Firefox\Profiles\tg8e2of4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\Luboš\Data aplikací\Mozilla\Firefox\Profiles\tg8e2of4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Luboš\Data aplikací\Mozilla\Firefox\Profiles\tg8e2of4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-NodEnabler - c:\program files\ESET\ESET Smart Security\NodEnabler.exe
AddRemove-swissmanagerunicode - h:\swissm~1\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 15:48
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x867571F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7650fc3
\Driver\ACPI -> ACPI.sys @ 0xf739ecb8
\Driver\atapi -> 0x867c41f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7225ba0
PacketIndicateHandler -> NDIS.sys @ 0xf7232b21
SendHandler -> NDIS.sys @ 0xf721087b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-57989841-1078145449-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="A80A14D46DE297718B5D8A5413100D9FD1B2CB175B213F6C0A588255E94CAA89B196FBB61D6AF3F9E1C4EA7F18CE5A45B9E7823FA0B778B1A8E8DF1DCEC1D31203D4412D03F7BC2BE4B28E5339690119E65EB13EA058E855A1853EEB89F20B4006A16EC0241B6BC17C0DE3AB0AC56DF85FA849E09A639077B809B31DA9D504125B3D5CFCFB05093F471FAB6412EF1D85DC3791F3C3DA82F9E12D2A0FB00A88CB55CD3CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667BA7FD869164D6794A6A0AC4980AC793323A99616A205A1B366F9C3E591F50E4F16DC485B1CBA0EC9F1BB623A7AA4DC79DD25BC12572F7B6D6BB1A90665D9B7E46BC46F79F847BD13991A1EF238B737414F1F7F69D94A012C4B9F0CCC7390EDC489C3FCE6D6F39637285EDC1005EDBFBD5D843AAB248447D07FFC60F996262C9A1A7F1EBB94CAA04398B9A49BDD6AA582F334EE76F43F46138277BEE46ED956E0C91026A15288C396E5D32137060AFB75000240FECF12DA7DD330E4F4DF1FB06648068AD6F49B51E715C7A01403D73B4FF5B6760DFBC7C46FF8BB33A8939D63D04B61652E25AAF93E292596799F96BD1FCB0FFCFD055E2A9A76A3AF1174317D950A1A748C518DD4772CED1BC46ABA4444FB3A6441B80811065A6301D134687082C219196EAA51DBC4AC1BE5E3B36E70F7855CDF5CABAC668C34EEF527C4889035363C59DF25356DA83C9458D912104B416A8DC765B3E57CDD17A8FE5CE00818242755DF04FAAECBFEEFBB753EE1AF3EFDB1591889EE81057B9AEAB0D20391A315DEABFA9028651E72E164E13C3E931BE1E5BF718A38831BBDD981C480EB85B524AB781AD16F37ED842F526B938CB513711636953A35A1B9CC75AE166D9E78B242DB6955A35534A90AF9437F96EE42BF865423EE044DC5C0AA11A62839E4306532C6A1E6F9A2A0A4AB67E430AED31C1BCEB8E207E0AA90F4A753131F92CAA9F88BC1B5AAD9E37595E5A1DB36546657844C5BC610E23D527F6B691243C01F12003BACB0A4DE6B5E9489D6BD6B98993FBF55DC115BADB712EB7001B1819BF6CF717F661179374EBB22BCB795CE1E2451F313DF7A637A918A2B86CF79E9912B79A3EC53C77223E4A3A0767A63839B00BC2D820AAFC294842B91CE0CE033A2D559D6EB5DBA7FFA4D5DD503D798505E6A69D97686CFB85C91155741F1D6B66559702AB670453128E8E5EA068E9E9FC3E6EFCD94056F2BC67BA098A8C1B9EE03587225DE7D33BDA95BEC70715FCD01BFBB9DC0D63695A0DBC8D657A33EE1FD38BBC4AFC6F8C9FE110E58588F11F627D97074CD0B51BFC4B745F575A4AF9529552F0518A6DABBF2842FC077FCEB5CE82C562A75D1915D680A80F0BC72601358C1A3"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2944)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\oodag.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wscntfy.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\SOUNDMAN.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\progra~1\MICROS~3\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-03-05 15:54:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-05 14:54
ComboFix2.txt 2009-04-16 14:28

Před spuštěním: 1 478 864 896
Po spuštění: 1 759 973 376

- - End Of File - - ED94B325BD95036446CE2C56BADEAD24

[Caroprd111]

Pokud nemáte, přesuňte Combofix na plochu

• Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

Driver::
6f6acb6e
c6b17381

File::
c:\windows\system32\drivers\6f6acb6e.sys
c:\windows\system32\drivers\c6b17381.sys

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reset"=-

Folder::
c:\program files\ESET

• Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
• Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
  
  
• Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[Lanys]

ComboFix 10-03-04.05 - Luboš 05.03.2010 16:17:42.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.692 [GMT 1:00]
Spuštěný z: c:\documents and settings\Luboš\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Luboš\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

FILE ::
"c:\windows\system32\drivers\6f6acb6e.sys"
"c:\windows\system32\drivers\c6b17381.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ESET
c:\program files\ESET\ESET NOD32 Antivirus\em008_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em010_32.dat
c:\program files\ESET\ESET Smart Security\em008_32.dat
c:\program files\ESET\ESET Smart Security\em010_32.dat
c:\program files\ESET\ESET Smart Security\Uninstaller.exe
c:\windows\system32\drivers\6f6acb6e.sys
c:\windows\system32\drivers\c6b17381.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_6f6acb6e
-------\Service_c6b17381


((((((((((((((((((((((((( Soubory vytvořené od 2010-02-05 do 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-03-05 12:16 . 2008-10-31 06:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2010-03-05 12:16 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2010-03-05 12:15 . 2010-03-05 12:15 -------- d-----w- c:\program files\Sunbelt Software
2010-03-05 12:03 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-05 12:03 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-05 12:03 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-05 12:03 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-05 12:03 . 2010-03-05 12:03 -------- d-----w- c:\program files\Avira
2010-03-05 11:22 . 2010-03-05 13:30 -------- d-----w- c:\program files\trend micro
2010-03-05 11:22 . 2010-03-05 11:23 -------- d-----w- C:\rsit
2010-02-22 16:00 . 2010-02-25 15:36 -------- d-----w- c:\program files\SwissManagerUniCode
2010-02-04 09:58 . 2010-02-04 09:58 -------- d-sh--w- c:\windows\ftpcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 12:37 . 2008-08-10 09:54 -------- d-----w- c:\program files\AdVantage
2010-03-04 22:25 . 2008-06-12 11:25 -------- d-----w- c:\program files\VirtualNetwork
2010-02-17 16:11 . 2010-01-05 18:31 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-30 08:33 . 2008-04-04 22:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-13 15:57 . 2010-01-13 15:51 -------- d-----w- c:\program files\ICQ6.5
2010-01-13 15:51 . 2010-01-13 15:51 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-06 17:08 . 2001-10-25 12:00 76246 ----a-w- c:\windows\system32\perfc005.dat
2010-01-06 17:08 . 2001-10-25 12:00 407124 ----a-w- c:\windows\system32\perfh005.dat
2010-01-05 19:24 . 2008-03-15 14:53 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-01-05 19:24 . 2008-03-15 14:53 -------- d-----w- c:\program files\Sony Ericsson
2010-01-05 18:30 . 2010-01-05 18:30 -------- d-----w- c:\program files\Windows Mobile Device Handbook
.

((((((((((((((((((((((((((((( SnapShot@2009-04-16_14.22.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2005-09-23 00:16 . 2005-09-23 00:16 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2005-09-23 00:16 . 2005-09-23 00:16 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2007-07-30 18:19 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2008-02-12 18:06 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2008-02-12 18:06 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-03-05 14:50 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-03-05 14:50 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2009-06-14 13:38 . 2009-01-07 18:14 60273 c:\windows\system32\pthreadGC2.dll
+ 2001-10-25 12:00 . 2010-01-06 17:08 64508 c:\windows\system32\perfc009.dat
+ 2002-01-05 02:38 . 2002-01-05 02:38 54784 c:\windows\system32\msvci70.dll
+ 2008-02-12 18:04 . 2001-10-25 12:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat
+ 2009-07-08 15:10 . 2009-11-09 15:05 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-06-14 13:38 . 2009-04-02 13:21 84480 c:\windows\system32\ff_vfw.dll
+ 2009-02-17 13:33 . 2009-02-17 13:33 89256 c:\windows\system32\ElbyCDIO.dll
+ 2010-01-05 19:37 . 2010-01-05 19:36 25512 c:\windows\system32\DRVSTORE\ggsemc_978D03B6E152B3469C240DF96316F7602BCF0471\x86\ggsemc.sys
+ 2010-01-05 19:37 . 2010-01-05 19:36 13224 c:\windows\system32\DRVSTORE\ggsemc_978D03B6E152B3469C240DF96316F7602BCF0471\x86\ggflt.sys
+ 2005-02-23 13:11 . 2005-02-23 13:11 79488 c:\windows\system32\drivers\z800obex.sys
+ 2005-02-23 13:11 . 2005-02-23 13:11 81760 c:\windows\system32\drivers\z800mgmt.sys
+ 2005-02-23 13:11 . 2005-02-23 13:11 89872 c:\windows\system32\drivers\z800mdm.sys
+ 2005-02-23 13:11 . 2005-02-23 13:11 10736 c:\windows\system32\drivers\z800cm95.sys
+ 2005-02-23 13:11 . 2005-02-23 13:11 55216 c:\windows\system32\drivers\z800bus.sys
+ 2004-08-30 10:55 . 2004-08-30 10:55 75584 c:\windows\system32\drivers\v800obex.sys
+ 2004-08-30 10:55 . 2004-08-30 10:55 77760 c:\windows\system32\drivers\v800mgmt.sys
+ 2004-08-30 10:55 . 2004-08-30 10:55 84544 c:\windows\system32\drivers\v800mdm.sys
+ 2004-08-30 10:55 . 2004-08-30 10:55 10704 c:\windows\system32\drivers\v800cm95.sys
+ 2004-08-30 10:55 . 2004-08-30 10:55 52416 c:\windows\system32\drivers\v800bus.sys
+ 2010-01-05 18:31 . 2005-10-21 01:47 12800 c:\windows\system32\drivers\usb8023x.sys
+ 2004-08-03 21:04 . 2005-10-21 01:47 12800 c:\windows\system32\drivers\usb8023.sys
+ 2010-03-05 12:03 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2008-06-21 03:54 . 2008-06-21 03:54 66600 c:\windows\system32\drivers\sbhips.sys
+ 2009-10-26 17:50 . 2007-06-19 08:51 11176 c:\windows\system32\drivers\s816whnt.sys
+ 2009-10-26 17:50 . 2007-06-19 08:51 11176 c:\windows\system32\drivers\s816wh.sys
+ 2009-10-26 17:51 . 2007-06-19 08:51 97320 c:\windows\system32\drivers\s816obex.sys
+ 2009-10-26 18:07 . 2007-06-19 08:51 99112 c:\windows\system32\drivers\s816mgmt.sys
+ 2009-10-26 17:50 . 2007-06-19 08:51 13864 c:\windows\system32\drivers\s816mdfl.sys
+ 2009-10-26 17:50 . 2007-06-19 08:51 11176 c:\windows\system32\drivers\s816cmnt.sys
+ 2009-10-26 17:50 . 2007-06-19 08:51 11176 c:\windows\system32\drivers\s816cm.sys
+ 2009-10-26 17:50 . 2007-06-19 08:51 81832 c:\windows\system32\drivers\s816bus.sys
+ 2010-01-05 18:31 . 2005-10-21 01:47 30592 c:\windows\system32\drivers\rndismpx.sys
+ 2004-08-03 21:04 . 2005-10-21 01:47 30592 c:\windows\system32\drivers\rndismp.sys
+ 2005-03-11 15:17 . 2005-03-11 15:17 79488 c:\windows\system32\drivers\k750obex.sys
+ 2005-03-11 15:17 . 2005-03-11 15:17 81728 c:\windows\system32\drivers\k750mgmt.sys
+ 2005-03-11 15:17 . 2005-03-11 15:17 89872 c:\windows\system32\drivers\k750mdm.sys
+ 2005-03-11 15:17 . 2005-03-11 15:17 10736 c:\windows\system32\drivers\k750cm95.sys
+ 2005-03-11 15:17 . 2005-03-11 15:17 55216 c:\windows\system32\drivers\k750bus.sys
+ 2009-02-17 17:11 . 2009-02-17 17:11 24232 c:\windows\system32\drivers\ElbyCDIO.sys
+ 2007-02-16 00:57 . 2007-02-16 00:57 34760 c:\windows\system32\drivers\ElbyCDFL.sys
+ 2009-06-14 13:38 . 2008-12-11 00:33 86016 c:\windows\system32\dpl100.dll
+ 2008-02-12 18:06 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2008-02-12 18:06 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-03 21:04 . 2005-10-21 01:47 12800 c:\windows\system32\dllcache\usb8023.sys
+ 2004-08-03 21:04 . 2005-10-21 01:47 30592 c:\windows\system32\dllcache\rndismp.sys
+ 2004-08-17 13:49 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2006-11-13 15:49 . 2006-11-13 15:49 23336 c:\windows\system32\ceutil.dll
+ 2004-08-17 13:49 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2009-08-06 18:24 . 2009-08-06 18:24 44768 c:\windows\SoftwareDistribution\WebSetup\wups2.dll
+ 2009-08-06 18:24 . 2009-08-06 18:24 35552 c:\windows\SoftwareDistribution\WebSetup\wups.dll
+ 2009-08-06 18:24 . 2009-08-06 18:24 53472 c:\windows\SoftwareDistribution\WebSetup\wuauclt.exe
+ 2009-08-06 18:24 . 2009-08-06 18:24 96480 c:\windows\SoftwareDistribution\WebSetup\cdm.dll
+ 2008-04-13 06:01 . 2008-04-13 06:01 86528 c:\windows\Installer\d610783.msi
+ 2008-07-22 15:02 . 2008-07-22 15:02 87552 c:\windows\Installer\10961db3.msi
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut9.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut8_A888ADCD972E402C989E44C9B6E8DB64.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut8.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 61440 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut6_DE8DC033F69A4FE5B06ADACA24AB087B.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut40.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 61440 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut4_DE8DC033F69A4FE5B06ADACA24AB087B_2.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut4.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut39.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut38.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut37.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut36.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut35.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut34.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut33.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut32.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut30.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut3_A888ADCD972E402C989E44C9B6E8DB64.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut3_1.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut29.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut28.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut27.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut26.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut25.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut24.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut23.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut22.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut21.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut20.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 61440 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut2_DE8DC033F69A4FE5B06ADACA24AB087B.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut2_1.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut19.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut18.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut17_A888ADCD972E402C989E44C9B6E8DB64.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut16_A888ADCD972E402C989E44C9B6E8DB64.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut15_A888ADCD972E402C989E44C9B6E8DB64.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut14_A888ADCD972E402C989E44C9B6E8DB64.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut14.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut13_A888ADCD972E402C989E44C9B6E8DB64.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut13.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut12_A888ADCD972E402C989E44C9B6E8DB64.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut12.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut11_A888ADCD972E402C989E44C9B6E8DB64.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut11.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut10.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 25214 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut1_1.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 65536 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut1_0068B077AFDF4F14913EF2B7D0012422.exe
+ 2010-01-05 19:24 . 2010-01-05 19:24 10134 c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\ARPPRODUCTICON.exe
+ 2010-01-05 21:42 . 2010-01-05 21:42 22486 c:\windows\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\WCESMgrIcon.exe
+ 2010-01-05 21:42 . 2010-01-05 21:42 22486 c:\windows\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\ARPPRODUCTICON.exe
- 2008-07-22 14:51 . 2008-11-01 07:12 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-07-22 14:51 . 2010-01-05 20:24 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-07-22 14:51 . 2010-01-05 20:24 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-07-22 14:51 . 2008-11-01 07:12 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-07-22 14:51 . 2010-01-05 20:24 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-07-22 14:51 . 2008-11-01 07:12 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-07-22 14:51 . 2008-11-01 07:12 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-07-22 14:51 . 2010-01-05 20:24 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-07-22 14:51 . 2008-11-01 07:12 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-07-22 14:51 . 2010-01-05 20:24 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-07-22 14:51 . 2010-01-05 20:24 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-07-22 14:51 . 2008-11-01 07:12 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-03-05 12:16 . 2010-03-05 12:16 57344 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\NewShortcut4_C665E66BE8EF49DBB30B81BB5E60462C.exe
+ 2010-03-05 12:16 . 2010-03-05 12:16 18718 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2010-03-05 12:16 . 2010-03-05 12:16 18718 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\ARPPRODUCTICON.exe
+ 2007-03-22 18:29 . 2007-03-22 18:29 14704 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\SMARTTAGINSTALL.EXE
+ 2007-04-19 13:10 . 2007-04-19 13:10 65888 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\SEQCHK10.DLL
+ 2007-03-22 18:07 . 2007-03-22 18:07 69984 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\SENDTO.DLL
+ 2007-03-22 18:07 . 2007-03-22 18:07 78168 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-04-19 13:10 . 2007-04-19 13:10 63840 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\REFIEBAR.DLL
+ 2007-03-22 18:07 . 2007-03-22 18:07 41824 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-22 18:05 . 2007-03-22 18:05 97632 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2007-03-22 18:07 . 2007-03-22 18:07 52576 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\OUTLWAB.DLL
+ 2007-04-19 12:52 . 2007-04-19 12:52 30560 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\OUTLACCT.DLL
+ 2007-03-22 18:06 . 2007-03-22 18:06 46432 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\OISCTRL.DLL
+ 2007-03-22 18:23 . 2007-03-22 18:23 17248 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\NPOFFICE.DLL
+ 2007-04-19 13:10 . 2007-04-19 13:10 80216 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\NAME.DLL
+ 2007-03-22 18:29 . 2007-03-22 18:29 44888 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSSH.DLL
+ 2007-04-09 12:23 . 2007-04-09 12:23 25992 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSPGIMME.DLL
+ 2007-04-19 12:57 . 2007-04-19 12:57 46432 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSOXMLMF.DLL
+ 2007-03-22 18:13 . 2007-03-22 18:13 58720 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSOXMLED.EXE
+ 2007-03-22 18:13 . 2007-03-22 18:13 45408 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSOXEV.DLL
+ 2007-04-19 13:07 . 2007-04-19 13:07 45408 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSOSVFBR.DLL
+ 2007-03-22 18:29 . 2007-03-22 18:29 39256 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSOSV.DLL
+ 2007-04-19 13:07 . 2007-04-19 13:07 36192 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSOSTYLE.DLL
+ 2007-04-19 13:07 . 2007-04-19 13:07 61280 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSOHTMED.EXE
+ 2007-04-19 12:56 . 2007-04-19 12:56 29024 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSOEURO.DLL
+ 2007-03-22 18:29 . 2007-03-22 18:29 31072 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSODCW.DLL
+ 2007-03-22 18:29 . 2007-03-22 18:29 20824 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSMH.DLL
+ 2007-04-30 14:11 . 2007-04-30 14:11 89440 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSENCODE.DLL
+ 2007-04-09 12:23 . 2007-04-09 12:23 46472 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MDIUI.DLL
+ 2007-04-09 12:23 . 2007-04-09 12:23 28552 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MDIPPR.DLL
+ 2007-04-09 12:23 . 2007-04-09 12:23 28040 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MDIMON.DLL
+ 2007-03-22 18:06 . 2007-03-22 18:06 17248 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\FINDER.EXE
+ 2007-03-22 18:29 . 2007-03-22 18:29 39264 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\DWTRIG20.EXE
+ 2007-03-22 18:29 . 2007-03-22 18:29 43360 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\DWDCW20.DLL
+ 2007-03-22 18:23 . 2007-03-22 18:23 19800 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\DSITF.DLL
+ 2007-04-19 12:55 . 2007-04-19 12:55 53088 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\DFUICOM.EXE
+ 2007-03-22 18:29 . 2007-03-22 18:29 99160 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\AW.DLL
+ 2007-04-19 13:10 . 2007-04-19 13:10 45920 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\AUTHZAX.DLL
+ 2007-03-22 18:07 . 2007-03-22 18:07 91488 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2010-01-05 18:31 . 2005-10-21 01:47 12800 c:\windows\Driver Cache\i386\usb8023x.sys
+ 2010-01-05 18:31 . 2005-10-21 01:47 30592 c:\windows\Driver Cache\i386\rndismpx.sys
+ 2010-01-05 18:32 . 2004-08-03 21:04 12672 c:\windows\$NtUninstallKB909394$\usb8023.sys
+ 2010-01-05 18:32 . 2004-08-03 21:04 30080 c:\windows\$NtUninstallKB909394$\rndismp.sys
+ 2009-06-14 13:38 . 1998-05-12 18:36 5632 c:\windows\system32\pndx5032.dll
- 2008-12-08 05:46 . 1998-05-12 18:36 5632 c:\windows\system32\pndx5032.dll
+ 2009-06-14 13:38 . 1998-03-26 02:57 6656 c:\windows\system32\pndx5016.dll
- 2008-12-08 05:46 . 1998-03-26 02:57 6656 c:\windows\system32\pndx5016.dll
+ 2005-02-23 13:11 . 2005-02-23 13:11 5744 c:\windows\system32\drivers\z800whnt.sys
+ 2005-02-23 13:11 . 2005-02-23 13:11 6640 c:\windows\system32\drivers\z800wh95.sys
+ 2005-02-23 13:11 . 2005-02-23 13:11 6576 c:\windows\system32\drivers\z800mdfl.sys
+ 2005-02-23 13:11 . 2005-02-23 13:11 4048 c:\windows\system32\drivers\z800cr.sys
+ 2005-02-23 13:11 . 2005-02-23 13:11 6144 c:\windows\system32\drivers\z800cmnt.sys
+ 2004-08-30 10:55 . 2004-08-30 10:55 5776 c:\windows\system32\drivers\v800whnt.sys
+ 2004-08-30 10:55 . 2004-08-30 10:55 6704 c:\windows\system32\drivers\v800wh95.sys
+ 2004-08-30 10:55 . 2004-08-30 10:55 6160 c:\windows\system32\drivers\v800mdfl.sys
+ 2004-08-30 10:55 . 2004-08-30 10:55 4016 c:\windows\system32\drivers\v800cr.sys
+ 2004-08-30 10:55 . 2004-08-30 10:55 6144 c:\windows\system32\drivers\v800cmnt.sys
+ 2005-03-11 15:17 . 2005-03-11 15:17 5744 c:\windows\system32\drivers\k750whnt.sys
+ 2005-03-11 15:17 . 2005-03-11 15:17 6640 c:\windows\system32\drivers\k750wh95.sys
+ 2005-03-11 15:17 . 2005-03-11 15:17 6576 c:\windows\system32\drivers\k750mdfl.sys
+ 2005-03-11 15:17 . 2005-03-11 15:17 4048 c:\windows\system32\drivers\k750cr.sys
+ 2005-03-11 15:17 . 2005-03-11 15:17 6144 c:\windows\system32\drivers\k750cmnt.sys
- 2008-07-22 14:51 . 2008-11-01 07:12 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-07-22 14:51 . 2010-01-05 20:24 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-07-13 15:18 . 2009-07-13 15:18 132096 c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.1002.3_x-ww_88ef1b2a\rtcres.dll
+ 2009-07-13 15:18 . 2009-07-13 15:18 833536 c:\windows\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.1002.3_x-ww_021cfae0\dxmrtp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2008-12-08 05:46 . 2004-01-25 16:18 217088 c:\windows\system32\yv12vfw.dll
+ 2009-06-14 13:38 . 2004-01-25 16:18 217088 c:\windows\system32\yv12vfw.dll
+ 2009-06-14 13:38 . 2008-12-07 18:08 130048 c:\windows\system32\xvidvfw.dll
+ 2009-06-14 13:38 . 2008-12-07 18:08 795648 c:\windows\system32\xvidcore.dll
+ 2008-02-12 18:06 . 2009-08-06 18:23 209624 c:\windows\system32\wuweb.dll
+ 2008-02-12 18:06 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2008-02-12 18:06 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2009-06-14 13:38 . 2008-09-16 19:23 168448 c:\windows\system32\unrar.dll
- 2008-12-08 05:46 . 2008-09-10 19:56 185920 c:\windows\system32\rmoc3260.dll
+ 2009-06-14 13:38 . 2008-09-10 18:56 185920 c:\windows\system32\rmoc3260.dll
+ 2006-11-13 15:50 . 2006-11-13 15:50 138024 c:\windows\system32\rapi.dll
- 2008-12-08 05:46 . 2001-06-22 23:31 278528 c:\windows\system32\pncrt.dll
+ 2009-06-14 13:38 . 2001-06-22 23:31 278528 c:\windows\system32\pncrt.dll
+ 2001-10-25 12:00 . 2010-01-06 17:08 409368 c:\windows\system32\perfh009.dat
+ 2007-07-30 18:18 . 2009-08-06 18:23 215920 c:\windows\system32\muweb.dll
+ 2008-02-13 15:39 . 2009-08-06 18:23 274288 c:\windows\system32\mucltui.dll
+ 2002-01-05 03:36 . 2002-01-05 03:36 964608 c:\windows\system32\mfc70u.dll
+ 2002-01-05 03:48 . 2002-01-05 03:48 974848 c:\windows\system32\mfc70.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-02-12 18:57 . 2010-01-06 05:19 158752 c:\windows\system32\FNTCACHE.DAT
+ 2010-01-05 19:37 . 2010-01-05 19:36 113008 c:\windows\system32\DRVSTORE\seser_BCFAC537964EFAEA0286CE9B17BC804B8114201F\seusbser.sys
+ 2010-01-05 19:37 . 2010-01-05 19:36 113008 c:\windows\system32\DRVSTORE\semdm_BCFAC537964EFAEA0286CE9B17BC804B8114201F\seusbser.sys
+ 2009-10-26 17:50 . 2007-06-19 08:51 107304 c:\windows\system32\drivers\s816mdm.sys
+ 2008-02-12 18:06 . 2009-08-06 18:23 209624 c:\windows\system32\dllcache\wuweb.dll
+ 2008-02-12 18:06 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2008-02-12 18:06 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
- 2008-12-08 05:46 . 2008-10-28 22:35 684032 c:\windows\system32\divx.dll
+ 2009-06-14 13:38 . 2008-11-06 16:33 684032 c:\windows\system32\divx.dll
+ 2009-06-16 17:45 . 2009-06-16 17:45 262144 c:\windows\system32\config\systemprofile\NtUser.dat
+ 2009-08-06 18:24 . 2009-08-06 18:24 327896 c:\windows\SoftwareDistribution\WebSetup\wucltui.dll
+ 2009-08-06 18:23 . 2009-08-06 18:23 575704 c:\windows\SoftwareDistribution\WebSetup\wuapi.dll
+ 2008-07-12 20:23 . 2008-07-12 20:23 532992 c:\windows\Installer\d8d97.msi
+ 2007-11-07 13:07 . 2007-11-07 13:07 999936 c:\windows\Installer\d61078c.msp
+ 2007-11-07 12:56 . 2007-11-07 12:56 553472 c:\windows\Installer\d610789.msp
+ 2007-11-07 12:58 . 2007-11-07 12:58 908800 c:\windows\Installer\d610785.msp
+ 2007-11-07 12:54 . 2007-11-07 12:54 507392 c:\windows\Installer\d610784.msp
+ 2008-08-30 15:29 . 2008-08-30 15:29 228352 c:\windows\Installer\cb5579.msi
+ 2008-08-30 15:29 . 2008-08-30 15:29 252416 c:\windows\Installer\cb5572.msi
+ 2008-08-30 15:29 . 2008-08-30 15:29 246272 c:\windows\Installer\cb556b.msi
+ 2008-08-30 15:29 . 2008-08-30 15:29 292864 c:\windows\Installer\cb5564.msi
+ 2008-08-30 15:29 . 2008-08-30 15:29 214528 c:\windows\Installer\cb555d.msi
+ 2008-08-30 15:29 . 2008-08-30 15:29 319488 c:\windows\Installer\cb5556.msi
+ 2008-08-30 15:29 . 2008-08-30 15:29 216576 c:\windows\Installer\cb554f.msi
+ 2008-08-30 15:29 . 2008-08-30 15:29 301568 c:\windows\Installer\cb5548.msi
+ 2008-08-30 15:29 . 2008-08-30 15:29 321024 c:\windows\Installer\cb5541.msi
+ 2008-08-30 15:29 . 2008-08-30 15:29 292352 c:\windows\Installer\cb553a.msi
+ 2008-04-07 20:53 . 2008-04-07 20:53 331264 c:\windows\Installer\c456452.msi
+ 2008-04-15 08:28 . 2008-04-15 08:28 864768 c:\windows\Installer\ad07f3d.msi
+ 2010-01-05 21:42 . 2010-01-05 21:42 849408 c:\windows\Installer\7fcedc.msi
+ 2009-07-13 15:18 . 2009-07-13 15:18 407040 c:\windows\Installer\6f856ea.msi
+ 2008-01-23 14:51 . 2008-01-23 14:51 816640 c:\windows\Installer\431b2ad2.msp
+ 2008-04-25 16:24 . 2008-04-25 16:24 691200 c:\windows\Installer\400455a8.msi
+ 2009-06-07 11:24 . 2009-06-07 11:24 152576 c:\windows\Installer\3e622d.msi
+ 2008-02-14 19:25 . 2008-02-14 19:25 156672 c:\windows\Installer\3d45b.msi
+ 2008-02-14 19:25 . 2008-02-14 19:25 161280 c:\windows\Installer\3d454.msi
+ 2008-02-14 19:25 . 2008-02-14 19:25 165376 c:\windows\Installer\3d44d.msi
+ 2008-02-14 19:25 . 2008-02-14 19:25 217088 c:\windows\Installer\3d446.msi
+ 2008-02-14 19:25 . 2008-02-14 19:25 157696 c:\windows\Installer\3d43f.msi
+ 2009-07-27 04:30 . 2009-07-27 04:30 399872 c:\windows\Installer\3149836.msi
+ 2008-03-19 15:25 . 2008-03-19 15:25 431104 c:\windows\Installer\241ad8da.msi
+ 2008-04-09 14:31 . 2008-04-09 14:31 557056 c:\windows\Installer\20e99.msi
+ 2008-04-09 14:31 . 2008-04-09 14:31 269312 c:\windows\Installer\20e92.msi
+ 2008-02-12 18:12 . 2008-02-12 18:12 265216 c:\windows\Installer\18e17.msi
+ 2008-04-09 14:27 . 2008-04-09 14:27 100352 c:\windows\Installer\15326129.msi
+ 2010-03-05 12:16 . 2010-03-05 12:16 481280 c:\windows\Installer\11c0caf.msi
+ 2010-03-05 12:03 . 2010-03-05 12:03 228352 c:\windows\Installer\10fee2d.msi
- 2008-07-22 14:51 . 2008-11-01 07:12 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-07-22 14:51 . 2010-01-05 20:24 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-07-22 14:51 . 2008-11-01 07:12 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-07-22 14:51 . 2010-01-05 20:24 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-07-22 14:51 . 2010-01-05 20:24 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-07-22 14:51 . 2008-11-01 07:12 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-07-22 14:51 . 2008-11-01 07:12 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-07-22 14:51 . 2010-01-05 20:24 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-07-22 14:51 . 2008-11-01 07:12 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-07-22 14:51 . 2010-01-05 20:24 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-07-22 14:51 . 2010-01-05 20:24 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-07-22 14:51 . 2008-11-01 07:12 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-03-22 18:22 . 2007-03-22 18:22 103264 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-03-22 18:09 . 2007-03-22 18:09 394080 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\RTFHTML.DLL
+ 2007-06-06 11:07 . 2007-06-06 11:07 100192 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\REFEDIT.DLL
+ 2007-03-22 18:05 . 2007-03-22 18:05 434016 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\PP4X322.DLL
+ 2007-04-19 12:53 . 2007-04-19 12:53 109408 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL
+ 2007-03-22 18:06 . 2007-03-22 18:06 245600 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\OISGRAPH.DLL
+ 2007-04-19 12:50 . 2007-04-19 12:50 837472 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\OISAPP.DLL
+ 2007-03-22 18:06 . 2007-03-22 18:06 287576 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\OIS.EXE
+ 2007-04-19 13:09 . 2007-04-19 13:09 157024 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSWEBCAP.DLL
+ 2007-04-19 13:00 . 2007-04-19 13:00 489824 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSTORES.DLL
+ 2007-04-19 13:00 . 2007-04-19 13:00 130912 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSTORE.EXE
+ 2007-04-19 13:00 . 2007-04-19 13:00 637792 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSTORDB.EXE
+ 2007-04-09 12:24 . 2007-04-09 12:24 367496 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSPVIEW.EXE
+ 2007-04-19 12:49 . 2007-04-19 12:49 383328 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSORUN.DLL
+ 2007-03-22 18:04 . 2007-03-22 18:04 130912 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSOCFU.DLL
+ 2007-03-22 18:04 . 2007-03-22 18:04 109912 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSOCF.DLL
+ 2007-04-19 13:10 . 2007-04-19 13:10 127840 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSOAUTH.DLL
+ 2007-05-10 13:35 . 2007-05-10 13:35 120160 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSCONV97.DLL
+ 2007-04-19 13:01 . 2007-04-19 13:01 238424 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
+ 2007-04-09 12:24 . 2007-04-09 12:24 453512 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MDIVWCTL.DLL
+ 2007-04-09 12:23 . 2007-04-09 12:23 231816 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MDIINK.DLL
+ 2007-04-09 12:24 . 2007-04-09 12:24 758664 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MDIGRAPH.DLL
+ 2007-02-26 07:52 . 2007-02-26 07:52 517472 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\INTLNAME.DLL
+ 2007-04-19 12:09 . 2007-04-19 12:09 167256 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 13:10 . 2007-04-19 13:10 116576 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\IEAWSDC.DLL
+ 2007-04-19 13:16 . 2007-04-19 13:16 807256 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\FPWEC.DLL
+ 2007-04-19 12:47 . 2007-04-19 12:47 186208 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\FPERSON.DLL
+ 2007-04-19 13:15 . 2007-04-19 13:15 192344 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\FPDTC.DLL
+ 2007-05-10 12:44 . 2007-05-10 12:44 121688 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\DSSM.EXE
+ 2007-03-22 18:06 . 2007-03-22 18:06 355168 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\CDLMSO.DLL
+ 2010-01-05 18:32 . 2005-10-12 23:12 371424 c:\windows\$NtUninstallKB909394$\spuninst\updspapi.dll
+ 2010-01-05 18:32 . 2005-10-12 23:12 213216 c:\windows\$NtUninstallKB909394$\spuninst\spuninst.exe
+ 2009-07-13 15:18 . 2009-07-13 15:18 1055744 c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.1002.3_x-ww_92561fce\rtcdll.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2005-09-23 00:16 . 2005-09-23 00:16 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2005-09-23 00:16 . 2005-09-23 00:16 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2010-01-05 19:24 . 2010-01-05 19:24 1230336 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
+ 2008-02-12 18:06 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2004-07-17 09:35 . 2004-07-17 09:35 1356800 c:\windows\system32\webfldrs.msi
- 2008-12-08 05:46 . 2008-09-19 21:57 3596288 c:\windows\system32\qt-dx331.dll
+ 2009-06-14 13:38 . 2008-11-06 16:37 3596288 c:\windows\system32\qt-dx331.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-01-05 19:37 . 2010-01-05 19:36 1112288 c:\windows\system32\DRVSTORE\ggsemc_978D03B6E152B3469C240DF96316F7602BCF0471\x86\WdfCoInstaller01007.dll
+ 2008-02-12 18:06 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2009-08-06 18:23 . 2009-08-06 18:23 1929952 c:\windows\SoftwareDistribution\WebSetup\wuaueng.dll
+ 2007-05-25 11:08 . 2007-05-25 11:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2008-07-12 20:23 . 2008-07-12 20:23 3699200 c:\windows\Installer\d8d8f.msi
+ 2007-11-07 12:50 . 2007-11-07 12:50 6055936 c:\windows\Installer\d61078b.msp
+ 2007-11-07 13:00 . 2007-11-07 13:00 3407360 c:\windows\Installer\d61078a.msp
+ 2007-11-07 12:46 . 2007-11-07 12:46 3010560 c:\windows\Installer\d610788.msp
+ 2007-11-07 13:02 . 2007-11-07 13:02 6473216 c:\windows\Installer\d610787.msp
+ 2007-11-07 13:12 . 2007-11-07 13:12 2533376 c:\windows\Installer\d610786.msp
+ 2008-08-30 15:29 . 2008-08-30 15:29 1082368 c:\windows\Installer\cb5580.msi
+ 2008-02-12 20:10 . 2008-02-12 20:10 3446272 c:\windows\Installer\74d28.msi
+ 2008-08-10 09:26 . 2008-08-10 09:26 2802688 c:\windows\Installer\507bd5.msi
+ 2008-12-02 05:22 . 2008-12-02 05:22 9602560 c:\windows\Installer\44b1d259.msi
+ 2008-08-14 13:01 . 2008-08-14 13:01 5517312 c:\windows\Installer\431b2aff.msp
+ 2008-07-08 09:27 . 2008-07-08 09:27 8436736 c:\windows\Installer\431b2ae9.msp
+ 2008-06-25 14:59 . 2008-06-25 14:59 3283456 c:\windows\Installer\25bbf23.msi
+ 2008-06-25 14:58 . 2008-06-25 14:58 8984576 c:\windows\Installer\25bbf1c.msi
+ 2008-06-25 14:57 . 2008-06-25 14:57 2793984 c:\windows\Installer\25bbcb9.msi
+ 2008-06-25 14:10 . 2008-06-25 14:10 1549312 c:\windows\Installer\230bf27.msi
+ 2008-04-09 14:48 . 2008-04-09 14:48 6164480 c:\windows\Installer\20ea3.msi
+ 2008-06-23 14:43 . 2008-06-23 14:43 1383424 c:\windows\Installer\1aa9c8.msi
+ 2008-06-11 13:05 . 2008-06-11 13:05 9994240 c:\windows\Installer\19cdc665.msp
+ 2005-10-26 12:59 . 2005-10-26 12:59 2883072 c:\windows\Installer\19cdc64f.msp
+ 2008-04-01 12:33 . 2008-04-01 12:33 5479936 c:\windows\Installer\19cdc638.msp
+ 2008-01-31 08:30 . 2008-01-31 08:30 9947648 c:\windows\Installer\19cdc622.msp
+ 2008-01-14 14:53 . 2008-01-14 14:53 5213696 c:\windows\Installer\19cdc60c.msp
+ 2008-07-22 14:51 . 2008-07-22 14:51 5788160 c:\windows\Installer\108b4855.msi
+ 2008-03-15 14:54 . 2008-03-15 14:54 3395584 c:\windows\Installer\{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}\Sony Ericsson Drivers.msi
+ 2007-05-09 14:19 . 2007-05-09 14:19 2585936 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-10 12:42 . 2007-05-10 12:42 2839904 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\STSLIST.DLL
+ 2007-04-19 12:49 . 2007-04-19 12:49 1661280 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\PPTVIEW.EXE
+ 2007-05-10 12:45 . 2007-05-10 12:45 8069464 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2007-04-19 13:09 . 2007-04-19 13:09 1061720 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\OMFC.DLL
+ 2007-04-09 12:24 . 2007-04-09 12:24 1025416 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSPCORE.DLL
+ 2005-09-20 11:33 . 2005-09-20 11:33 1293008 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSONSEXT.DLL
+ 2007-05-02 12:45 . 2007-05-02 12:45 2123104 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\MSOLAP80.DLL
+ 2007-04-19 12:57 . 2007-04-19 12:57 2152792 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\GRAPH.EXE
+ 2007-05-31 12:50 . 2007-05-31 12:50 1168736 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\FPSRVUTL.DLL
+ 2007-06-06 11:46 . 2007-06-06 11:46 1961312 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\FPCUTL.DLL
+ 2007-06-06 09:53 . 2007-06-06 09:53 1195888 c:\windows\Installer\$PatchCache$\Managed\5040110900063D11C8EF10054038389C\11.0.8173\FM20.DLL
+ 2008-02-12 20:10 . 2008-02-12 20:10 19210240 c:\windows\Installer\8304c.msp
+ 2008-07-30 06:50 . 2008-07-30 06:50 12506112 c:\windows\Installer\431b2b41.msp
+ 2008-07-08 08:09 . 2008-07-08 08:09 11887616 c:\windows\Installer\431b2b36.msp
+ 2008-06-04 11:29 . 2008-06-04 11:29 16905728 c:\windows\Installer\431b2b0a.msp
+ 2008-07-01 07:25 . 2008-07-01 07:25 11814912 c:\windows\Installer\431b2ab8.msp
+ 2010-01-05 19:24 . 2010-01-05 19:24 30781952 c:\windows\Installer\2a911.msi
+ 2008-02-16 23:05 . 2008-02-16 23:05 15256576 c:\windows\Installer\2a072d2.msp
+ 2008-01-14 13:24 . 2008-01-14 13:24 10721280 c:\windows\Installer\19cdc5f6.msp
+ 2005-09-29 07:53 . 2005-09-29 07:53 81304064 c:\windows\Installer\108b48b8.msp
+ 2010-01-05 19:23 . 2010-01-05 19:23 58676736 c:\windows\Downloaded Installations\{66D8C376-87FE-4A10-A39A-2D775C361BDC}\Sony Ericsson PC Suite.msi
+ 2007-07-27 07:43 . 2007-07-27 07:43 109673984 c:\windows\Installer\48069db3.msp
.

[Lanys]

-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.2.2008 20:19 716272]
R1 sbfw;SbFw;c:\windows\system32\drivers\SbFw.sys [5.3.2010 13:16 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 antivirschedulerservice;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5.3.2010 13:03 108289]
R2 icq service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.1.2010 16:51 222968]
R2 sbpf.launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 spf4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 sbfwimcl;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [5.3.2010 13:16 65576]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [17.2.2009 21:08 13224]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [4.4.2008 12:25 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [4.4.2008 12:25 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [4.4.2008 12:25 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [4.4.2008 12:25 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [4.4.2008 12:25 98568]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [26.10.2009 18:50 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [26.10.2009 18:50 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [26.10.2009 18:50 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [26.10.2009 19:07 99112]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [26.10.2009 18:51 97320]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Luboš\Data aplikací\Mozilla\Firefox\Profiles\tg8e2of4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\Luboš\Data aplikací\Mozilla\Firefox\Profiles\tg8e2of4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Luboš\Data aplikací\Mozilla\Firefox\Profiles\tg8e2of4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-nodenabler - c:\program files\ESET\ESET Smart Security\Uninstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 16:26
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x867C51F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7650fc3
\Driver\ACPI -> ACPI.sys @ 0xf739ecb8
\Driver\atapi -> 0x867571f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7225ba0
PacketIndicateHandler -> NDIS.sys @ 0xf7232b21
SendHandler -> NDIS.sys @ 0xf721087b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-57989841-1078145449-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="A80A14D46DE297718B5D8A5413100D9FD1B2CB175B213F6C0A588255E94CAA89B196FBB61D6AF3F9E1C4EA7F18CE5A45B9E7823FA0B778B1A8E8DF1DCEC1D31203D4412D03F7BC2BE4B28E5339690119E65EB13EA058E855A1853EEB89F20B4006A16EC0241B6BC17C0DE3AB0AC56DF85FA849E09A639077B809B31DA9D504125B3D5CFCFB05093F471FAB6412EF1D85DC3791F3C3DA82F9E12D2A0FB00A88CB55CD3CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667BA7FD869164D6794A6A0AC4980AC793323A99616A205A1B366F9C3E591F50E4F16DC485B1CBA0EC9F1BB623A7AA4DC79DD25BC12572F7B6D6BB1A90665D9B7E46BC46F79F847BD13991A1EF238B737414F1F7F69D94A012C4B9F0CCC7390EDC489C3FCE6D6F39637285EDC1005EDBFBD5D843AAB248447D07FFC60F996262C9A1A7F1EBB94CAA04398B9A49BDD6AA582F334EE76F43F46138277BEE46ED956E0C91026A15288C396E5D32137060AFB75000240FECF12DA7DD330E4F4DF1FB06648068AD6F49B51E715C7A01403D73B4FF5B6760DFBC7C46FF8BB33A8939D63D04B61652E25AAF93E292596799F96BD1FCB0FFCFD055E2A9A76A3AF1174317D950A1A748C518DD4772CED1BC46ABA4444FB3A6441B80811065A6301D134687082C219196EAA51DBC4AC1BE5E3B36E70F7855CDF5CABAC668C34EEF527C4889035363C59DF25356DA83C9458D912104B416A8DC765B3E57CDD17A8FE5CE00818242755DF04FAAECBFEEFBB753EE1AF3EFDB1591889EE81057B9AEAB0D20391A315DEABFA9028651E72E164E13C3E931BE1E5BF718A38831BBDD981C480EB85B524AB781AD16F37ED842F526B938CB513711636953A35A1B9CC75AE166D9E78B242DB6955A35534A90AF9437F96EE42BF865423EE044DC5C0AA11A62839E4306532C6A1E6F9A2A0A4AB67E430AED31C1BCEB8E207E0AA90F4A753131F92CAA9F88BC1B5AAD9E37595E5A1DB36546657844C5BC610E23D527F6B691243C01F12003BACB0A4DE6B5E9489D6BD6B98993FBF55DC115BADB712EB7001B1819BF6CF717F661179374EBB22BCB795CE1E2451F313DF7A637A918A2B86CF79E9912B79A3EC53C77223E4A3A0767A63839B00BC2D820AAFC294842B91CE0CE033A2D559D6EB5DBA7FFA4D5DD503D798505E6A69D97686CFB85C91155741F1D6B66559702AB670453128E8E5EA068E9E9FC3E6EFCD94056F2BC67BA098A8C1B9EE03587225DE7D33BDA95BEC70715FCD01BFBB9DC0D63695A0DBC8D657A33EE1FD38BBC4AFC6F8C9FE110E58588F11F627D97074CD0B51BFC4B745F575A4AF9529552F0518A6DABBF2842FC077FCEB5CE82C562A75D1915D680A80F0BC72601358C1A3"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(480)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\oodag.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\SOUNDMAN.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2010-03-05 16:32:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-05 15:32
ComboFix2.txt 2010-03-05 14:55
ComboFix3.txt 2009-04-16 14:28

Před spuštěním: 1 788 104 704
Po spuštění: 1 753 333 760

- - End Of File - - A2281C727D9C300C919A4A95BDCCB4C0

[Caroprd111]

Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

[Lanys]

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys nvata.sys
kernel: MBR read successfully
user & kernel MBR OK

[Caroprd111]

Jak to vypadá s PC

[Lanys]

Vypadá to dobře, projel jsem to Avira Antivirem, našlo mě to ještě nějaké chyby, ale daly se opravit. Nejde mi update, asi zkusím ještě jinačí antivirus.
Děkuji

[Caroprd111]

Aktualizace opravíme následujícím krokem.

Stahněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

• Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
• Nic nemažte MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
• Log vložte sem.

[Lanys]

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3826
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

5.3.2010 19:23:44
mbam-log-2010-03-05 (19-23-37).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|F:\|)
Zkontrolované objekty: 236509
Uplynulý čas: 41 minute(s), 27 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 1
Infikované soubory: 7

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
C:\Program Files\Advantage (Adware.Advantage) -> No action taken.

Infikované soubory:
C:\System Volume Information\_restore{8E5E5EEB-22FE-430B-855B-96BA89DF4E83}\RP610\A0049360.dll (Trojan.BHO) -> No action taken.
C:\System Volume Information\_restore{8E5E5EEB-22FE-430B-855B-96BA89DF4E83}\RP610\A0049361.exe (Adware.ADON) -> No action taken.
F:\System Volume Information\_restore{55A88CD2-934D-4491-A4AE-8FE7DE9F84F0}\RP48\A0009627.EXE (Trojan.Downloader) -> No action taken.
F:\Šachy\Fritz9\Keygen.EXE (Trojan.Downloader) -> No action taken.
C:\Program Files\Advantage\AdVantage.htm (Adware.Advantage) -> No action taken.
C:\Documents and Settings\Luboš\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\Luboš\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.