Chybovka (start XP): c.exe - Vstupní bod nebyl nalezen.*

masquerade777 · Příspěvekod **masquerade777** » 08 lis 2009 13:25

Dobrý den. Mám problém. Po startu systému (Win Xp 5.1) se mi objevuje tato hláška:

c.exe - Vstupní bod nebyl nalezen

Vstupní bod procedury freeaddrinfo se nepodařilo v dynamicky propojované knihovně WS2_32.dll nalézt.

Je třeba to odkliknout (asi tak 10x) a pravidelně se to objevuje. (jinak ale pc jede ok)
Zkusil jsem nainstalovat a projet pc pomocí Advanced system care a Terminator antispyware ale nic se nezměnilo. Jinak už před tím než se to objevilo jsem měl nainstalovanou Aviru (Antivir).

V task manageru je ten proces c.exe. myslím, že tam nikdy předtím nebyl. Nevím co stím... poradíte někdo? Je to vir?

Reklama

Příspěvekod **Myloš** » 08 lis 2009 13:31

Když už pokládáš dotaz v sekci HiJackThis, yblo by jistě žádoucí vložit log.

masquerade777 · Příspěvekod **masquerade777** » 08 lis 2009 13:42

Jo, tady to je:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:31, on 8.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Ad-aware2007\aawservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Winamp\winampa.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\DOCUME~1\User\LOCALS~1\Temp\c.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\msa.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Sunbelt Kerio Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\Sunbelt Kerio Firewall\kpf4gui.exe
D:\Sunbelt Kerio Firewall\kpf4gui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Opera\opera.exe
D:\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [PopRock] C:\DOCUME~1\User\LOCALS~1\Temp\c.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9829125A-AE15-40A3-9F2A-EA9DC15FA17A}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Ad-aware2007\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1ca3e1e76476794) (gupdate1ca3e1e76476794) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Sunbelt Kerio Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 10180 bytes

masquerade777 · Příspěvekod **masquerade777** » 08 lis 2009 13:47

A ted mi to vyhodilo neco velmi podobnýho ale trochu se to liší:

c.exe - vstupní bod nebyl nalezen

Vstupní bod procedury WSAPProviderConfigChange se nepodařilo v dynamicky propojované knihovně WS2_32.dll nalézt.

Příspěvekod **jaro3** » 08 lis 2009 13:51

Jo , to je nákaza-c.exe

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

masquerade777 · Příspěvekod **masquerade777** » 08 lis 2009 14:02

Tak uz to mam, to je v pytli... 11 infikovanych souboru...

Malwarebytes' Anti-Malware 1.41
Verze databáze: 3123
Windows 5.1.2600 Service Pack 2

8.11.2009 14:00:50
mbam-log-2009-11-08 (14-00-45).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 97449
Uplynulý čas: 3 minute(s), 25 second(s)

Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 4
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované adresáře: 6
Infikované soubory: 6

Infikované procesy v paměti:
C:\WINDOWS\msa.exe (Trojan.Agent) -> No action taken.

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> No action taken.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
C:\Documents and Settings\All Users\Data aplikací\CrucialSoft Ltd (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> No action taken.

Infikované soubory:
C:\Documents and Settings\All Users\Data aplikací\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090131225450546.log (Rogue.Multiple) -> No action taken.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\msa.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\c.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> No action taken.

Příspěvekod **jaro3** » 08 lis 2009 14:22

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u Aviry+štít u SpywareTerminatoru.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

masquerade777 · Příspěvekod **masquerade777** » 08 lis 2009 15:00

Díky! Vsechno jsem to udelal. Ted uz by to melo byt v poradku ze?
Tady jsou logy:

Malwarebytes' Anti-Malware 1.41
Verze databáze: 3123
Windows 5.1.2600 Service Pack 2

8.11.2009 14:28:51
mbam-log-2009-11-08 (14-28-51).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 97465
Uplynulý čas: 2 minute(s), 40 second(s)

Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 4
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované adresáře: 6
Infikované soubory: 6

Infikované procesy v paměti:
C:\WINDOWS\msa.exe (Trojan.Agent) -> Unloaded process successfully.

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
C:\Documents and Settings\All Users\Data aplikací\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Documents and Settings\All Users\Data aplikací\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090131225450546.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\c.exe (Trojan.Downloader) -> Delete on reboot.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.

ComboFix 09-11-07.02 - User 08.11.2009 14:38.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.568 [GMT 1:00]
Spuštěný z: D:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Kerio Personal Firewall *enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ieuinit.inf
c:\windows\system32\pthreadGC.dll
D:\Uninstall.exe
D:\WinRAR.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-08 do 2009-11-08 )))))))))))))))))))))))))))))))
.

2009-11-08 12:55 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-08 12:55 . 2009-11-08 12:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 12:55 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-08 10:56 . 2009-11-08 10:57 -------- d-----w- c:\program files\Crawler
2009-11-08 10:56 . 2009-11-08 10:56 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-11-08 10:56 . 2009-11-08 11:40 -------- d-----w- c:\program files\Spyware Terminator
2009-11-08 09:59 . 2009-11-08 09:59 -------- d-----w- c:\program files\IObit
2009-11-07 22:07 . 2009-11-07 22:07 -------- d-----w- C:\MFT 3302
2009-11-07 22:05 . 2009-11-07 22:05 -------- d-----w- C:\MFT 142505
2009-11-07 21:33 . 2009-11-07 21:34 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-11-07 21:33 . 2009-11-08 09:58 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-11-07 20:44 . 2006-10-04 13:13 393216 ----a-w- c:\windows\system32\NI_IRC_1_2.dll
2009-11-07 20:44 . 2009-11-07 20:44 -------- d-----w- c:\program files\Steinberg
2009-11-07 20:44 . 2006-10-04 13:13 61440 ----a-w- c:\windows\system32\NI_DFD_1_5.dll
2009-11-07 20:44 . 2006-10-04 13:13 1870336 ----a-w- c:\windows\system32\bconvert.dll
2009-11-07 20:44 . 2009-11-07 20:44 -------- d-----w- c:\program files\Common Files\Native Instruments
2009-11-07 20:42 . 2003-07-06 07:10 17408 ------w- c:\windows\system32\minimp3.exe
2009-10-27 19:27 . 2009-10-27 19:27 -------- d-----w- c:\program files\Acclaim Entertainment
2009-10-16 14:22 . 2009-10-16 14:22 -------- d-----w- c:\program files\Common Files\Digidesign
2009-10-16 14:20 . 2009-10-16 14:20 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2009-10-09 20:48 . 2009-10-09 20:49 -------- d-----w- c:\program files\Anvil Studio
2009-10-09 19:26 . 1999-06-23 14:13 86016 ----a-w- c:\windows\unvise32.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-08 11:37 . 2009-11-08 11:37 71022 ----a-w- c:\program files\talwolmj.txt
2009-11-05 20:45 . 2009-09-19 18:56 -------- d-----w- c:\program files\Soulseek
2009-11-05 12:28 . 2007-09-29 18:59 -------- d-----w- c:\program files\IrfanView
2009-10-30 16:10 . 2002-02-19 15:43 68940 ----a-w- c:\windows\system32\perfc005.dat
2009-10-30 16:10 . 2002-02-19 15:43 389994 ----a-w- c:\windows\system32\perfh005.dat
2009-10-25 14:17 . 2007-09-28 16:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-18 11:53 . 2009-03-11 12:30 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2009-09-25 20:28 . 2008-01-13 11:20 -------- d-----w- c:\program files\Common Files\Real
2009-09-25 20:28 . 2009-09-25 20:28 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-25 20:27 . 2008-01-13 11:20 -------- d-----w- c:\program files\Real
2009-09-25 20:26 . 2009-09-25 20:26 -------- d-----w- c:\program files\Google
2009-09-25 08:59 . 2009-09-25 08:59 -------- d-----w- c:\program files\Common Files\Apple
2009-09-25 08:59 . 2009-09-25 08:59 -------- d-----w- c:\program files\QuickTime
2009-09-10 13:14 . 2009-09-10 13:14 -------- d-----w- c:\program files\Avira
2009-06-19 17:12 . 2009-06-19 17:12 1342911 ----a-w- c:\program files\rv_house_setup NEW.exe
.

------- Sigcheck -------

[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[-] 2002-08-28 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2002-08-28 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[-] 2002-08-28 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[-] 2002-08-28 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2002-02-19 . 03F403B07A884FC2AA54A0916C410931 . 13568 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2002-02-19 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2002-02-19 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2004-08-17 . 6F877BF8DC01A550CD666F3BEDB2213C . 24576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-17 . 6F877BF8DC01A550CD666F3BEDB2213C . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2002-09-20 . D7195AEA3541737440F6B93FC72F63FD . 23424 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
[-] 2002-08-29 . 3B350E5A2A5E951453F3993275A4523A . 167552 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys
[-] 2002-08-29 . E3AE9C79498210A5F39FE5A9AD62BC55 . 561920 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2002-02-19 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2002-02-19 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[-] 2002-08-28 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[-] 2004-08-17 . F219E27E88107A50544153898DD8178E . 77312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2004-08-17 . F219E27E88107A50544153898DD8178E . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll
[-] 2002-09-20 . B172028038DB38775BFF540CAC43432E . 49152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2004-08-17 . 82A362FE1D4980B71B588D9C10748511 . 13312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2004-08-17 . 82A362FE1D4980B71B588D9C10748511 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[-] 2002-09-20 . 32F7074BAC9A5F899CCA9C046C9FA6EB . 11776 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2004-08-17 . AF342D2781225A8769686E0D47E3123E . 198144 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2004-08-17 . AF342D2781225A8769686E0D47E3123E . 198144 . . [5.1.2600.2180] . . c:\windows\system32\netman.dll
[-] 2002-09-20 . 173B95F5DD338570DE469CCA8805B8A6 . 154112 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\netman.dll

[-] 2004-08-17 . E774A26610EC92674273486612C11CFC . 382464 . . [6.6.2600.2180] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2004-08-17 . E774A26610EC92674273486612C11CFC . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
[-] 2002-09-20 . D8681F65568AC0C6C7ED11E028EE3503 . 221184 . . [6.2.2600.1106] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2004-08-17 . C72C15EE57E248C66E57C76CAB086CF2 . 395776 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2004-08-17 . C72C15EE57E248C66E57C76CAB086CF2 . 395776 . . [5.1.2600.2180] . . c:\windows\system32\rpcss.dll
[-] 2002-09-20 . 10DA393123DD6E1750DE15420897A040 . 260608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\rpcss.dll

[-] 2004-08-17 . 6E401E61F952FBBF708AFBECEFAFAE81 . 108544 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-17 . 6E401E61F952FBBF708AFBECEFAFAE81 . 108544 . . [5.1.2600.2180] . . c:\windows\system32\services.exe
[-] 2002-02-19 . 4480807A4EEBFFAC6F786E8E41C575F6 . 101376 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\services.exe

[-] 2004-08-17 . 21B6FAA88044A41640E03EBB68BE93E8 . 57856 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2004-08-17 . 21B6FAA88044A41640E03EBB68BE93E8 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\spoolsv.exe
[-] 2002-02-19 . CABA27AE4D78B8702C11EDDE3ED219F2 . 51200 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2002-09-20 . FF8857D1AF59071F172C0FAD0FD33E87 . 516608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2004-08-17 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2004-08-17 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2002-09-20 . 018875C2BB77F304A7CF7153E088DAAA . 557056 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2004-08-17 . 70D2A1756F4B2067658A186C963FCABD . 60416 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2004-08-17 . 70D2A1756F4B2067658A186C963FCABD . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll
[-] 2002-09-20 . 031E7FF41B13B658CAE7D6C98086F76A . 53248 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2004-08-17 13:49 . 972378B907070F64932A87C90A035487 . 243200 . . [2001.12.4414.258] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2004-08-17 13:49 . 972378B907070F64932A87C90A035487 . 243200 . . [2001.12.4414.258] . . c:\windows\system32\es.dll
[-] 2002-09-20 16:03 . CBB06A35D660E6B1F513160CE2A11A20 . 225280 . . [2001.12.4414.46] . . c:\windows\$NtServicePackUninstall$\es.dll

[-] 2004-08-17 . 2413635113361E54B62F0C40E4E4DAE6 . 110080 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2004-08-17 . 2413635113361E54B62F0C40E4E4DAE6 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
[-] 2002-09-20 . 687EDEB2F51F3C457A5630968EB34B15 . 103936 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2004-08-17 . 98DA079F61265BC26D4587E280B79F30 . 982016 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2004-08-17 . 98DA079F61265BC26D4587E280B79F30 . 982016 . . [5.1.2600.2180] . . c:\windows\system32\kernel32.dll
[-] 2002-09-20 . B977278E24481FB1F0C11A1BD6B8F762 . 928768 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\kernel32.dll

[-] 2004-08-17 . EE1F842DB2AE412136643B0814D770A6 . 18944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2004-08-17 . EE1F842DB2AE412136643B0814D770A6 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\linkinfo.dll
[-] 2002-02-19 . 235E28E7E066DB22A0BBA950018B4F23 . 15360 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2004-08-17 . BFE8DC7AAE7CB1C86243D77B340DC304 . 22016 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2004-08-17 . BFE8DC7AAE7CB1C86243D77B340DC304 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2002-02-19 . 3408F1A9ADF8C09B3BCA3E5C295737AC . 18944 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2004-08-17 . EF74351C9098210CC9C1A3679DB62041 . 3003392 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2004-08-17 . EF74351C9098210CC9C1A3679DB62041 . 3003392 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2002-09-20 . 876417092E5341E0A2287D06D3DC27F2 . 2833920 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

[-] 2004-08-17 . 91CC3E4CCDBBF8E224182C76C87E454F . 343040 . . [7.0.2600.2180] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2004-08-17 . 91CC3E4CCDBBF8E224182C76C87E454F . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[-] 2002-09-20 . D9E2549D38F2DC5D480AE1D6D5127D9E . 323072 . . [7.0.2600.1106] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2004-08-17 . 64C078BD4EFD441C3F159EDC5EA4420A . 247296 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-17 . 64C078BD4EFD441C3F159EDC5EA4420A . 247296 . . [5.1.2600.2180] . . c:\windows\system32\mswsock.dll
[-] 2002-02-19 . A8487BA51712E1C1559B60C2DA4F1D99 . 230400 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

[-] 2004-08-17 . 2591CADAEF7D2242039255028E577688 . 407040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2004-08-17 . 2591CADAEF7D2242039255028E577688 . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
[-] 2002-09-20 . CF03E300B5CEEFFEFBE6F67532BD0EF1 . 399360 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2004-08-17 . 12C80E46DCEC9B82473D1B1B9DA1F16B . 2183168 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2004-08-17 . 12C80E46DCEC9B82473D1B1B9DA1F16B . 2183168 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe
[-] 2002-09-20 . 21CDBE74E5C5F435B6C27DDA1BD27B34 . 2042112 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2004-08-17 . 134B95A1D8FAFD74A68E4B2116DEFA7D . 17408 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2004-08-17 . 134B95A1D8FAFD74A68E4B2116DEFA7D . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[-] 2002-02-19 . 2F53B2F168760EA55FBAA891A4DB48B7 . 14848 . . [6.00.2600.0000] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2004-08-17 . 07119058D451CB7EA4317BCFDA8599A6 . 184832 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2004-08-17 . 07119058D451CB7EA4317BCFDA8599A6 . 184832 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
[-] 2002-09-20 . B2666CAB5E8C8A741D63F18D551A47FB . 179200 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2004-08-17 . 6CC2D21488333133AE0C9F44F6051CB7 . 5120 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2004-08-17 . 6CC2D21488333133AE0C9F44F6051CB7 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[-] 2002-02-19 . BABDF35F393E77A0237CC5985E2861BB . 4096 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2004-08-17 . DFBA2915B0BF58ABB288CD4C9318CB3F . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2004-08-17 . DFBA2915B0BF58ABB288CD4C9318CB3F . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[-] 2002-02-19 . C3A0EF5EF2DB54843C53077372508A0A . 12800 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2004-08-17 . 37162D29CD61519E6F5EA0DE99786FF6 . 246272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2004-08-17 . 37162D29CD61519E6F5EA0DE99786FF6 . 246272 . . [5.1.2600.2180] . . c:\windows\system32\tapisrv.dll
[-] 2002-09-20 . 9D06F732DA93A0F8F2E962097490C3A1 . 233984 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2004-08-17 . 1B4CCC59980DA34E75F20E42B283B027 . 577024 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2004-08-17 . 1B4CCC59980DA34E75F20E42B283B027 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll
[-] 2002-09-20 . 8A4AC21E2A55ECA66FBC5EDD40231845 . 560128 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2004-08-17 . 836F7960362FF95C5D49E40B891F2CFC . 24576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2004-08-17 . 836F7960362FF95C5D49E40B891F2CFC . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2002-09-20 . B26871B5CE92F9D95AE6E62119799EB9 . 22016 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2004-08-17 . 50D263E3454E8357D13BB598129185AD . 657408 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2004-08-17 . 50D263E3454E8357D13BB598129185AD . 657408 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2002-09-20 . D1A616D5337E344A0DD6C6DF7733A6C3 . 600064 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\wininet.dll

[-] 2004-08-17 . 382E9B87F1282E697C67AF84E34E35E2 . 82944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2004-08-17 . 382E9B87F1282E697C67AF84E34E35E2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[-] 2002-02-19 . DEB54E4F9718CB8B4DD5883B13B40AB0 . 75264 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2002-09-20 . 11D80755545CFB5EB9659EE88440EAE2 . 1004544 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2004-08-17 . 3CD57F31A64D32FDB28918B16D1E6AAC . 170496 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2004-08-17 . 3CD57F31A64D32FDB28918B16D1E6AAC . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2002-09-20 . EF0D80B8825BD6AD3249B8CA37275B41 . 158720 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2004-08-17 . 93F75FF033BAA186D08115D73BFE3D32 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2004-08-17 . 93F75FF033BAA186D08115D73BFE3D32 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2004-08-17 . 9B835D4C64860B155A1701D5092EC9E4 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2004-08-17 . 9B835D4C64860B155A1701D5092EC9E4 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2004-08-17 . 6EB66066D5C0175320CFEA0A4C74C88F . 55808 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2004-08-17 . 6EB66066D5C0175320CFEA0A4C74C88F . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2002-09-20 . E8508E7F865490D8AE71D00C8DF4D227 . 49152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2004-08-17 . 5CA2E2BA624D6F2C7A581C91E70394CB . 1548288 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2004-08-17 . 5CA2E2BA624D6F2C7A581C91E70394CB . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2002-09-20 . F3BBB29DF02205A9DDA38C43FB7C4D9C . 1145856 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2002-09-20 . 8708BE15AC5F27386B5D5FE7A1EBAF26 . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2004-08-17 . 8BA76BD2A943F642F267A296A15776D2 . 134656 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2004-08-17 . 8BA76BD2A943F642F267A296A15776D2 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\shsvcs.dll
[-] 2002-09-20 . A032C51BB43F932509A73359C546B4A3 . 116224 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll

[-] 2004-08-17 . 5B21208FCF8970BB61FE98E19D828714 . 59904 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2004-08-17 . 5B21208FCF8970BB61FE98E19D828714 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[-] 2002-02-19 . 175AFCDDF875F234DC7F82188EC8313E . 51712 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2004-08-17 . 29AC93307C6182DBE336BCA314947F28 . 190976 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2004-08-17 . 29AC93307C6182DBE336BCA314947F28 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[-] 2002-09-20 . 426D5FC7DD903DFA12123C8C9B818CD5 . 159232 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2004-08-17 . 88C28F53F53438DAFCD95E99C837C61E . 71680 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2004-08-17 . 88C28F53F53438DAFCD95E99C837C61E . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
[-] 2002-09-20 . F884453D35CEA64FFC21122E6F7100B0 . 43008 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2004-08-17 . 2F5919F2F6EE7A845893D9C3AA2BC56A . 295936 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2004-08-17 . 2F5919F2F6EE7A845893D9C3AA2BC56A . 295936 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll
[-] 2002-09-20 . E9756F695447DF81E67050A0EE2FB98C . 200704 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2004-08-17 . 421184F91EAE5C6E78E653C6B32AAE84 . 171008 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2004-08-17 . 421184F91EAE5C6E78E653C6B32AAE84 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
[-] 2002-09-20 . F2A079A5886E8E1CF845E89237EA7AB9 . 159744 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2002-02-19 . AFDFF022A01F0B11C776F0860C3B282F . 11776 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys
[-] 2002-08-28 21:16 . FF773FEDA15E8BD97FD54FE87A0ACDBE . 142208 . . [5.1.2601.1095 built by: xpsp1] . . c:\windows\$NtServicePackUninstall$\aec.sys

[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\agp440.sys

[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2002-02-19 15:42 . 15AFB5576C32CC292E5DD469D96B4909 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll

[-] 2004-08-17 . 8B2FCBD881879B55BE40B41F12FFC431 . 33792 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2004-08-17 . 8B2FCBD881879B55BE40B41F12FFC431 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2002-02-19 . 9FA5055D12FBCD91D52231B4A02801BC . 34304 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-17 13:49 . E02E913B3841717A890A644EE167B9A5 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2004-08-17 13:49 . E02E913B3841717A890A644EE167B9A5 . 52224 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll
[-] 2004-08-10 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-08-10 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2004-08-17 . E86DD06F2B8F919DDF23F78A3BF2AA23 . 2059008 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2004-08-17 . E86DD06F2B8F919DDF23F78A3BF2AA23 . 2059008 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe
[-] 2002-09-20 . 42D5A8CF5E356F48FB36E388B1D87E6E . 1947776 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[-] 2004-08-17 13:49 . D8D2B13BA93AE830B1A637DF571D1195 . 435712 . . [5.1.2400.2180] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2004-08-17 13:49 . D8D2B13BA93AE830B1A637DF571D1195 . 435712 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2002-09-20 16:04 . 0A89C45312108716546F5670DCAE9A48 . 393216 . . [5.1.2400.1106] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2004-08-17 . 984FC1518B0D5B31D76F0E63608E0500 . 185344 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2004-08-17 . 984FC1518B0D5B31D76F0E63608E0500 . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll
[-] 2002-09-20 . C3425D5224A1F393173B31AAAF52C9A4 . 164864 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-11-08 3055616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-09-16 8491008]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-09-16 81920]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-04-13 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-15 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-25 198160]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-11-08 2172416]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-07-22 81920]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-09-16 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 12:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 12:34 71088]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8.11.2009 11:56 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10.9.2009 14:14 108289]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [14.7.2008 16:35 17408]
S0 bhyirbwv;bhyirbwv;c:\windows\system32\drivers\lvgurgvn.sys --> c:\windows\system32\drivers\lvgurgvn.sys [?]
S2 gupdate1ca3e1e76476794;Služba Google Update (gupdate1ca3e1e76476794);c:\program files\Google\Update\GoogleUpdate.exe [25.9.2009 21:26 133104]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\h:\ntglm7x.sys --> h:\NTGLM7X.sys [?]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Obsah adresáře 'Naplánované úlohy'

2009-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 20:26]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 20:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {9829125A-AE15-40A3-9F2A-EA9DC15FA17A} = 62.129.50.20,85.135.32.100
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\User\Data aplikací\Mozilla\Firefox\Profiles\9csedyak.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Info - c:\program files\Media Art\Kadeřník\Coiffeur.isu
AddRemove-tc09-DE_SEVENONE_MAIN - f:\game demos\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 14:48
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867BFCA8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x867571f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1202660629-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92CC7247-7F5F-DFF6-5B77-46D7B89DF1E7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iakfjljmfejehmgmok"=hex:6a,61,68,6d,6b,6c,6e,70,62,61,68,66,68,6d,6a,6f,6b,63,
61,6e,00,00
"haehlecklkgobmoe"=hex:6a,61,67,6d,6a,6c,6d,63,6e,6b,63,65,6d,61,70,66,6e,65,
6b,6e,00,f4
.
Celkový čas: 2009-11-08 14:52
ComboFix-quarantined-files.txt 2009-11-08 13:52

Před spuštěním: Volných bajtů: 14 500 798 464
Po spuštění: Volných bajtů: 14 621 777 920

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 04F56CF220251C0793B3A957E726D976

Příspěvekod **jaro3** » 08 lis 2009 16:30

Stáhni si MBR Rootkit Detektor
- ulož si ho přímo na disk C a spusť ho
- za chvíli se ti vytvoří jeho log (mbr.log) vlož sem celý jeho obsah.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\program files\talwolmj.txt
h:\NTGLM7X.sys

DirLook::
C:\MFT 3302
C:\MFT 142505

Driver::
SetupNTGLM7X;SetupNTGLM7X
NTGLM7X

RegLockDel::
[HKEY_USERS\S-1-5-21-1202660629-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92CC7247-7F5F-DFF6-5B77-46D7B89DF1E7}*]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

masquerade777 · Příspěvekod **masquerade777** » 08 lis 2009 18:43

Ty jsi skutecny mistr! Opet jsem dle instrukci vse udelal ...to je prace jak na kostele :smile:

ted uz to mam ok?

3 logy:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

ComboFix 09-11-07.02 - User 08.11.2009 18:19.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.603 [GMT 1:00]
Spuštěný z: D:\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\User\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Kerio Personal Firewall *enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}

FILE ::
"c:\program files\talwolmj.txt"
"h:\NTGLM7X.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\talwolmj.txt

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-08 do 2009-11-08 )))))))))))))))))))))))))))))))
.

2009-11-08 17:11 . 2009-11-08 17:11 77312 ----a-w- C:\mbr.exe
2009-11-08 12:55 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-08 12:55 . 2009-11-08 12:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 12:55 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-08 10:56 . 2009-11-08 10:57 -------- d-----w- c:\program files\Crawler
2009-11-08 10:56 . 2009-11-08 10:56 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-11-08 10:56 . 2009-11-08 11:40 -------- d-----w- c:\program files\Spyware Terminator
2009-11-08 09:59 . 2009-11-08 09:59 -------- d-----w- c:\program files\IObit
2009-11-07 22:07 . 2009-11-07 22:07 -------- d-----w- C:\MFT 3302
2009-11-07 22:05 . 2009-11-07 22:05 -------- d-----w- C:\MFT 142505
2009-11-07 21:33 . 2009-11-07 21:34 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-11-07 21:33 . 2009-11-08 09:58 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-11-07 20:44 . 2006-10-04 13:13 393216 ----a-w- c:\windows\system32\NI_IRC_1_2.dll
2009-11-07 20:44 . 2009-11-07 20:44 -------- d-----w- c:\program files\Steinberg
2009-11-07 20:44 . 2006-10-04 13:13 61440 ----a-w- c:\windows\system32\NI_DFD_1_5.dll
2009-11-07 20:44 . 2006-10-04 13:13 1870336 ----a-w- c:\windows\system32\bconvert.dll
2009-11-07 20:44 . 2009-11-07 20:44 -------- d-----w- c:\program files\Common Files\Native Instruments
2009-11-07 20:42 . 2003-07-06 07:10 17408 ------w- c:\windows\system32\minimp3.exe
2009-10-27 19:27 . 2009-10-27 19:27 -------- d-----w- c:\program files\Acclaim Entertainment
2009-10-16 14:22 . 2009-10-16 14:22 -------- d-----w- c:\program files\Common Files\Digidesign
2009-10-16 14:20 . 2009-10-16 14:20 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2009-10-09 20:48 . 2009-10-09 20:49 -------- d-----w- c:\program files\Anvil Studio
2009-10-09 19:26 . 1999-06-23 14:13 86016 ----a-w- c:\windows\unvise32.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 20:45 . 2009-09-19 18:56 -------- d-----w- c:\program files\Soulseek
2009-11-05 12:28 . 2007-09-29 18:59 -------- d-----w- c:\program files\IrfanView
2009-10-30 16:10 . 2002-02-19 15:43 68940 ----a-w- c:\windows\system32\perfc005.dat
2009-10-30 16:10 . 2002-02-19 15:43 389994 ----a-w- c:\windows\system32\perfh005.dat
2009-10-25 14:17 . 2007-09-28 16:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-18 11:53 . 2009-03-11 12:30 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2009-09-25 20:28 . 2008-01-13 11:20 -------- d-----w- c:\program files\Common Files\Real
2009-09-25 20:28 . 2009-09-25 20:28 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-25 20:27 . 2008-01-13 11:20 -------- d-----w- c:\program files\Real
2009-09-25 20:26 . 2009-09-25 20:26 -------- d-----w- c:\program files\Google
2009-09-25 08:59 . 2009-09-25 08:59 -------- d-----w- c:\program files\Common Files\Apple
2009-09-25 08:59 . 2009-09-25 08:59 -------- d-----w- c:\program files\QuickTime
2009-09-10 13:14 . 2009-09-10 13:14 -------- d-----w- c:\program files\Avira
2009-06-19 17:12 . 2009-06-19 17:12 1342911 ----a-w- c:\program files\rv_house_setup NEW.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\MFT 142505 ----

2009-11-07 22:05 . 2009-10-11 22:21 399360 ----a-w- c:\mft 142505\w.ax

---- Directory of C:\MFT 3302 ----

2009-11-07 22:07 . 2009-10-16 21:48 12800 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0009\url.ax
2009-11-07 22:07 . 2009-10-16 21:48 3072 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0009\adoc.bx
2009-11-07 22:07 . 2009-10-16 21:48 344064 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0009\md.dat
2009-11-07 22:07 . 2009-10-16 21:48 2447872 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0009\wb.vx
2009-11-07 22:07 . 2009-10-16 21:48 468480 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0009\w.ax
2009-11-07 22:07 . 2009-10-23 23:26 10809 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0001\w.ax-j
2009-11-07 22:07 . 2009-10-23 23:26 99 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0001\adoc.bx-j
2009-11-07 22:07 . 2009-10-23 23:26 119 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0001\url.ax-j
2009-11-07 22:07 . 2009-10-23 23:26 2208 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0001\md.dat-j
2009-11-07 22:07 . 2009-10-23 23:15 10240 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0001\url.ax
2009-11-07 22:07 . 2009-10-23 23:15 3072 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0001\adoc.bx
2009-11-07 22:07 . 2009-10-23 23:15 360448 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0001\md.dat
2009-11-07 22:07 . 2009-10-23 23:15 3391488 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0001\wb.vx
2009-11-07 22:07 . 2009-10-23 23:15 742400 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0001\w.ax
2009-11-07 22:07 . 2009-11-01 19:04 850 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0000\url.ax-j
2009-11-07 22:07 . 2009-11-01 19:04 75631 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0000\w.ax-j
2009-11-07 22:07 . 2009-11-01 19:04 144 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0000\adoc.bx-j
2009-11-07 22:07 . 2009-11-01 19:04 636 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0000\md.dat-j
2009-11-07 22:07 . 2009-11-01 19:00 7680 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0000\url.ax
2009-11-07 22:07 . 2009-11-01 19:00 3072 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0000\adoc.bx
2009-11-07 22:07 . 2009-11-01 19:00 196608 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0000\md.dat
2009-11-07 22:07 . 2009-11-01 19:00 2123264 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0000\wb.vx
2009-11-07 22:07 . 2009-11-01 19:00 455680 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0000\w.ax
2009-11-07 22:07 . 2009-11-05 20:07 8 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0003\w.ax-g
2009-11-07 22:07 . 2009-11-05 20:07 67387 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0003\w.ax-j
2009-11-07 22:07 . 2009-11-05 20:07 8 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0003\url.ax-g
2009-11-07 22:07 . 2009-11-05 20:07 948 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0003\url.ax-j
2009-11-07 22:07 . 2009-11-05 19:57 7680 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0003\url.ax
2009-11-07 22:07 . 2009-11-05 19:57 3072 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0003\adoc.bx
2009-11-07 22:07 . 2009-11-05 19:57 229376 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0003\md.dat
2009-11-07 22:07 . 2009-11-05 19:57 3089408 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0003\wb.vx
2009-11-07 22:07 . 2009-11-05 19:57 696320 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0003\w.ax
2009-11-07 22:07 . 2009-11-07 20:51 8 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0012\w.ax-g
2009-11-07 22:07 . 2009-11-07 20:51 8 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0012\adoc.bx-g
2009-11-07 22:07 . 2009-11-07 20:51 8 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0012\url.ax-g
2009-11-07 22:07 . 2009-11-07 20:51 527 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0012\url.ax-j
2009-11-07 22:07 . 2009-11-07 20:51 7951 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0012\w.ax-j
2009-11-07 22:07 . 2009-11-07 20:51 109 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0012\adoc.bx-j
2009-11-07 22:07 . 2009-11-07 20:51 42 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0012\md.dat-j
2009-11-07 22:07 . 2009-11-07 20:51 141 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0012\wb.vx-j
2009-11-07 22:07 . 2009-11-07 19:00 3072 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0005\adoc.bx
2009-11-07 22:07 . 2009-11-07 19:00 38400 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0005\url.ax
2009-11-07 22:07 . 2009-11-07 19:00 376832 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0005\md.dat
2009-11-07 22:07 . 2009-11-07 19:00 2140672 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0005\wb.vx
2009-11-07 22:07 . 2009-11-07 19:00 460800 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0005\w.ax
2009-11-07 22:07 . 2009-11-07 18:50 40960 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0004\url.ax
2009-11-07 22:07 . 2009-11-07 18:50 3072 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0004\adoc.bx
2009-11-07 22:07 . 2009-11-07 18:50 393216 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0004\md.dat
2009-11-07 22:07 . 2009-11-07 18:50 2009600 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0004\wb.vx
2009-11-07 22:07 . 2009-11-07 18:50 432640 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0004\w.ax
2009-11-07 22:07 . 2009-11-07 22:33 62868 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0002\w.ax-j
2009-11-07 22:07 . 2009-11-07 22:33 299 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0002\adoc.bx-j
2009-11-07 22:07 . 2009-11-07 22:33 2671 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0002\url.ax-j
2009-11-07 22:07 . 2009-11-07 22:33 5833 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0002\md.dat-j
2009-11-07 22:07 . 2009-11-07 22:33 38779 ----a-w- c:\mft 3302\User\Local Settings\Data aplikací\Opera\Opera\profile\vps\0002\wb.vx-j
2009-11-07 22:07 . 2009-11-07 22:58 0 ----a-w- c:\mft 3302\User\Local Settings\Temporary Internet Files\Content.IE5\U9EN816B\startup-manager-16x16[1].png

------- Sigcheck -------

[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[-] 2002-08-28 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2002-08-28 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[-] 2002-08-28 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[-] 2002-08-28 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2002-02-19 . 03F403B07A884FC2AA54A0916C410931 . 13568 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2002-02-19 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2002-02-19 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2004-08-17 . 6F877BF8DC01A550CD666F3BEDB2213C . 24576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-17 . 6F877BF8DC01A550CD666F3BEDB2213C . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2002-09-20 . D7195AEA3541737440F6B93FC72F63FD . 23424 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
[-] 2002-08-29 . 3B350E5A2A5E951453F3993275A4523A . 167552 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys
[-] 2002-08-29 . E3AE9C79498210A5F39FE5A9AD62BC55 . 561920 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2002-02-19 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2002-02-19 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[-] 2002-08-28 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[-] 2004-08-17 . F219E27E88107A50544153898DD8178E . 77312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2004-08-17 . F219E27E88107A50544153898DD8178E . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll
[-] 2002-09-20 . B172028038DB38775BFF540CAC43432E . 49152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2004-08-17 . 82A362FE1D4980B71B588D9C10748511 . 13312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2004-08-17 . 82A362FE1D4980B71B588D9C10748511 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[-] 2002-09-20 . 32F7074BAC9A5F899CCA9C046C9FA6EB . 11776 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2004-08-17 . AF342D2781225A8769686E0D47E3123E . 198144 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2004-08-17 . AF342D2781225A8769686E0D47E3123E . 198144 . . [5.1.2600.2180] . . c:\windows\system32\netman.dll
[-] 2002-09-20 . 173B95F5DD338570DE469CCA8805B8A6 . 154112 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\netman.dll

[-] 2004-08-17 . E774A26610EC92674273486612C11CFC . 382464 . . [6.6.2600.2180] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2004-08-17 . E774A26610EC92674273486612C11CFC . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
[-] 2002-09-20 . D8681F65568AC0C6C7ED11E028EE3503 . 221184 . . [6.2.2600.1106] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2004-08-17 . C72C15EE57E248C66E57C76CAB086CF2 . 395776 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2004-08-17 . C72C15EE57E248C66E57C76CAB086CF2 . 395776 . . [5.1.2600.2180] . . c:\windows\system32\rpcss.dll
[-] 2002-09-20 . 10DA393123DD6E1750DE15420897A040 . 260608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\rpcss.dll

[-] 2004-08-17 . 6E401E61F952FBBF708AFBECEFAFAE81 . 108544 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-17 . 6E401E61F952FBBF708AFBECEFAFAE81 . 108544 . . [5.1.2600.2180] . . c:\windows\system32\services.exe
[-] 2002-02-19 . 4480807A4EEBFFAC6F786E8E41C575F6 . 101376 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\services.exe

[-] 2004-08-17 . 21B6FAA88044A41640E03EBB68BE93E8 . 57856 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2004-08-17 . 21B6FAA88044A41640E03EBB68BE93E8 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\spoolsv.exe
[-] 2002-02-19 . CABA27AE4D78B8702C11EDDE3ED219F2 . 51200 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2002-09-20 . FF8857D1AF59071F172C0FAD0FD33E87 . 516608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2004-08-17 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2004-08-17 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2002-09-20 . 018875C2BB77F304A7CF7153E088DAAA . 557056 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2004-08-17 . 70D2A1756F4B2067658A186C963FCABD . 60416 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2004-08-17 . 70D2A1756F4B2067658A186C963FCABD . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll
[-] 2002-09-20 . 031E7FF41B13B658CAE7D6C98086F76A . 53248 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2004-08-17 13:49 . 972378B907070F64932A87C90A035487 . 243200 . . [2001.12.4414.258] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2004-08-17 13:49 . 972378B907070F64932A87C90A035487 . 243200 . . [2001.12.4414.258] . . c:\windows\system32\es.dll
[-] 2002-09-20 16:03 . CBB06A35D660E6B1F513160CE2A11A20 . 225280 . . [2001.12.4414.46] . . c:\windows\$NtServicePackUninstall$\es.dll

[-] 2004-08-17 . 2413635113361E54B62F0C40E4E4DAE6 . 110080 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2004-08-17 . 2413635113361E54B62F0C40E4E4DAE6 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
[-] 2002-09-20 . 687EDEB2F51F3C457A5630968EB34B15 . 103936 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2004-08-17 . 98DA079F61265BC26D4587E280B79F30 . 982016 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2004-08-17 . 98DA079F61265BC26D4587E280B79F30 . 982016 . . [5.1.2600.2180] . . c:\windows\system32\kernel32.dll
[-] 2002-09-20 . B977278E24481FB1F0C11A1BD6B8F762 . 928768 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\kernel32.dll

[-] 2004-08-17 . EE1F842DB2AE412136643B0814D770A6 . 18944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2004-08-17 . EE1F842DB2AE412136643B0814D770A6 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\linkinfo.dll
[-] 2002-02-19 . 235E28E7E066DB22A0BBA950018B4F23 . 15360 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2004-08-17 . BFE8DC7AAE7CB1C86243D77B340DC304 . 22016 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2004-08-17 . BFE8DC7AAE7CB1C86243D77B340DC304 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2002-02-19 . 3408F1A9ADF8C09B3BCA3E5C295737AC . 18944 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2004-08-17 . EF74351C9098210CC9C1A3679DB62041 . 3003392 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2004-08-17 . EF74351C9098210CC9C1A3679DB62041 . 3003392 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2002-09-20 . 876417092E5341E0A2287D06D3DC27F2 . 2833920 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

[-] 2004-08-17 . 91CC3E4CCDBBF8E224182C76C87E454F . 343040 . . [7.0.2600.2180] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2004-08-17 . 91CC3E4CCDBBF8E224182C76C87E454F . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[-] 2002-09-20 . D9E2549D38F2DC5D480AE1D6D5127D9E . 323072 . . [7.0.2600.1106] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2004-08-17 . 64C078BD4EFD441C3F159EDC5EA4420A . 247296 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-17 . 64C078BD4EFD441C3F159EDC5EA4420A . 247296 . . [5.1.2600.2180] . . c:\windows\system32\mswsock.dll
[-] 2002-02-19 . A8487BA51712E1C1559B60C2DA4F1D99 . 230400 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

[-] 2004-08-17 . 2591CADAEF7D2242039255028E577688 . 407040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2004-08-17 . 2591CADAEF7D2242039255028E577688 . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
[-] 2002-09-20 . CF03E300B5CEEFFEFBE6F67532BD0EF1 . 399360 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2004-08-17 . 12C80E46DCEC9B82473D1B1B9DA1F16B . 2183168 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2004-08-17 . 12C80E46DCEC9B82473D1B1B9DA1F16B . 2183168 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe
[-] 2002-09-20 . 21CDBE74E5C5F435B6C27DDA1BD27B34 . 2042112 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2004-08-17 . 134B95A1D8FAFD74A68E4B2116DEFA7D . 17408 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2004-08-17 . 134B95A1D8FAFD74A68E4B2116DEFA7D . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[-] 2002-02-19 . 2F53B2F168760EA55FBAA891A4DB48B7 . 14848 . . [6.00.2600.0000] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2004-08-17 . 07119058D451CB7EA4317BCFDA8599A6 . 184832 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2004-08-17 . 07119058D451CB7EA4317BCFDA8599A6 . 184832 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
[-] 2002-09-20 . B2666CAB5E8C8A741D63F18D551A47FB . 179200 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2004-08-17 . 6CC2D21488333133AE0C9F44F6051CB7 . 5120 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2004-08-17 . 6CC2D21488333133AE0C9F44F6051CB7 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[-] 2002-02-19 . BABDF35F393E77A0237CC5985E2861BB . 4096 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2004-08-17 . DFBA2915B0BF58ABB288CD4C9318CB3F . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2004-08-17 . DFBA2915B0BF58ABB288CD4C9318CB3F . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[-] 2002-02-19 . C3A0EF5EF2DB54843C53077372508A0A . 12800 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2004-08-17 . 37162D29CD61519E6F5EA0DE99786FF6 . 246272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2004-08-17 . 37162D29CD61519E6F5EA0DE99786FF6 . 246272 . . [5.1.2600.2180] . . c:\windows\system32\tapisrv.dll
[-] 2002-09-20 . 9D06F732DA93A0F8F2E962097490C3A1 . 233984 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2004-08-17 . 1B4CCC59980DA34E75F20E42B283B027 . 577024 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2004-08-17 . 1B4CCC59980DA34E75F20E42B283B027 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll
[-] 2002-09-20 . 8A4AC21E2A55ECA66FBC5EDD40231845 . 560128 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2004-08-17 . 836F7960362FF95C5D49E40B891F2CFC . 24576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2004-08-17 . 836F7960362FF95C5D49E40B891F2CFC . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2002-09-20 . B26871B5CE92F9D95AE6E62119799EB9 . 22016 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2004-08-17 . 50D263E3454E8357D13BB598129185AD . 657408 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2004-08-17 . 50D263E3454E8357D13BB598129185AD . 657408 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2002-09-20 . D1A616D5337E344A0DD6C6DF7733A6C3 . 600064 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\wininet.dll

[-] 2004-08-17 . 382E9B87F1282E697C67AF84E34E35E2 . 82944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2004-08-17 . 382E9B87F1282E697C67AF84E34E35E2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[-] 2002-02-19 . DEB54E4F9718CB8B4DD5883B13B40AB0 . 75264 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2002-09-20 . 11D80755545CFB5EB9659EE88440EAE2 . 1004544 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2004-08-17 . 3CD57F31A64D32FDB28918B16D1E6AAC . 170496 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2004-08-17 . 3CD57F31A64D32FDB28918B16D1E6AAC . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2002-09-20 . EF0D80B8825BD6AD3249B8CA37275B41 . 158720 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2004-08-17 . 93F75FF033BAA186D08115D73BFE3D32 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2004-08-17 . 93F75FF033BAA186D08115D73BFE3D32 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2004-08-17 . 9B835D4C64860B155A1701D5092EC9E4 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2004-08-17 . 9B835D4C64860B155A1701D5092EC9E4 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2004-08-17 . 6EB66066D5C0175320CFEA0A4C74C88F . 55808 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2004-08-17 . 6EB66066D5C0175320CFEA0A4C74C88F . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2002-09-20 . E8508E7F865490D8AE71D00C8DF4D227 . 49152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2004-08-17 . 5CA2E2BA624D6F2C7A581C91E70394CB . 1548288 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2004-08-17 . 5CA2E2BA624D6F2C7A581C91E70394CB . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2002-09-20 . F3BBB29DF02205A9DDA38C43FB7C4D9C . 1145856 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2002-09-20 . 8708BE15AC5F27386B5D5FE7A1EBAF26 . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2004-08-17 . 8BA76BD2A943F642F267A296A15776D2 . 134656 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2004-08-17 . 8BA76BD2A943F642F267A296A15776D2 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\shsvcs.dll
[-] 2002-09-20 . A032C51BB43F932509A73359C546B4A3 . 116224 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll

[-] 2004-08-17 . 5B21208FCF8970BB61FE98E19D828714 . 59904 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2004-08-17 . 5B21208FCF8970BB61FE98E19D828714 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[-] 2002-02-19 . 175AFCDDF875F234DC7F82188EC8313E . 51712 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2004-08-17 . 29AC93307C6182DBE336BCA314947F28 . 190976 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2004-08-17 . 29AC93307C6182DBE336BCA314947F28 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[-] 2002-09-20 . 426D5FC7DD903DFA12123C8C9B818CD5 . 159232 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2004-08-17 . 88C28F53F53438DAFCD95E99C837C61E . 71680 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2004-08-17 . 88C28F53F53438DAFCD95E99C837C61E . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
[-] 2002-09-20 . F884453D35CEA64FFC21122E6F7100B0 . 43008 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2004-08-17 . 2F5919F2F6EE7A845893D9C3AA2BC56A . 295936 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2004-08-17 . 2F5919F2F6EE7A845893D9C3AA2BC56A . 295936 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll
[-] 2002-09-20 . E9756F695447DF81E67050A0EE2FB98C . 200704 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2004-08-17 . 421184F91EAE5C6E78E653C6B32AAE84 . 171008 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2004-08-17 . 421184F91EAE5C6E78E653C6B32AAE84 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
[-] 2002-09-20 . F2A079A5886E8E1CF845E89237EA7AB9 . 159744 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2002-02-19 . AFDFF022A01F0B11C776F0860C3B282F . 11776 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys
[-] 2002-08-28 21:16 . FF773FEDA15E8BD97FD54FE87A0ACDBE . 142208 . . [5.1.2601.1095 built by: xpsp1] . . c:\windows\$NtServicePackUninstall$\aec.sys

[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\agp440.sys

[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2002-02-19 15:42 . 15AFB5576C32CC292E5DD469D96B4909 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll

[-] 2004-08-17 . 8B2FCBD881879B55BE40B41F12FFC431 . 33792 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2004-08-17 . 8B2FCBD881879B55BE40B41F12FFC431 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2002-02-19 . 9FA5055D12FBCD91D52231B4A02801BC . 34304 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-17 13:49 . E02E913B3841717A890A644EE167B9A5 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2004-08-17 13:49 . E02E913B3841717A890A644EE167B9A5 . 52224 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll
[-] 2004-08-10 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-08-10 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2004-08-17 . E86DD06F2B8F919DDF23F78A3BF2AA23 . 2059008 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2004-08-17 . E86DD06F2B8F919DDF23F78A3BF2AA23 . 2059008 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe
[-] 2002-09-20 . 42D5A8CF5E356F48FB36E388B1D87E6E . 1947776 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[-] 2004-08-17 13:49 . D8D2B13BA93AE830B1A637DF571D1195 . 435712 . . [5.1.2400.2180] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2004-08-17 13:49 . D8D2B13BA93AE830B1A637DF571D1195 . 435712 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2002-09-20 16:04 . 0A89C45312108716546F5670DCAE9A48 . 393216 . . [5.1.2400.1106] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2004-08-17 . 984FC1518B0D5B31D76F0E63608E0500 . 185344 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2004-08-17 . 984FC1518B0D5B31D76F0E63608E0500 . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll
[-] 2002-09-20 . C3425D5224A1F393173B31AAAF52C9A4 . 164864 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-08_13.48.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-08 17:28 . 2009-11-08 17:28 16384 c:\windows\temp\Perflib_Perfdata_6ec.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-11-08 3055616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-09-16 8491008]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-09-16 81920]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-04-13 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-15 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-25 198160]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-11-08 2172416]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-07-22 81920]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-09-16 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 12:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 12:34 71088]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8.11.2009 11:56 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10.9.2009 14:14 108289]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [14.7.2008 16:35 17408]
S0 bhyirbwv;bhyirbwv;c:\windows\system32\drivers\lvgurgvn.sys --> c:\windows\system32\drivers\lvgurgvn.sys [?]
S2 gupdate1ca3e1e76476794;Služba Google Update (gupdate1ca3e1e76476794);c:\program files\Google\Update\GoogleUpdate.exe [25.9.2009 21:26 133104]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\h:\ntglm7x.sys --> h:\NTGLM7X.sys [?]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mbr
.
Obsah adresáře 'Naplánované úlohy'

2009-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 20:26]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 20:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {9829125A-AE15-40A3-9F2A-EA9DC15FA17A} = 62.129.50.20,85.135.32.100
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\User\Data aplikací\Mozilla\Firefox\Profiles\9csedyak.default\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 18:29
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867C0410]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x867571f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1202660629-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92CC7247-7F5F-DFF6-5B77-46D7B89DF1E7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iakfjljmfejehmgmok"=hex:6a,61,68,6d,6b,6c,6e,70,62,61,68,66,68,6d,6a,6f,6b,63,
61,6e,00,00
"haehlecklkgobmoe"=hex:6a,61,67,6d,6a,6c,6d,63,6e,6b,63,65,6d,61,70,66,6e,65,
6b,6e,00,f4
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1968)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\ad-aware2007\aawservice.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
d:\sunbelt kerio firewall\kpf4ss.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\locator.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\RUNDLL32.EXE
d:\sunbelt kerio firewall\kpf4gui.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\wmiapsrv.exe
d:\sunbelt kerio firewall\kpf4gui.exe
c:\program files\Avira\AntiVir Desktop\update.exe
.
**************************************************************************
.
Celkový čas: 2009-11-08 18:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-11-08 17:35
ComboFix2.txt 2009-11-08 13:52

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:40, on 8.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Ad-aware2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Sunbelt Kerio Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
D:\Sunbelt Kerio Firewall\kpf4gui.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\Sunbelt Kerio Firewall\kpf4gui.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
D:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9829125A-AE15-40A3-9F2A-EA9DC15FA17A}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Ad-aware2007\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1ca3e1e76476794) (gupdate1ca3e1e76476794) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Sunbelt Kerio Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 9026 bytes

Před spuštěním: Volných bajtů: 14 613 889 024
Po spuštění: Volných bajtů: 14 605 213 696

- - End Of File - - 6E27D9C4941F9C6C5C200783268A6653

Příspěvekod **jaro3** » 08 lis 2009 20:06

Ještě jeden script v Combofixu , log z HJT už dávat nemusíš.

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\drivers\lvgurgvn.sys

Driver::
bhyirbwv;bhyirbwv
lvgurgvn

RegLock::
[HKEY_USERS\S-1-5-21-1202660629-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92CC7247-7F5F-DFF6-5B77-46D7B89DF1E7}*]

masquerade777 · Příspěvekod **masquerade777** » 08 lis 2009 21:11

ComboFix 09-11-07.04 - User 08.11.2009 20:53.3.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.470 [GMT 1:00]
Spuštěný z: D:\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\User\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Kerio Personal Firewall *enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}

FILE ::
"c:\windows\system32\drivers\lvgurgvn.sys"
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-10-08 do 2009-11-08 )))))))))))))))))))))))))))))))
.

2009-11-08 17:11 . 2009-11-08 17:11 77312 ----a-w- C:\mbr.exe
2009-11-08 12:55 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-08 12:55 . 2009-11-08 12:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 12:55 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-08 10:56 . 2009-11-08 10:57 -------- d-----w- c:\program files\Crawler
2009-11-08 10:56 . 2009-11-08 10:56 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-11-08 10:56 . 2009-11-08 11:40 -------- d-----w- c:\program files\Spyware Terminator
2009-11-08 09:59 . 2009-11-08 09:59 -------- d-----w- c:\program files\IObit
2009-11-07 22:07 . 2009-11-07 22:07 -------- d-----w- C:\MFT 3302
2009-11-07 22:05 . 2009-11-07 22:05 -------- d-----w- C:\MFT 142505
2009-11-07 21:33 . 2009-11-07 21:34 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-11-07 21:33 . 2009-11-08 09:58 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-11-07 20:44 . 2006-10-04 13:13 393216 ----a-w- c:\windows\system32\NI_IRC_1_2.dll
2009-11-07 20:44 . 2009-11-07 20:44 -------- d-----w- c:\program files\Steinberg
2009-11-07 20:44 . 2006-10-04 13:13 61440 ----a-w- c:\windows\system32\NI_DFD_1_5.dll
2009-11-07 20:44 . 2006-10-04 13:13 1870336 ----a-w- c:\windows\system32\bconvert.dll
2009-11-07 20:44 . 2009-11-07 20:44 -------- d-----w- c:\program files\Common Files\Native Instruments
2009-11-07 20:42 . 2003-07-06 07:10 17408 ------w- c:\windows\system32\minimp3.exe
2009-10-27 19:27 . 2009-10-27 19:27 -------- d-----w- c:\program files\Acclaim Entertainment
2009-10-16 14:22 . 2009-10-16 14:22 -------- d-----w- c:\program files\Common Files\Digidesign
2009-10-16 14:20 . 2009-10-16 14:20 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2009-10-09 20:48 . 2009-10-09 20:49 -------- d-----w- c:\program files\Anvil Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 20:45 . 2009-09-19 18:56 -------- d-----w- c:\program files\Soulseek
2009-11-05 12:28 . 2007-09-29 18:59 -------- d-----w- c:\program files\IrfanView
2009-10-30 16:10 . 2002-02-19 15:43 68940 ----a-w- c:\windows\system32\perfc005.dat
2009-10-30 16:10 . 2002-02-19 15:43 389994 ----a-w- c:\windows\system32\perfh005.dat
2009-10-25 14:17 . 2007-09-28 16:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-18 11:53 . 2009-03-11 12:30 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2009-09-25 20:28 . 2008-01-13 11:20 -------- d-----w- c:\program files\Common Files\Real
2009-09-25 20:28 . 2009-09-25 20:28 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-25 20:27 . 2008-01-13 11:20 -------- d-----w- c:\program files\Real
2009-09-25 20:26 . 2009-09-25 20:26 -------- d-----w- c:\program files\Google
2009-09-25 08:59 . 2009-09-25 08:59 -------- d-----w- c:\program files\Common Files\Apple
2009-09-25 08:59 . 2009-09-25 08:59 -------- d-----w- c:\program files\QuickTime
2009-09-10 13:14 . 2009-09-10 13:14 -------- d-----w- c:\program files\Avira
2009-06-19 17:12 . 2009-06-19 17:12 1342911 ----a-w- c:\program files\rv_house_setup NEW.exe
.

------- Sigcheck -------

[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[-] 2002-08-28 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2002-08-28 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[-] 2002-08-28 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[-] 2002-08-28 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2002-02-19 . 03F403B07A884FC2AA54A0916C410931 . 13568 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2002-02-19 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2002-02-19 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2004-08-17 . 6F877BF8DC01A550CD666F3BEDB2213C . 24576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-17 . 6F877BF8DC01A550CD666F3BEDB2213C . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2002-09-20 . D7195AEA3541737440F6B93FC72F63FD . 23424 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
[-] 2002-08-29 . 3B350E5A2A5E951453F3993275A4523A . 167552 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys
[-] 2002-08-29 . E3AE9C79498210A5F39FE5A9AD62BC55 . 561920 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2002-02-19 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2002-02-19 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[-] 2002-08-28 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[-] 2004-08-17 . F219E27E88107A50544153898DD8178E . 77312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2004-08-17 . F219E27E88107A50544153898DD8178E . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll
[-] 2002-09-20 . B172028038DB38775BFF540CAC43432E . 49152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2004-08-17 . 82A362FE1D4980B71B588D9C10748511 . 13312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2004-08-17 . 82A362FE1D4980B71B588D9C10748511 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[-] 2002-09-20 . 32F7074BAC9A5F899CCA9C046C9FA6EB . 11776 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2004-08-17 . AF342D2781225A8769686E0D47E3123E . 198144 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2004-08-17 . AF342D2781225A8769686E0D47E3123E . 198144 . . [5.1.2600.2180] . . c:\windows\system32\netman.dll
[-] 2002-09-20 . 173B95F5DD338570DE469CCA8805B8A6 . 154112 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\netman.dll

[-] 2004-08-17 . E774A26610EC92674273486612C11CFC . 382464 . . [6.6.2600.2180] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2004-08-17 . E774A26610EC92674273486612C11CFC . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
[-] 2002-09-20 . D8681F65568AC0C6C7ED11E028EE3503 . 221184 . . [6.2.2600.1106] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2004-08-17 . C72C15EE57E248C66E57C76CAB086CF2 . 395776 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2004-08-17 . C72C15EE57E248C66E57C76CAB086CF2 . 395776 . . [5.1.2600.2180] . . c:\windows\system32\rpcss.dll
[-] 2002-09-20 . 10DA393123DD6E1750DE15420897A040 . 260608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\rpcss.dll

[-] 2004-08-17 . 6E401E61F952FBBF708AFBECEFAFAE81 . 108544 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-17 . 6E401E61F952FBBF708AFBECEFAFAE81 . 108544 . . [5.1.2600.2180] . . c:\windows\system32\services.exe
[-] 2002-02-19 . 4480807A4EEBFFAC6F786E8E41C575F6 . 101376 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\services.exe

[-] 2004-08-17 . 21B6FAA88044A41640E03EBB68BE93E8 . 57856 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2004-08-17 . 21B6FAA88044A41640E03EBB68BE93E8 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\spoolsv.exe
[-] 2002-02-19 . CABA27AE4D78B8702C11EDDE3ED219F2 . 51200 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2002-09-20 . FF8857D1AF59071F172C0FAD0FD33E87 . 516608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2004-08-17 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2004-08-17 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2002-09-20 . 018875C2BB77F304A7CF7153E088DAAA . 557056 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2004-08-17 . 70D2A1756F4B2067658A186C963FCABD . 60416 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2004-08-17 . 70D2A1756F4B2067658A186C963FCABD . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll
[-] 2002-09-20 . 031E7FF41B13B658CAE7D6C98086F76A . 53248 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2004-08-17 13:49 . 972378B907070F64932A87C90A035487 . 243200 . . [2001.12.4414.258] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2004-08-17 13:49 . 972378B907070F64932A87C90A035487 . 243200 . . [2001.12.4414.258] . . c:\windows\system32\es.dll
[-] 2002-09-20 16:03 . CBB06A35D660E6B1F513160CE2A11A20 . 225280 . . [2001.12.4414.46] . . c:\windows\$NtServicePackUninstall$\es.dll

[-] 2004-08-17 . 2413635113361E54B62F0C40E4E4DAE6 . 110080 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2004-08-17 . 2413635113361E54B62F0C40E4E4DAE6 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
[-] 2002-09-20 . 687EDEB2F51F3C457A5630968EB34B15 . 103936 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2004-08-17 . 98DA079F61265BC26D4587E280B79F30 . 982016 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2004-08-17 . 98DA079F61265BC26D4587E280B79F30 . 982016 . . [5.1.2600.2180] . . c:\windows\system32\kernel32.dll
[-] 2002-09-20 . B977278E24481FB1F0C11A1BD6B8F762 . 928768 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\kernel32.dll

[-] 2004-08-17 . EE1F842DB2AE412136643B0814D770A6 . 18944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2004-08-17 . EE1F842DB2AE412136643B0814D770A6 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\linkinfo.dll
[-] 2002-02-19 . 235E28E7E066DB22A0BBA950018B4F23 . 15360 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2004-08-17 . BFE8DC7AAE7CB1C86243D77B340DC304 . 22016 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2004-08-17 . BFE8DC7AAE7CB1C86243D77B340DC304 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2002-02-19 . 3408F1A9ADF8C09B3BCA3E5C295737AC . 18944 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2004-08-17 . EF74351C9098210CC9C1A3679DB62041 . 3003392 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2004-08-17 . EF74351C9098210CC9C1A3679DB62041 . 3003392 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2002-09-20 . 876417092E5341E0A2287D06D3DC27F2 . 2833920 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

[-] 2004-08-17 . 91CC3E4CCDBBF8E224182C76C87E454F . 343040 . . [7.0.2600.2180] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2004-08-17 . 91CC3E4CCDBBF8E224182C76C87E454F . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[-] 2002-09-20 . D9E2549D38F2DC5D480AE1D6D5127D9E . 323072 . . [7.0.2600.1106] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2004-08-17 . 64C078BD4EFD441C3F159EDC5EA4420A . 247296 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-17 . 64C078BD4EFD441C3F159EDC5EA4420A . 247296 . . [5.1.2600.2180] . . c:\windows\system32\mswsock.dll
[-] 2002-02-19 . A8487BA51712E1C1559B60C2DA4F1D99 . 230400 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

[-] 2004-08-17 . 2591CADAEF7D2242039255028E577688 . 407040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2004-08-17 . 2591CADAEF7D2242039255028E577688 . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
[-] 2002-09-20 . CF03E300B5CEEFFEFBE6F67532BD0EF1 . 399360 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2004-08-17 . 12C80E46DCEC9B82473D1B1B9DA1F16B . 2183168 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2004-08-17 . 12C80E46DCEC9B82473D1B1B9DA1F16B . 2183168 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe
[-] 2002-09-20 . 21CDBE74E5C5F435B6C27DDA1BD27B34 . 2042112 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2004-08-17 . 134B95A1D8FAFD74A68E4B2116DEFA7D . 17408 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2004-08-17 . 134B95A1D8FAFD74A68E4B2116DEFA7D . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[-] 2002-02-19 . 2F53B2F168760EA55FBAA891A4DB48B7 . 14848 . . [6.00.2600.0000] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2004-08-17 . 07119058D451CB7EA4317BCFDA8599A6 . 184832 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2004-08-17 . 07119058D451CB7EA4317BCFDA8599A6 . 184832 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
[-] 2002-09-20 . B2666CAB5E8C8A741D63F18D551A47FB . 179200 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2004-08-17 . 6CC2D21488333133AE0C9F44F6051CB7 . 5120 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2004-08-17 . 6CC2D21488333133AE0C9F44F6051CB7 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[-] 2002-02-19 . BABDF35F393E77A0237CC5985E2861BB . 4096 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2004-08-17 . DFBA2915B0BF58ABB288CD4C9318CB3F . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2004-08-17 . DFBA2915B0BF58ABB288CD4C9318CB3F . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[-] 2002-02-19 . C3A0EF5EF2DB54843C53077372508A0A . 12800 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2004-08-17 . 37162D29CD61519E6F5EA0DE99786FF6 . 246272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2004-08-17 . 37162D29CD61519E6F5EA0DE99786FF6 . 246272 . . [5.1.2600.2180] . . c:\windows\system32\tapisrv.dll
[-] 2002-09-20 . 9D06F732DA93A0F8F2E962097490C3A1 . 233984 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2004-08-17 . 1B4CCC59980DA34E75F20E42B283B027 . 577024 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2004-08-17 . 1B4CCC59980DA34E75F20E42B283B027 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll
[-] 2002-09-20 . 8A4AC21E2A55ECA66FBC5EDD40231845 . 560128 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2004-08-17 . 836F7960362FF95C5D49E40B891F2CFC . 24576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2004-08-17 . 836F7960362FF95C5D49E40B891F2CFC . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2002-09-20 . B26871B5CE92F9D95AE6E62119799EB9 . 22016 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2004-08-17 . 50D263E3454E8357D13BB598129185AD . 657408 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2004-08-17 . 50D263E3454E8357D13BB598129185AD . 657408 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2002-09-20 . D1A616D5337E344A0DD6C6DF7733A6C3 . 600064 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\wininet.dll

[-] 2004-08-17 . 382E9B87F1282E697C67AF84E34E35E2 . 82944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2004-08-17 . 382E9B87F1282E697C67AF84E34E35E2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[-] 2002-02-19 . DEB54E4F9718CB8B4DD5883B13B40AB0 . 75264 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2002-09-20 . 11D80755545CFB5EB9659EE88440EAE2 . 1004544 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2004-08-17 . 3CD57F31A64D32FDB28918B16D1E6AAC . 170496 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2004-08-17 . 3CD57F31A64D32FDB28918B16D1E6AAC . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2002-09-20 . EF0D80B8825BD6AD3249B8CA37275B41 . 158720 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2004-08-17 . 93F75FF033BAA186D08115D73BFE3D32 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2004-08-17 . 93F75FF033BAA186D08115D73BFE3D32 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2004-08-17 . 9B835D4C64860B155A1701D5092EC9E4 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2004-08-17 . 9B835D4C64860B155A1701D5092EC9E4 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2004-08-17 . 6EB66066D5C0175320CFEA0A4C74C88F . 55808 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2004-08-17 . 6EB66066D5C0175320CFEA0A4C74C88F . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2002-09-20 . E8508E7F865490D8AE71D00C8DF4D227 . 49152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2004-08-17 . 5CA2E2BA624D6F2C7A581C91E70394CB . 1548288 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2004-08-17 . 5CA2E2BA624D6F2C7A581C91E70394CB . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2002-09-20 . F3BBB29DF02205A9DDA38C43FB7C4D9C . 1145856 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2002-09-20 . 8708BE15AC5F27386B5D5FE7A1EBAF26 . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2004-08-17 . 8BA76BD2A943F642F267A296A15776D2 . 134656 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2004-08-17 . 8BA76BD2A943F642F267A296A15776D2 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\shsvcs.dll
[-] 2002-09-20 . A032C51BB43F932509A73359C546B4A3 . 116224 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll

[-] 2004-08-17 . 5B21208FCF8970BB61FE98E19D828714 . 59904 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2004-08-17 . 5B21208FCF8970BB61FE98E19D828714 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[-] 2002-02-19 . 175AFCDDF875F234DC7F82188EC8313E . 51712 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2004-08-17 . 29AC93307C6182DBE336BCA314947F28 . 190976 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2004-08-17 . 29AC93307C6182DBE336BCA314947F28 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[-] 2002-09-20 . 426D5FC7DD903DFA12123C8C9B818CD5 . 159232 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2004-08-17 . 88C28F53F53438DAFCD95E99C837C61E . 71680 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2004-08-17 . 88C28F53F53438DAFCD95E99C837C61E . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
[-] 2002-09-20 . F884453D35CEA64FFC21122E6F7100B0 . 43008 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2004-08-17 . 2F5919F2F6EE7A845893D9C3AA2BC56A . 295936 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2004-08-17 . 2F5919F2F6EE7A845893D9C3AA2BC56A . 295936 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll
[-] 2002-09-20 . E9756F695447DF81E67050A0EE2FB98C . 200704 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2004-08-17 . 421184F91EAE5C6E78E653C6B32AAE84 . 171008 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2004-08-17 . 421184F91EAE5C6E78E653C6B32AAE84 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
[-] 2002-09-20 . F2A079A5886E8E1CF845E89237EA7AB9 . 159744 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2002-02-19 . AFDFF022A01F0B11C776F0860C3B282F . 11776 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys
[-] 2002-08-28 21:16 . FF773FEDA15E8BD97FD54FE87A0ACDBE . 142208 . . [5.1.2601.1095 built by: xpsp1] . . c:\windows\$NtServicePackUninstall$\aec.sys

[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\agp440.sys

[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2002-02-19 15:42 . 15AFB5576C32CC292E5DD469D96B4909 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll

[-] 2004-08-17 . 8B2FCBD881879B55BE40B41F12FFC431 . 33792 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2004-08-17 . 8B2FCBD881879B55BE40B41F12FFC431 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2002-02-19 . 9FA5055D12FBCD91D52231B4A02801BC . 34304 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-17 13:49 . E02E913B3841717A890A644EE167B9A5 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2004-08-17 13:49 . E02E913B3841717A890A644EE167B9A5 . 52224 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll
[-] 2004-08-10 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-08-10 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2004-08-17 . E86DD06F2B8F919DDF23F78A3BF2AA23 . 2059008 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2004-08-17 . E86DD06F2B8F919DDF23F78A3BF2AA23 . 2059008 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe
[-] 2002-09-20 . 42D5A8CF5E356F48FB36E388B1D87E6E . 1947776 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[-] 2004-08-17 13:49 . D8D2B13BA93AE830B1A637DF571D1195 . 435712 . . [5.1.2400.2180] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2004-08-17 13:49 . D8D2B13BA93AE830B1A637DF571D1195 . 435712 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2002-09-20 16:04 . 0A89C45312108716546F5670DCAE9A48 . 393216 . . [5.1.2400.1106] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2004-08-17 . 984FC1518B0D5B31D76F0E63608E0500 . 185344 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2004-08-17 . 984FC1518B0D5B31D76F0E63608E0500 . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll
[-] 2002-09-20 . C3425D5224A1F393173B31AAAF52C9A4 . 164864 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-08_13.48.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-08 20:02 . 2009-11-08 20:02 16384 c:\windows\temp\Perflib_Perfdata_758.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-11-08 3055616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-09-16 8491008]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-09-16 81920]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-04-13 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-15 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-25 198160]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-11-08 2172416]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-07-22 81920]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-09-16 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 12:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 12:34 71088]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8.11.2009 11:56 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10.9.2009 14:14 108289]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [14.7.2008 16:35 17408]
S0 bhyirbwv;bhyirbwv;c:\windows\system32\drivers\lvgurgvn.sys --> c:\windows\system32\drivers\lvgurgvn.sys [?]
S2 gupdate1ca3e1e76476794;Služba Google Update (gupdate1ca3e1e76476794);c:\program files\Google\Update\GoogleUpdate.exe [25.9.2009 21:26 133104]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\h:\ntglm7x.sys --> h:\NTGLM7X.sys [?]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mbr
.
Obsah adresáře 'Naplánované úlohy'

2009-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 20:26]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 20:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {9829125A-AE15-40A3-9F2A-EA9DC15FA17A} = 62.129.50.20,85.135.32.100
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\User\Data aplikací\Mozilla\Firefox\Profiles\9csedyak.default\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 21:02
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867C0410]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x867571f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1202660629-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92CC7247-7F5F-DFF6-5B77-46D7B89DF1E7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iakfjljmfejehmgmok"=hex:6a,61,68,6d,6b,6c,6e,70,62,61,68,66,68,6d,6a,6f,6b,63,
61,6e,00,00
"haehlecklkgobmoe"=hex:6a,61,67,6d,6a,6c,6d,63,6e,6b,63,65,6d,61,70,66,6e,65,
6b,6e,00,f4
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1824)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\ad-aware2007\aawservice.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
d:\sunbelt kerio firewall\kpf4ss.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\locator.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\RUNDLL32.EXE
d:\sunbelt kerio firewall\kpf4gui.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\wmiapsrv.exe
d:\sunbelt kerio firewall\kpf4gui.exe
.
**************************************************************************
.
Celkový čas: 2009-11-08 21:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-11-08 20:08
ComboFix2.txt 2009-11-08 17:35
ComboFix3.txt 2009-11-08 13:52

Před spuštěním: Volných bajtů: 14 532 788 224
Po spuštění: Volných bajtů: 14 522 888 192

- - End Of File - - 5108A2955487D9D19A685041175DD260

Chybovka (start XP): c.exe - Vstupní bod nebyl nalezen.* Vyřešeno

Chybovka (start XP): c.exe - Vstupní bod nebyl nalezen.*

Re: Chybovka (start XP): c.exe - Vstupní bod nebyl nalezen.*

Re: Chybovka (start XP): c.exe - Vstupní bod nebyl nalezen.*

Re: Chybovka (start XP): c.exe - Vstupní bod nebyl nalezen.*

Re: Chybovka (start XP): c.exe - Vstupní bod nebyl nalezen.*

Re: Chybovka (start XP): c.exe - Vstupní bod nebyl nalezen.*

Re: Chybovka (start XP): c.exe - Vstupní bod nebyl nalezen.*

Re: Chybovka (start XP): c.exe - Vstupní bod nebyl nalezen.*

Re: Chybovka (start XP): c.exe - Vstupní bod nebyl nalezen.*

Re: Chybovka (start XP): c.exe - Vstupní bod nebyl nalezen.*

Re: Chybovka (start XP): c.exe - Vstupní bod nebyl nalezen.*

Re: Chybovka (start XP): c.exe - Vstupní bod nebyl nalezen.*

Kdo je online